CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE8_812

Free NSE8_812 Exam Braindumps (page: 4)

Page 4 of 16
PDF with 68 Questions

Refer to the CLI output:



Given the information shown in the output, which two statements are correct? (Choose two.)

  1. Geographical IP policies are enabled and evaluated after local techniques.
  2. Attackers can be blocked before they target the servers behind the FortiWeb.
  3. The IP Reputation feature has been manually updated
  4. An IP address that was previously used by an attacker will always be blocked
  5. Reputation from blacklisted IP addresses from DHCP or PPPoE pools can be restored

Answer(s): B,E

Explanation:

The CLI output shown in the exhibit indicates that FortiWeb has enabled IP Reputation feature with local techniques enabled and geographical IP policies enabled after local techniques (set geoip- policy-order after-local). IP Reputation feature is a feature that allows FortiWeb to block or allow traffic based on the reputation score of IP addresses, which reflects their past malicious activities or behaviors. Local techniques are methods that FortiWeb uses to dynamically update its own blacklist based on its own detection of attacks or violations from IP addresses (such as signature matches, rate limiting, etc.). Geographical IP policies are rules that FortiWeb uses to block or allow traffic based on the geographical location of IP addresses (such as country, region, city, etc.). Therefore, based on the output, one correct statement is that attackers can be blocked before they target the servers behind the FortiWeb. This is because FortiWeb can use IP Reputation feature to block traffic from IP addresses that have a low reputation score or belong to a blacklisted location, which prevents them from reaching the servers and launching attacks. Another correct statement is that reputation from blacklisted IP addresses from DHCP or PPPoE pools can be restored. This is because FortiWeb can use local techniques to remove IP addresses from its own blacklist if they stop sending malicious traffic for a certain period of time (set local-techniques-expire-time), which allows them to regain their reputation and access the servers. This is useful for IP addresses that are dynamically assigned by DHCP or PPPoE and may change frequently.


Reference:

https://docs.fortinet.com/document/fortiweb/6.4.0/administration-guide/19662/ip-reputation https://docs.fortinet.com/document/fortiweb/6.4.0/administration-guide/19662/geographical-ip- policies



Refer to the exhibit.



You are deploying a FortiGate 6000F. The device should be directly connected to a switch. In the future, a new hardware module providing higher speed will be installed in the switch, and the connection to the FortiGate must be moved to this higher-speed port. You must ensure that the initial FortiGate interface connected to the switch does not affect any other port when the new module is installed and the new port speed is defined.
How should the initial connection be made?

  1. Connect the switch on any interface between ports 21 to 24
  2. Connect the switch on any interface between ports 25 to 28
  3. Connect the switch on any interface between ports 1 to 4
  4. Connect the switch on any interface between ports 5 to 8.

Answer(s): C

Explanation:

The FortiGate 6000F has 24 1/10/25-Gbps SFP28 data network interfaces (1 to 24). These interfaces are divided into the following interface groups: 1 to 4, 5 to 8, 9 to 12, 13 to 16, 17 to 20, and 21 to 24. The ports 25 to 28 are 40/100-Gbps QSFP28 data network interfaces. The initial connection should be made to any interface between ports 1 to 4. This is because the ports 21 to 24 are part of the same interface group, and changing the speed of one of these ports will affect the speeds of all of the ports in the group. The ports 5 to 8 are also part of the same interface group, so they should not be used for the initial connection. The new hardware module that will be installed in the switch will provide higher speed ports.
When this module is installed, the speed of the ports 21 to 24 will be increased. However, this will not affect the ports 1 to 4, because they are not part of the same interface group. Therefore, the initial connection should be made to any interface between ports 1 to 4, in order to ensure that the FortiGate interface connected to the switch does not affect any other port when the new module is installed and the new port speed is defined.


Reference:

FortiGate 6000F Front Panel Interfaces: https://docs.fortinet.com/document/fortigate- 6000/hardware/fortigate-6000f-system-guide/827055/front-panel-interfaces



Which feature must you enable on the BGP neighbors to accomplish this goal?

  1. Graceful-restart
  2. Deterministic-med
  3. Synchronization
  4. Soft-reconfiguration

Answer(s): A

Explanation:

Graceful-restart is a feature that allows BGP neighbors to maintain their routing information during a BGP restart or failover event, without disrupting traffic forwarding or causing route flaps. Graceful- restart works by allowing a BGP speaker (the restarting router) to notify its neighbors (the helper routers) that it is about to restart or failover, and request them to preserve their routing information and forwarding state for a certain period of time (the restart time). The helper routers then mark the routes learned from the restarting router as stale, but keep them in their routing table and continue forwarding traffic based on them until they receive an end-of-RIB marker from the restarting router or until the restart time expires. This way, graceful-restart can minimize traffic disruption and routing instability during a BGP restart or failover event.


Reference:

https://docs.fortinet.com/document/fortigate/7.0.0/cookbook/19662/bgp-graceful-restart



Refer to the exhibit, which shows a Branch1 configuration and routing table.

In the SD-WAN implicit rule, you do not want the traffic load balance for the overlay interface when all members are available.
In this scenario, which configuration change will meet this requirement?

