NSE8_811試験無料問題集（65題）「Fortinet NSE 8 Written Exam (NSE8

出題：1

A customer wants to enable SYN Rood mitigation in a FortiDDoS device. The FortiDDoS must reply with one SYN/ACK packet per SYN packet ftom a new source IP address. Which SYN packet from a new source IP address.
Which SYN flood mitigation mode must the customer use?

A. ACK cookie

B. SYN/ACK cookie

C. SYN cookie

D. SYN retransmission

正解：C 解答を投票する

出題：2

You are asked to implement a single FortiGate 5000 chassis using Session-aware Load Balance Cluster (SLBC) with Active - Passive FortinControllers. Both FortiControllers have the configuration shown below, with the rest of the configuration set to the default values:
config system ha
set mode dual
set password fortinetnse8
set group-id 5
set chassis-id 1
set minimize-chassis-failover enable
set hbdev "b1"
end
Both FortiControllers show Master status. What is the problem in this scenario?

A. The management interface of both FotiControllers was connected on the some network.

B. The priority should be set higher for ForControllers on slot-1.

C. The chassis ID settings on FotiControllers on slot 2 should be set to 2.

D. The b1 interface the two FortiConrollers do not see each other.

正解：D 解答を投票する

出題：3

An old router has been replaced by a FortiWAN device. The FortiWAN has inherited the router's management IP address and now the network administrator needs to remove the old router from the FortiSIEM configuration.
Which two statements are true about this operation? (Choose two.)

A. FotiSEIM needs a special syslog for FortiWAN.

B. FortiSIM will move the old router device into the Decommission folder.

C. The old router will be completely deleted from FortiSIEM's CMDB.

D. FortiSIEM will discover a new device for the FortiWAN with the same IP.

正解：B,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Click the Exhibit button.

Only users authenticated in FortiGate-B can reach the server. A customer wants to deploy a single sign-on solution for IPsec VPN users. Once a user is connected and authenticated to the VPN in FortiGate-A, the user does not need to authenticate again in FortiGate -B to reach the server.
Which two actions satisfy this requirement? (Choose two.)

A. Use Kerberos authentication.

B. FortiGate-A must generate a RADUIS accounting packets.

C. Use FortiAuthenticator.

D. Use the Collector Agent.

正解：B,C 解答を投票する

出題：5

Refer to the exhibit.

You are working on FortiGate 61E operating in flow-based inspection mode with various settings optimized for performance. The main Internet firewall policy is using the "default" antivirus profile. You found that some executable virus samples files downloaded over HTTP are not being blocked by the FortiGate.
Referring to the exhibit, how can this be fixed?

A. Change the set scan-mode configuration to full.

B. Change the set default-db configuration to extreme.

C. Add set content-disarm enable to the configuration.

D. Disable the emulator feature.

正解：A 解答を投票する

出題：6

Click the exhibit.
A VPN IPsec is connecting the headquarters office (HQ) with a branch office (BO) and OSPF is used to redistribute routes between the offices. After deployment, a server with IP address 10.10.10.35 located on the DMZ network of the BO FortiGate, was reported unreachable from hosts located on the LAN network of the same FortiGate.

Referring to the exhibit, which statement is true?

A. The incoming access list should have an accept action instead deny action to solve the problem.

B. Enabling NAT on the VPN firewall policy will solve the problem.

C. The ICMP packets are Being blocked by an implicit deny policy.

D. A directly connected subnet is being partially superseded by an OSPF redistributed subnet.

正解：D 解答を投票する

NSE8_811試験無料問題集「Fortinet NSE 8 Written Exam (NSE8_811) 認定」