New update Lead4Pass NSE8_810 Dumps with PDF and VCE| Fortinet Network Security Expert 8 Written Exam (810) Exam

August 13, 2021

New updated Lead4Pass NSE8_810 Dumps with PDF file and VCE practice exam engine to help pass the Fortinet Network Security Expert 8 Written Exam (810) Exam successfully!

Lead4Pass NSE8_810 exam dumps contain 60 exam questions and answers, covering complete Fortinet Network Security Expert 8 Written Exam (810) certification exam questions, and verified to be true and valid, check here to get the latest Lead4Pass NSE8_810 dumps: https://www.leads4pass.com/nse8_810.html (PDF+VCE).

Check out the NSE8_810 PDF exam questions and answers shared for free: https://drive.google.com/file/d/1V_tktpbNY-99RISQ_EOXWRU5PMy_8YWZ/

Also, read the latest 15 Lead4Pass NSE8_810 exam questions and answers online:

Question 1:

You have a customer with a SCADA environmental control devices that is trigged a false- positive OPS alert whenever the device\’s Web GUI is accessed. You cannot seem to create a functional custom IPS filter expert this behavior, and it appears that the device is so old that it does HTTPS support. You need to prevent the false posited IPS alert occurring.

In this scenario, which two actions would accomplish this task? (Choose two.)

A. Create a very granular firewall for that device\’s IP address which does not perform IPS scanning.

B. Reconfigure the FortiGate to operate in proxy-based inspection mode instead of flow- based.

C. Create a URL filter with the exempt action for that device\’s IP address.

D. Change the relevant firewall policies to use SSL certificate-inspection instead of SSL deep-inspection.

 

Correct Answer: AD

Question 2:

You must create a high Availability deployment with two FortiWebs in Amazon Services (AWS): each on different Availability Zones(AZ) from the same region. At the same time, each FortiWeb should be able to deliver content from the Web

server of both of the AZs.

Which deployment would will this requirement?

A. Configure the FortiWebs Active-Active Ha mode and use AWS Router 53 load Router balance the internal Web servers.

B. Configure the FortiWebs in Active-Active HA mode and use AWS Elastic load Balancer (ELB) for the internal Web servers.

C. Use AWS Router 53 to load balance FortiWebs in standone mode and use AWS Virtual private Cloud (VPC) peering to load balance the internal Web servers.

D. Use AWS Elastic load Balancer (ELB) for both FortiWebs in standdone mode and the internal Web servers in an ELB sandwich.

 

Correct Answer: B

Question 3:

 

new NSE8_810 dumps questions 3

Click the Exhibit button.

A FortiGate with the default configuration is deployed between two IP phones. FortiGate receives the INVITE request shown in the exhibit form Phone A (internal)to Phone B (external). Which two actions are taken by the FortiGate after the packet is received? (Choose two.)

A. A pinhole will be opened to accept traffic sent to FortiGate\’s WAN IP address and ports 49169 and 49170.

B. a pinhole will be opened to accept traffic sent to FortiGate\’s WAN IP address and ports 49l70 and 49171.

C. The phone A IP address will be translated lo the WAN IP address in all INVITE header fields and the m: field of the SDP statement.

D. The phone A IP address will be translated for the WAN IP address in all INVITE header fields and the SDP statement remains intact.

 

Correct Answer: BD

Question 4:

 

Click the Exhibit button.

new NSE8_810 dumps questions 4

You configured an IPsec tunnel to a branch office. Now you want to make sure that the encryption of the tunnel is offloaded to hardware. Referring to the exhibit, which statement is true?

A. Incoming and outgoing traffic is offloaded

B. Outgoing traffic is offloaded, you cannot determine if incoming traffic is offloaded at this time.

C. Traffic is not offloaded.

D. Outgoing traffic is offloaded: incoming traffic not offloaded.

 

Correct Answer: D

Question 5:

 

Click the Exhibit button.

new NSE8_810 dumps questions 5

Your company has two data centers (DC) connected using a Layer 3 network. Servers in farm A need to connect to servers in farm B as though they all were in the same Layer 2 segment. What would be configured on the FortiGates on each DC to allow such connectivity?

A. Create an IPsec tunnel with transport mode encapsulation.

B. Create an IPsec tunnel with Mode encapsulation.

C. Create an IPsec tunnel with VXLAN encapsulation.

D. Create an IPsec tunnel with VLAN encapsulation.

 

Correct Answer: C

Question 6:

 

Click the Exhibit button.

Referring to the exhibit, what will happen if FortiSandbox categorizes an e-mail attachment submitted by FortiMail as a high risk?

new NSE8_810 dumps questions 6

A. The high-risk file will be discarded by attachment analysis.

B. The high-risk tile will go to the system quarantine.

C. The high-risk file will be received by the recipient.

D. The high-risk file will be discarded by malware/virus outbreak protection.

 

Correct Answer: B

Question 7:

 

Click the Exhibit button.

new NSE8_810 dumps questions 7

Referring to the exhibit, which two statements are true about local authentication? (Choose two.)