  1. Change the load-balance-mode to source-ip-based.
  2. Create a new static route with the internet sdwan-zone only
  3. Configure the cost in each overlay member to 10.
  4. Configure the priority in each overlay member to 10.

Answer(s): D

Explanation:

The default load balancing mode for the SD-WAN implicit rule is source IP based. This means that traffic will be load balanced evenly between the overlay members, regardless of the member's priority.
To prevent traffic from being load balanced, you can configure the priority of each overlay member to 10. This will make the member ineligible for load balancing. The other options are not correct. Changing the load balancing mode to source-IP based will still result in traffic being load balanced. Creating a new static route with the internet sdwan-zone only will not affect the load balancing of the overlay interface. Configuring the cost in each overlay member to 10 will also not affect the load balancing, as the cost is only used when the implicit rule cannot find a match for the destination IP address.



Page 4 of 16



Post your Comments and Discuss Fortinet NSE8_812 exam with other Community members:

Wendy commented on December 03, 2024
I appreciate that these questions are teaching me things that I do not know about the PC industry!!!
Anonymous
upvote

CarM commented on December 03, 2024
Is this test for Email Specialist Exam?
SPAIN
upvote

Babula Kumar Sahu commented on December 03, 2024
very helpful for exam
UNITED STATES
upvote

Asma commented on December 03, 2024
I share the same opinion! - The questions and answers are good in this portal, kindly please add comments as well for answers, so that it will be very hepful.
Anonymous
upvote

Tenmo commented on December 03, 2024
It is with great pleasure to announce that I passed my certification examination today. Congrats to me for being me! And thanks to this site for posting the questions.
INDIA
upvote

Evan Couture commented on December 03, 2024
These questions are exactly what you will see on exam day, but they are good study. The exam may have questions covering similar objectives, but you will still need to study the material and perform hands on labs to be fully prepared. I used certmaster learn, infosec labs, pentest+ for dummies, pluralsight, wordwall user(markutree has some useful matching exercises), quizlet, and of course this resource. Hope this helps.
Anonymous
upvote

Ajay Kumar Yadav commented on December 03, 2024
Great insight.
INDIA
upvote

Ajay Kumar Yadav commented on December 03, 2024
informative
INDIA
upvote

Ajay Kumar Yadav commented on December 03, 2024
Very informative
INDIA
upvote

Bini commented on December 02, 2024
I would like to see more questions related to CCSP
Anonymous
upvote

Bosco commented on December 02, 2024
I would like to try this Brain dumps
UGANDA
upvote

Aman commented on December 02, 2024
Very helpful
UNITED STATES
upvote

Director2 commented on December 02, 2024
is this still valid?
Anonymous
upvote

Meerwais commented on December 02, 2024
the best approach.
Anonymous
upvote

Chaw commented on December 02, 2024
I needed to do some note taking and marking some questions to go back and review but this online version does not have those features. So I bought the full version and used the PDF.
Singapore
upvote

gg commented on December 01, 2024
it seems ok the questions and answers look legit.
Anonymous
upvote

Priya commented on December 01, 2024
Help before exam good practice questions
INDIA
upvote

Priya commented on December 01, 2024
Very useful
INDIA
upvote

Sheffie commented on December 01, 2024
Helping me get used to the exam style
UNITED STATES
upvote

Sheffie commented on December 01, 2024
Helps me get used to the type of questions
UNITED STATES
upvote

African-Amazigh commented on December 01, 2024
is this Exam the real NCM-MCI 6.5 Exam ? is it valide ?
Anonymous
upvote

SPH commented on December 01, 2024
super helpful questions
UNITED STATES
upvote

Shean commented on November 30, 2024
Great deal of Friday deal of 50% off. Got my 3 exams and download the PDF files.
NETHERLANDS
upvote

Babu commented on November 30, 2024
I did this exam this past Friday. All went great. Passed with 94%.
India
upvote

Elimu commented on November 30, 2024
A good way to practice
Anonymous
upvote

Sobhash commented on November 30, 2024
To those who are going for this exam and wondering if any passed. I wrote this exam. The exam is extremely hard and tricky. Luckily I prepared well and bought the full version of this exam dump which included most of the exam questions. However some answers were incomplete. But overall a fantastic resource well worth the money.
UNITED STATES
upvote

Juan Alvarez commented on November 29, 2024
Good content
Anonymous
upvote

Chela commented on November 29, 2024
Great for Exam preparation! Did it in Nov and Passed the first attempt.
Anonymous
upvote

nahdus commented on November 29, 2024
all comments are original?
Anonymous
upvote

Sanjay Dinda commented on November 29, 2024
So far all good
UNITED KINGDOM
upvote

Naveen Ahlam commented on November 29, 2024
Great stuff
Anonymous
upvote

nancy commented on November 29, 2024
Very helpful
Anonymous
upvote

M commented on November 29, 2024
Is this still valid ?
SLOVAKIA (Slovak Republic)
upvote

Mira commented on November 29, 2024
Great tool and questions!
Anonymous
upvote