Lead4Pass is giving candidates the 12 latest NSE8 dumps exam questions for free

September 27, 2022

The latest updated 12-question Fortinet NSE8 Dumps exam questions are shared for free from the Lead4Pass IT Certification website.

The Lead4Pass NSE8 dumps contain 65 exam questions and answers, candidates can download the complete exam questions and answers by clicking on the link: https://www.leads4pass.com/nse8.html, then use the NSE8 dumps with PDF study documents and the VCE exam engine helps you study with ease.

The previously updated NSE8 PDF study file exam questions can be downloaded for information:


The latest updated Fortinet NSE8 dumps exam questions and answers are read online

Number of exam questionsExam nameFromRelease time
12Fortinet Network Security Expert 8 Written (800)Lead4PassSep 27, 2022
Question 1:

The dashboard widget indicates that FortiGuard Web Filtering is not reachable. However, AntiVirus, IPS, and Application Control have no problems as shown in the exhibit.

NSE8 dumps exam q1

You contacted Fortinet\’s customer service and discovered that your FortiGuard Web Filtering contract is still valid for several months. What are two reasons for this problem? (Choose two.)

A. You have another security device in front of FortiGate blocking ports 8888 and 53.

B. FortiGuard Web Filtering is not enabled in any firewall policy.

C. You did not enable Web Filtering cache under Web Filtering and E-mail Filtering Options.

D. You have a firewall policy blocking ports 8888 and 53.


Correct Answer: BD

If Web filtering shows unreachable then we have to verify, whether web filtering is enabled in security policies or not. Web filtering is enabled in a policy but ports 8888 and 53 are not selected, which means the policy blocks the ports.

Reference: http://cookbook.fortinet.com/troubleshooting-web-filtering/

Question 2:

Which command syntax would you use to configure the serial number of a FortiGate as its hostname?

NSE8 dumps exam q2

A. B. C. D.


Correct Answer: C

Question 3:

An administrator wants to assign static IP addresses to users connecting tunnel-mode SSL VPN. Each SSL VPN user must always get the same unique IP address which is never assigned to any other user. Which solution accomplishes this task?

A. TACACS authentication with an attribute-value (AV) pair containing each user\’s IP address.

B. RADIUS authentication with each user\’s IP address stored in a Vendor Specific Attribute (VSA).

C. LDAP authentication with an LDAP attribute containing each user\’s IP address.

D. FSSO authentication with an LDAP attribute containing each user\’s IP address.


Correct Answer: D

Question 4:

You verified that application control is working from previously configured categories. You just added Skype on blocked signatures. However, after applying the profile to your firewall policy, clients running Skype can still connect and use the


What are the two causes of this problem? (Choose two.)

A. The application control database is not updated.

B. SSL inspection is not enabled.

C. A client on the network was already connected to the Skype network and serves as relay prior to configuration changes to block Skype

D. The FakeSkype.botnet signature is included on your application control sensor.


Correct Answer: AB

Question 5:

You are investigating a problem related to FTP active mode. You use a test PC with IP address to connect to the FTP server at and transfer a large file. The FortiGate translates the source address (SNAT) in network to the IP address Which two groups of CLI command allow you to see information related to this FTP connection (Choose two.)

NSE8 dumps exam q5

A. B. C. D.


Correct Answer: A

FTP active on port 21 and passive uses port 20

Question 6:

NSE8 dumps exam q6

A customer just bought an additional FortiGate device and plans to use their existing load balancer to distribute traffic across two FortiGate units participating in a BGP network serving different neighbors. The customer has mixed traffic of

IPv4 and IPv6 TCP, UDP, and ICMP. The two FortiGate devices shown in the exhibit should be redundant to each other so that the NAT session and active session tables will synchronize and failover to the unit that is still operating without

any loss of data if one of the units fails.

Which high availability solution would you implement?

