Fortinet NSE 8 Written Exam (NSE8_811) - NSE8_811 Exam Practice Test
A customer has a SCADA environmental control device that is triggering a false-positive IPS alert whenever the Web GUI of the device is accessed. You cannot create a functional custom IPS filter to exempt this behavior, and it appears that the device is so old that it does not have HTTPS support. You need to prevent the false positive IPS alerts from occurring.
In this scenario, which two actions will accomplish this task? (Choose two.)
In this scenario, which two actions will accomplish this task? (Choose two.)
Correct Answer: A,D
Vote an answer
Exhibit
The exhibit shows a topology where a FortiGate is two VDOMS, root and vd-vlasn. The root VDCM provides SSL-VPN access, where the users authenticated by a FortiAuthenticatator. The vd-lan VDOM provids internal access to a Web server. For the remote users to access the internal web server, there are a few requirements, which are shown below.
--At traffic must come from the SSI-VPN
--The vd-lan VDOM only allows authenticated traffic to the Web server.
-- Users must only authenticate once, using the SSL-VPN portal.
-- SSL-VPN uses RADIUS-based authentication.
referring to the exhibit, and the requirement describe above, which two statements are true?
(Choose two.)
The exhibit shows a topology where a FortiGate is two VDOMS, root and vd-vlasn. The root VDCM provides SSL-VPN access, where the users authenticated by a FortiAuthenticatator. The vd-lan VDOM provids internal access to a Web server. For the remote users to access the internal web server, there are a few requirements, which are shown below.
--At traffic must come from the SSI-VPN
--The vd-lan VDOM only allows authenticated traffic to the Web server.
-- Users must only authenticate once, using the SSL-VPN portal.
-- SSL-VPN uses RADIUS-based authentication.
referring to the exhibit, and the requirement describe above, which two statements are true?
(Choose two.)
Correct Answer: B,D
Vote an answer
Your client wants to use a central RADIUS server for management authentication when connecting to the FortiGate GUL and provide different levels of access for different types of employees.
Which three actions required providing the requested functionality? (Choose three.)
Which three actions required providing the requested functionality? (Choose three.)
Correct Answer: B,D,E
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
A FortiGate with the default configuration shown below is deployed between two IP telephones. FortiGate receives the INVITE request shown in the exhibit from Phone A (internal) to Phone B (external).
NVITE sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 10.31.101.20:5060
From: PhoneA <sip:[email protected]>
To: PhoneB <sip:[email protected]>
Call-ID: [email protected]
CSeq: 1 INVITE
Contact: sip:[email protected]
v=0
o=PhoneA 5462346 332134 IN IP4 10.31.101.20
c=IN IP4 10.31.101.20
m=audio 49170 RTP 0 3
Which two statements are correct after the FortiGate receives the packet? (Choose two.)
NVITE sip:[email protected] SIP/2.0
Via: SIP/2.0/UDP 10.31.101.20:5060
From: PhoneA <sip:[email protected]>
To: PhoneB <sip:[email protected]>
Call-ID: [email protected]
CSeq: 1 INVITE
Contact: sip:[email protected]
v=0
o=PhoneA 5462346 332134 IN IP4 10.31.101.20
c=IN IP4 10.31.101.20
m=audio 49170 RTP 0 3
Which two statements are correct after the FortiGate receives the packet? (Choose two.)
Correct Answer: C,D
Vote an answer
You have deployed a FortiGate In NAT/Route mode as a secure as a web gateway with a few P-base authentication firewall policies. Your customer reports that some users now have different browsing permission =s from what is expected. All these users are browsing using internet Explorer through Desktop Connection to a Terminal Server. When you took at the Fortigate logs the username for the Terminal Server IP is not consistent.
Which action will correct this problem?
Which action will correct this problem?
Correct Answer: C
Vote an answer
Click the Exhibit button.
config system ha
set mode a-a
set group-id 1
set group-name main
set hb_dev port2 100
set session-pickup enable
end
You have configured an HA cluster with two FortiGates. You want to make sure that you are able to manage the individual cluster members directly using port3.
Referring to the exhibit, what are two ways to accomplish this task? (Choose two.)
config system ha
set mode a-a
set group-id 1
set group-name main
set hb_dev port2 100
set session-pickup enable
end
You have configured an HA cluster with two FortiGates. You want to make sure that you are able to manage the individual cluster members directly using port3.
Referring to the exhibit, what are two ways to accomplish this task? (Choose two.)
Correct Answer: B,C
Vote an answer
Refer to the exhibit.
You log into FortiManager, access the Device Manager window and notice that one of the managed devices is not in normal status.
Referring to the exhibit, which two statements correctly describe the status and result of the affected device? (Choose two.)
You log into FortiManager, access the Device Manager window and notice that one of the managed devices is not in normal status.
Referring to the exhibit, which two statements correctly describe the status and result of the affected device? (Choose two.)
Correct Answer: B,C
Vote an answer