NSE8_811試験無料問題集（65題）「Fortinet NSE 8 Written Exam (NSE8

出題：1

Click to the Exhibit button.
You need to apply the security features below to the network shown in the exhibit.
-high grade DDoS protection
-Web security and load balancing for Server1 and Server2
-Solution must be PCI DSS compliant
-Enhanced security to DNS 1 and DNS 2

What are three solutions for this scenario? (Choose three.)

A. FortiDDoS between FG1 and FG2 and VDOMs

B. FortiADC for VDOM-A

C. FortiDDoS between FG1 and FG2 and the Internet

D. FortiADC for VDOM-B

E. FortiWeb for VDOM-A

正解：C,D,E 解答を投票する

出題：2

FortiMail configured with the protected domain "internal lab".
Which two envelopes addresses will need an access control rule to relay e-mail sent for unauthenticated users? (Choose two.)

A. MAIL FROM: traming@fortinet com: RCPT TO: student@fortinet com

B. MAIL FROM student@fortinet com: RCPT TO [email protected]

C. MAIL FROM student@internal lab: RCPT TO [email protected]

D. MAIL FROM: trainmg@internallab; RCPT TO student@mternallab

正解：A,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Click the exhibit button.
A FortiGate device is configured to authenticate SSL VPN users using digital certificates. Part of the FortiGate configuration is shown in the exhibit.
Which two statements are true in this scenario? (Choose two.)

A. The authentication will fail if the user certificate does not contain the CA_Cert string in the Failed.

B. The authentication will fail if the certificate does not contain user principle name (UPN) information.

C. OCSP is used to verify that the user-signed certificate has not expired.

D. The authentication will fail if the OCSP server is down.

正解：B,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Exhibit
Click the Exhibit button.
The exhibit shows the configuration of a service protection profile (SPP) in a FortiDDoS device.
Which two statements are true about the traffic matching being inspected by this SPP? (Choose two.)

A. FortiDDos will not send a SYNACK if a SYN packet is coming from an IP address that is not the legtimate IP (LIP) address table.

B. FortiDooS will start dropping packets as soon as the traffic executed the configured maintain threshold.

C. Traffic that does match any spp policy will not be inspection by this spp.

D. SYN packets with payloads will be drooped.

正解：C,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

A company has just deployed a new FortiMail in gateway mode. The administrator is asked to strengthen e-mail protection by applying the policies shown below.
- E-mails can only be accepted if a valid e-mail account exists.
- Only authenticated users can send e-mails out
Which two actions will satisfy the requirements? (Choose two. )

A. Configure access control rules.

B. Configure inbound recipient policies.

C. Configure outbound recipient policies.

D. Configure recipient address verification.

正解：A,D 解答を投票する

出題：6

Click the Exhibit button.
You configured AV and Web filtering for your outgoing Internet connections. You later noticed that not all Web sessions are being inspected and you start troubleshooting the problem.
Referring to the exhibit, what would cause this problem?

A. These are problem with the connection to the Web filter servers, therefore the Web session cannot be categorized.

B. The Web session is using QUIC which a not inspected by the FortiGate

C. Web filtering is not licensed, therefore no inspection occurs.

D. The SSL inspection options are not set to inspection

正解：B 解答を投票する

NSE8_811試験無料問題集「Fortinet NSE 8 Written Exam (NSE8_811) 認定」