A. FortiGate Cluster Protocol (FGCP)

B. Fortinet redundant UTM protocol (FRUP)

C. FortiGate Session Life Support Protocol (FGSP)

D. Virtual Router Redundancy Protocol (VRRP)


Correct Answer: A

References: http://docs.fortinet.com/uploaded/files/1074/fortigate-ha-40-mr2.pdf

Question 7:

Your marketing department uncompressed and executed a file that the whole department received using Skype.

NSE8 dumps exam q7

Reviewing the exhibit, which two details do you determine from your initial analysis of the payload?

A. The payload contains strings that the malware is monitoring to harvest credentials.

B. This is a type of Trojan that will download and pirate movies using your Netflix credentials.

C. This type of threat of a DDoS attack uses instant messaging to send e-mails to further spread the infection.

D. This threat payload is uploading private user videos which are then used to extort Bitcoin payments.


Correct Answer: B

Question 8:

A FortiGate is deployed in the NAT/Route operation mode. This operation mode operates at which OSI layer?

A. Layer 4

B. Layer 1

C. Layer 3

D. Layer 2


Correct Answer: C

Question 9:

A company has just installed a new FortiGate in their core to route and inspect traffic between their subnetted VLANs. The security department reports that after the installation, their IP video cameras no longer work. Research by the IT

department shows that the video system uses a multicast stream to send the video to multiple video receivers.

Which two commands must be configured to resolve this problem? (Choose two.)

NSE8 dumps exam q9

A. B. C. D.


Correct Answer: BD


Question 10:

NSE8 dumps exam q10

Referring to the diagram shown in the exhibit, you deployed VRRP load balancing using two FortiGate units and two VRRP groups with a VRRP virtual MAC address enabled on both FortiGate\’s port2 interface. During normal operation, both

FortiGate units are processing traffic and the VRRP groups are used to load balance the traffic between the two FortiGate units.

If FortiGate unit A fails, what would happen?

A. The FortiGate Unit B port2 interface sends gratuitous ARPs to associate the VRRP virtual router IP address with its own MAC address, and all traffic fails over to it.

B. The FortiGate Unit B port2 interface will use virtual MAC addresses of 00-00-5e-00-01-05 and 00-00-5e-00-01-0a, and all traffic fails over to it.

C. The FortiGate Unit B port2 interface will use virtual MAC addresses of 00-a0-5e-00-01-05 and 00-a0-5e-00-01-0a, and all traffic fails over to it.

D. The FortiGate Unit B port2 interface will use the physical MAC addresses of the FortiGate Unit A port2 interface, and all traffic fails over to it.


Correct Answer: B

If primary fails secondary device uses virtual mac address to forward traffic

Question 11:

The SECOPS team in your company has started a new project to store all logging data in a disaster recovery center. All FortiGates will log to a secondary FortiAnalyzer and establish a TCP session to send logs to the syslog server. Which two configurations will achieve this goal? (Choose two.)

NSE8 dumps exam q11

A. B. C. D.


Correct Answer: AC


Question 12:

NSE8 dumps exam q12

You have implemented FortiGate in a transparent mode as shown in the exhibit. User1 from the Internet is trying to access the Web servers. Which two statements about this scenario are true? (Choose two.)

A. User1 would be able to access the Web server intermittently.

B. User1 would not be able to access any of the Web servers at all.

C. FortiGate learns Web server’s MAC addresses when the Web servers transmit packets.

D. FortiGate always floods packets to both Web servers at the same time.


Correct Answer: AC

Both servers have the same IP address, so there will be intermittent server connectivity from outside and whichever web server forwards packets FortiGate learns its mac address.


The Fortinet NSE8 certification exam is one of the Fortinet NSE exams and is very popular. Candidates can study some of the exam content through the NSE8 free exam questions provided by Lead4Pass.

For candidates to 100% pass the NSE8 Fortinet Network Security Expert 8 Written (800) certification exam, you are welcome to practice the 65 Lead4Pass NSE8 Dumps exam questions: https://www.leads4pass.com/nse8.html to help you succeed easily.