A. The user will be blocked 15 seconds after five login failures.

B. When a ClientHello message indicating a renegotiation is received, the FortiGate will allow the TCP connection.

C. The user\’s IP address will be blocked 15 seconds after five login failures.

D. After five minutes, the user will need to re-authenticate.

 

Correct Answer: CD

Question 8:

 

Click the Exhibit button.

You have installed a FortiSandbox and configured it in your FortiMail. Referring to the exhibit, which two statements are correct? (Choose two.)

new NSE8_810 dumps questions 8

A. FortiMail will cache the results for 30 minutes.

B. FortiMail will wait for 30 minutes to obtain the scan results.

C. If the FortiSandbox with IP 10.10 10 3 is not available, the e-mail will be checked by the FortiCloud Sandbox.

D. If FortiMail is not able to obtain the results from the fortiGuard quenes. URls will not be checked by the FortiSandbox.

 

Correct Answer: BD

Question 9:

 

Exhibit You created a custom health check for your FortiWeb deployment.

new NSE8_810 dumps questions 9

Referring to the output shown in the exhibit, which statement is true?

A. The FortiWeb must receive an RST packet from the server.

B. The FortiWeb must receive an HTTP 200 response code from the server.

C. The FortiWeb must receive an ICMP Echo Request from the server.

D. The FortiWeb must match the hash value of the page index html.

 

Correct Answer: B

Question 10:

 

A customer wants to enable SYN Rood mitigation in a FortiDDoS device. The FortiDDoS must reply with one SYN/ACK packet per SYN packet ftom a new source IP address. Which SYN packet from a new source IP address.

Which SYN flood mitigation mode must the customer use?

A. SYN cookie

B. SYN/ACK cookie

C. ACK cookie

D. SYN retransmission

 

Correct Answer: A

Question 11:

 

A FortOS devices is used for termination of VPNs for number of remote spoke VPN units (designated group A spokes) using a phase 1 main mode dial-up tunnel using pre-shared.

Your company recently acquired another organization. You are asked establish VPN correctively for the newly acquired organization\’s sites which new devices will be provisioned (designated Group B spokes). Both exiting (Group A) and new

(Group B) spoke units are dynamically addressed. You are asked to ensure that spokes from the acquired organization (Group B) have different access permission than your existing VPN spokes (Group A).

Which two solutions meet the represents for the new spoke group? (Choose two.)

A. implements a new phase 1 dial-up mode tunnel with preshared keys and XAuth. Use identity to filter traffic.

B. Implement a new phase 1 dial-up main mode tunnel with a different pre-shared key than the Group A spokes. Use standard policies to filter for the new dial-up tunnel

C. Implement a new phase 1 dial-up main mode tunnel with certificate authentication. Use standard policies to filter for the dial-up tunnel.

D. Implement separate phase 1 dial-up aggressive mode tunnels with a distinct peer ID. Use standard policies to filter traffic for the new dial-up tunnel.

 

Correct Answer: AB

 

Question 12:

 

You configure an outgoing firewall policy with a web filter for accessing the internet. The access to URL https// itacm.co and web belonging to the same category should be blocked. You notice that the Web server presents a certificate with CN=www acme.com. The www.it.acme site is as \’\’ information Technology and the www.acme.com site is categorized as \’\’Business”.

Which statements is correct in this scenario?

A. Category “information Technology” needs to blocked, the FortiGate is able to inspection the URL with HTTPS sessions.

B. Category “Business” need a to be block: the certificate name takes precedence over the SNI.

C. SSL inspection must be configured to deep-inspection: the category “information Technology “needs to be blocked.

D. Category :information Technology” needs to be blocked, the SNI takes precedence over the certificate name.

 

Correct Answer: C

Question 13:

 

Click the Exhibit button.

new NSE8_810 dumps questions 13

Referring to the exhibit, a FortiADC is load balancing IPv4 traffic between two next-hop routers. The FortiADC does not know the IP addresses of the servers. Also, the FortiADC is doing Layer 7 content inspection and modification. In this scenario, which application delivery control is configured in the FortiADC?

A. Layer 2

B. Layer 3

C. Laye.4

D. Layer 7

 

Correct Answer: C

Question 14:

 

Exhibit Click the Exhibit button. The exhibit shows the steps for creating a URL rewrite policy on a FortiWeb. Which statement represents the purpose of this policy?

new NSE8_810 dumps questions 14

A. The policy redirects all HTTP URLs to HTTPS.

B. The policy redirects all HTTPS URLs to HTTP.

C. The policy redirects only HTTPS URLs containing the ^/ (. *) S string to HTTP.

D. The pokey redirects only HTTP URLs containing the^/ ( .*)S string to HTTPS.

 

Correct Answer: A

Question 15:

 

You are asked to add a FortiDDoS to the network to combat detected slow connection attacks such as Slowloris. Which prevention mode on FortiDDoS will protect you against this specific type of attack?

A. aggressive aging mode

B. rate limiting mode

C. blocking mode

D. asymmetric mode

 

Correct Answer: A

Latest Complete 35 NSE8_810 Certification Exam Questions With Answers Get Lead4Pass NSE8_810 Exam Dumps: https://www.leads4pass.com/nse8_810.html (PDF+VCE)