Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE8_812

Fortinet NSE8_812 Exam
Fortinet NSE 8 Written (Page 4 )

Updated On: 12-Jan-2026
Page 4 of 28
PDF with 118 Questions

An HA topology is using the following configuration:



Based on this configuration, how long will it take for a failover to be detected by the secondary cluster member?

  1. 600ms
  2. 200ms
  3. 300ms
  4. 100ms

Answer(s): A

Explanation:

https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/489324/failover- protection



Refer to the exhibit.



You have deployed a security fabric with three FortiGate devices as shown in the exhibit. FGT_2 has the following configuration:



FGT_1 and FGT_3 are configured with the default setting.
Which statement is true for the synchronization of fabric-objects?

  1. Objects from the FortiGate FGT_2 will be synchronized to the upstream FortiGate.
  2. Objects from the root FortiGate will only be synchronized to FGT__2.
  3. Objects from the root FortiGate will not be synchronized to any downstream FortiGate.
  4. Objects from the root FortiGate will only be synchronized to FGT_3.

Answer(s): D

Explanation:

https://docs.fortinet.com/document/fortigate/6.4.0/new-features/520820/improvements-to- synchronizing-objects-across-the-security-fabric-6-4-4



Refer to the exhibit.



You are operating an internal network with multiple OSPF routers on the same LAN segment. FGT_3 needs to be added to the OSPF network and has the configuration shown in the exhibit. FGT_3 is not establishing any OSPF connection.
What needs to be changed to the configuration to make sure FGT_3 will establish OSPF neighbors without affecting the DR/BDR election?
A)



B)



C)



D)

  1. Option A
  2. Option B
  3. Option C
  4. Option D

Answer(s): B

Explanation:

The OSPF configuration shown in the exhibit is using the default priority value of 1 for the interface port1. This means that FGT_3 will participate in the DR/BDR election process with the other OSPF routers on the same LAN segment. However, this is not desirable because FGT_3 is a new device that needs to be added to the OSPF network without affecting the existing DR/BDR election. Therefore, to make sure FGT_3 will establish OSPF neighbors without affecting the DR/BDR election, the priority value of the interface port1 should be changed to 0. This will prevent FGT_3 from becoming a DR or BDR and allow it to form OSPF adjacencies with the current DR and BDR. Option B shows the correct configuration that changes the priority value to 0. Option A is incorrect because it does not change the priority value. Option C is incorrect because it changes the network type to point-to-point, which is not suitable for a LAN segment with multiple OSPF routers. Option D is incorrect because it changes the area ID to 0.0.0.1, which does not match the area ID of the other OSPF routers on the same LAN segment.


Reference:

https://docs.fortinet.com/document/fortigate/7.0.0/administration- guide/358640/basic-ospf-example



A retail customer with a FortiADC HA cluster load balancing five webservers in L7 Full NAT mode is receiving reports of users not able to access their website during a sale event. But for clients that were able to connect, the website works fine.
CPU usage on the FortiADC and the web servers is low, application and database servers are still able to handle more traffic, and the bandwidth utilization is under 30%.
Which two options can resolve this situation? (Choose two.)

  1. Change the persistence rule to LB_PERSIS_SSL_SESSJD.
  2. Add more web servers to the real server poof
  3. Disable SSL between the FortiADC and the web servers
  4. Add a connection-pool to the FortiADC virtual server

Answer(s): A,D



Viewing page 4 of 28
Viewing questions 13 - 16 out of 118 questions



Post your Comments and Discuss Fortinet NSE8_812 exam prep with other Community members:

Join the NSE8_812 Discussion