NSE8_810 Online Practice Questions and Answers

You want to access the JSON API on FortiManager to retrieve information on an object.

In this scenario, which two methods will satisfy the requirement? (Choose two.)

A. Make a call with the Web browser on your workstation.

B. Make a call with the SoapUl API tool on your workstation.

C. Download the WSDL file from FortiManager administration GUI.

D. Make a call with the curl utility on your workstation

Exhibit

Click the Exhibit button.

You have deployed several perimeter FortiGates with internal segmentation FortiGates behind them. All FortiGate devices are logging to FortiAnalyzer. When you search the logs in FortiAnalyzer for denied traffic, you see numerous log messages, as shown in the exhibit, on your perimeter FortiGates only.

Which two actions would reduce the number of these log messages? (Choose two.)

A. Apply an application control profile lo the perimeter FortiGates that does not inspect DNS traffic to the outbound firewall policy.

B. Configure the internal ForbGates to communicate to ForpGuard using port 8888.

C. Disable DNS events logging horn ForirGate In the config log fortianalyser filter section.

D. Remove DNS signature*

Click the Exhibit button.

You log into FortiManager, look at the Device Manager window and notice that one of your managed devices is not in normal status.

Referring to the exhibit, which two statements correctly describe the affected device's status and result? (Choose two.)

A. The device configuration was changed on the local FoitiGate side only. auto-update is disabled.

B. The device configuration was changed on both the local FortiGate side and the FortiManager side, auto-update is disabled.

C. The changed configuration on the FortiGate wrt remain the next time that the device configuration is pushed from ForbManager.

D. The changed configuration on the FortiGate will be overwritten in favor of what is on the FortiMAnager the next time that the device configuration is pushed.

Click the Exhibit button.

You configured an IPsec tunnel to a branch office. Now you want to make sure that the encryption of the tunnel is offloaded to hardware. Referring to the exhibit, which statement is true?

A. Incoming and outgoing traffic is offloaded

B. Outgoing traffic is offloaded, you cannot determine if incoming traffic is offloaded at this time.

C. Traffic is not offloaded.

D. Outgoing traffic is offloaded: incoming traffic not offloaded.

You configure an outgoing firewall policy with a web filter for accessing the internet. The access to URL https// itacm.co and web belonging to the same category should be blocked. You notice that the Web server presents a certificate with CN=www acme.com. The www.it.acme site is as '' information Technology and the www.acme.com site is categorized as ''Business".

Which statements is correct in this scenario?

A. Category "information Technology" needs to blocked, the FortiGate is able to inspection the URL with HTTPS sessions.

B. Category "Business" need a to be block: the certificate name takes precedence over the SNI.

C. SSL inspection must be configured to deep-inspection: the category "information Technology "needs to be blocked.

D. Category :information Technology" needs to be blocked, the SNI takes precedence over the certificate name.

Exhibit Click the Exhibit button. The exhibit shows the steps for creating a URL rewrite policy on a FortiWeb. Which statement represents the purpose of this policy?

A. The policy redirects all HTTP URLs to HTTPS.

B. The policy redirects all HTTPS URLs to HTTP.

C. The policy redirects only HTTPS URLs containing the ^/ (. *) S string to HTTP.

D. The pokey redirects only HTTP URLs containing the^/ ( .*)S string to HTTPS.

Exhibit

Click the Exhibit button.

A FortiGate is configured for a dial-up IPsec VPN to allow multiple remote FortiGates to connect to it.

However, FortiGates A and B have problems connecting to the VPN. Only one of them can be connected at a time. If site B tries to connect white site A is connected, site A is disconnected. The IKE real time debug shows the output in the exhibit when site A is disconnected.

Which configuration setting should be executed in the dial-up configuration to allow both VPNs to be connected at the same time?

A. set enforce-unique-id disable

B. set add-router enable

C. set single-source disable

D. set router-overlap allow

Exhibit

When deploying a new FortiGate-VMX Security node, an administrator received the error message shown in the exhibit In this scenario, which statement is correct?

A. The vCenter was not able locate the FortiGate-VMX's OVF file.

B. The vCenter could not connect to the FortiGate Service Manager

C. The NSX Manager was not able to connect on the FortiGate Service Manager's RestAPI service.

D. The FortiGate Service Manager did not have the proper permission to register the FortiGate-VMX Service.

Exhibit

Click the Exhibit button.

You are working on an entry level model FortiGate that has been configured in flow-based inspection mode with various settings optimized for performance. It appears that the main Internet firewall policy is using the antivirus profile labelled default. Your customer has found that some virus samples are not being caught by the FortiGate.

Referring to the exhibit, what is causing the problem?

A. The set default-db configure was set to extreme.

B. The set options scan configuration items should have been changed to not option scan avmonitor.

C. The default AV profile was modified to use quick scan-mode.

D. The mobile-malware-db configuration was set to enable.

You want to manage a FortiCloud service. The FortiGate shows up in your list devices on the FortiCloud Web site, but all management functions are either missing or grayed out. Which statement a correct in this scenario?

A. The managed FcrtGate a running a version of ForflOS that is either too new or too for FortCloud.

B. The managed FortiGate requires that a FortiCloud management license be purchased and applied.

C. You must manually configure system control-management on the FortiGate CLI and set the management type to fortiguard.

D. The management tunnel mode on the managed FortiGate must be changed to normal.