Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

NSE8_811 Questions and Answers

Note! Following NSE8_811 Exam is Retired now. Please select the alternative replacement for your Exam Certification. The new exam code is NSE8_812

NSE8_811 Questions and Answers

Question # 6

A customer wants to enable SYN Rood mitigation in a FortiDDoS device. The FortiDDoS must reply with one SYN/ACK packet per SYN packet ftom a new source IP address. Which SYN packet from a new source IP address.

Which SYN flood mitigation mode must the customer use?

A.

SYN cookie

B.

SYN/ACK cookie

C.

ACK cookie

D.

SYN retransmission

Full Access
Question # 7

You configured a firewall policy with only a Web filter profile for accessing the Internet. Access to websites belonging to the "Information Technology" category are blocked and to the "Business" category are allowed. SSL deep inspection is not enabled on this policy.

A user wants to access the website https://www.it-acme.com which presents a certificate with CN=www.acme.com. The it-acme.com domain is categorized as "Information Technology" and the acme.com domain is categorized as "Business".

Which statement regarding this scenario is correct?

A.

The FortiGate is able to read the URL within HTTPS sessions when using SSL certificate inspection so the website will be blocked by the "Information Technology".

B.

The website will be blocked by category "Information Technology" as the SNI takes precedence over the certificate name.

C.

The website will be allowed by category "Business" as the certificate name takes precedence over the

URL.

D.

Only with SSL deep inspection enabled will the FortiGate be able to categorized this website.

Full Access
Question # 8

Click the Exhibit button.

A FortiGate with the default configuration is deployed between two IP phones. FortiGate receives the INVITE request shown in the exhibit form Phone A (internal)to Phone B (external). Which two actions are taken by the FortiGate after the packet is received? (Choose two.)

A.

A pinhole will be opened to accept traffic sent to FortiGate's WAN IP address and ports 49169 and 49170.

B.

a pinhole will be opened to accept traffic sent to FortiGate's WAN IP address and ports 49l70 and 49171.

C.

The phone A IP address will be translated lo the WAN IP address in all INVITE header fields and the m: field of the SDP statement.

D.

The phone A IP address will be translated for the WAN IP address in all INVITE header fields and the SDP statement remains intact.

Full Access
Question # 9

Refer to the exhibit.

The exhibit shows a full-mesh topology between FortiGate and FortiSwitch devices. To deploy this configuration, two requirements must be met:

• 20 Gbps full duplex connectivity is available between each FortiGate and the FortiSwitch devices

• The FortiGate HA must be in AP mode

Referring to the exhibit, what are two actions that will fulfill the requirements? (Choose two.)

A.

Configure the master FortiGate with one LAG and FortiLink split interface disabled on ports connected to cables A and C and make sure the same ports are used for cables B and D on the slave.

B.

Configure the master FortiGate with one LAG and FortiLink split interface enabled on ports connected to cables A and C and make sure the same ports are used for cables B and D on the slave.

C.

Configure both FortiSwitch devices as peers with ICL over cable E, create one MCLAG on ports connected to cables A and C, and create another MCLAG on ports connected to cables B and D.

D.

Configure both FortiSwitch devices as peers with ISL over cable E, create one MCLAG on ports connected to cables A and C, and create another MCLAG on ports connected to cables B and D.

Full Access