Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

NSE8_812Free trial

By fortinet

Verified

25Q per page

Question 1

Review the VPN configuration shown in the exhibit.

What is the Forward Error Correction behavior if the SD-WAN network traffic download is 500 Mbps and has 8% of packet loss in the environment?

A: 1 redundant packet for every 10 base packets
B: 3 redundant packet for every 5 base packets
C: 2 redundant packet for every 8 base packets
D: 3 redundant packet for every 9 base packets

—

Question 2

Refer to the exhibit.

You have deployed a security fabric with three FortiGate devices as shown in the exhibit.
FGT_2 has the following configuration:

FGT_1 and FGT_3 are configured with the default setting.
Which statement is true for the synchronization of fabric-objects?

A: Objects from the FortiGate FGT_2 will be synchronized to the upstream FortiGate
B: Objects from the root FortiGate will only be synchronized to FGT_2
C: Objects from the root FortiGate will not be synchronized to any downstream FortiGate
D: Objects from the root FortiGate will only be synchronized to FGT_3

—

Question 3

Refer to the exhibit.

You are operation an internal network with multiple OSPF routers on the same LAN segment. FGT_3 needs to be added to the OSPF network and has the configuration shown in the exhibit. FGT_3 is not establishing any OSPF connection.
What needs to be changed to the configuration to make sure FGT_3 will establish OSPF neighbors without affecting the DR/BDR election?

—

Question 4

A retail customer with a FortiADC HA cluster load balancing five webservers in L7 Full NAT mode is receiving reports of users not able to access their website during a sale event. But for clients that were able to connect, the website works fine.
CPU usage on the FortiADC and the web servers is low, application and database servers are still able to handle more traffic, and the bandwidth utilization is under 30%.
Which two options can resolve this situation? (Choose two.)

A: Change the persistence rule to LB_PERSIS_SSL_SESS_ID
B: Add more web servers to the real server pool
C: Disable SSL between the FortiADC and the web servers
D: Add a connection-pool to the FortiADC virtual server

—

Question 5

Refer to the CLI output:

Given the information shown in the output, which two statements are correct? (Choose two.)

A: Geographical IP policies are enabled and evaluated after local techniques
B: Attackers can be blocked before they target the servers behind the FortiWeb
C: The IP Reputation feature has been manually updated
D: An IP address that was previously used by an attacker will always be blocked
E: Reputation from blacklisted IP addresses from DHCP or PPPoE pools can be restored

—

Question 6

Refer to the exhibit.

$Image 1$

You are deploying a FortiGate 6000F. The device should be directly connected to a switch. In the future, a new hardware module providing higher speed will be installed in the switch, and the connection to the FortiGate must be moved to this higher-speed port.
You must ensure that the initial FortiGate interface connected to the switch does not affect any other port when the new module is installed and the new port speed is defined.
How should the initial connection be made?

A: Connect the switch on any interface between ports 21 to 24
B: Connect the switch on any interface between ports 25 to 28
C: Connect the switch on any interface between ports 1 to 4
D: Connect the switch on any interface between ports 5 to 8

—

Question 7

You are designing a setup where the FortiGate device is connected to two upstream ISPs using BGP. Part of the requirement is that you must be able to refresh the route advertisements manually without disconnecting the BGP neighborships.
Which feature must you enable on the BGP neighbors to accomplish this goal?

A: Graceful-restart
B: Deterministic-med
C: Synchronization
D: Soft-reconfiguration

—

Question 8

Refer to the exhibit, which shows a Branch1 configuration and routing table.

In the SD-WAN implicit rule, you do not want the traffic load balance for the overlay interface when all members are available.
In this scenario, which configuration change will meet this requirement?

A: Change the load-balance-mode to source-ip-based.
B: Create a new static route with the internet sdwan-zone only.
C: Configure the cost in each overlay member to 10.
D: Configure the priority in each overlay member to 10.

—

Question 9

Refer to the exhibits.

GUI Access -

Configuration -

Topology -

An administrator has configured a FortiGate and FortiAuthenticator for two-factor authentication with FortiToken push notifications for their SSL VPN login. Upon initial review of the setup, the administrator has discovered that the customers can manually type in their two-factor code and authenticate but push notifications.
Based on the information given in the exhibits, what must be done to fix this?

A: On FG-1 port1, the ftm access protocol must be enabled.
B: FAC-1 must have an internet routable IP address for push notifications.
C: On FG-1 CLI, the ftm-push server setting must point to 100.64.1.41.
D: On FAC-1, the FortiToken public IP setting must point to 100.64.1.41.

—

Question 10

Refer to the exhibit.

A customer has deployed a FortiGate 300E with virtual domains (VDOMs) enabled in the multi-VDOM mode. There are three VDOMs: Root is for management and internet access, while VDOM 1 and VDOM 2 are used for segregating internal traffic. AccountVInk and SalesVInk are standard VDOM links in Ethernet mode.
Given the exhibit, which two statements below about VDOM behavior are correct? (Choose two.)

A: You can apply OSPF routing on the VDOM link in either PPP or Ethernet mode
B: Traffic on AccountVInk and SalesVInk will not be accelerated
C: The VDOM links are in Ethernet mode because they have IP addressed assigned on both sides
D: Root VDOM is an Admin type VDOM, while VDOM 1 and VDOM 2 are Traffic type VDOMs
E: OSPF routing can be configured between VDOM 1 and Root VDOM without any configuration changes to AccountVInk

—

Question 11

You are responsible for recommending an adapter type for NICs on a FortiGate VM that will run on an ESXi Hypervisor.
Your recommendation must consider performance as the main concern, cost is not a factor.
Which adapter type for the NICs will you recommend?

A: Native ESXi Networking with E1000
B: Virtual Function (VF) PCI Passthrough
C: Native ESXi Networking with VMXNET3
D: Physical Function (PF) PCI Passthrough

—

Question 12

You are running a diagnose command continuously as traffic flows through a platform with NP6 and you obtain the following output:

Given the information shown in the output, which two statements are true? (Choose two.)

A: Enabling bandwidth control between the ISF and the NP will change the output
B: The output is showing a packet descriptor queue accumulated counter
C: Enable HPE shaper for the NP6 will change the output
D: Host-shortcut mode is enabled
E: There are packet drops at the XAUI

—

Question 13

You are deploying a FortiExtender (FEX) on a ForiGate-60F. The FEX will be managed by the FortiGate. You anticipate high utilization. The requirement is to minimize the overhead on the device for WAN traffic.
Which action achieves the requirement in this scenario?

A: Add a switch between the FortiGate and FEX.
B: Enable CAPWAP connectivity between the FortiGate and the FortiExtender
C: Change connectivity between the FortiGate and the FortiExtender to use VLAN Mode
D: Add a VLAN under the FEX-WAN interface on the FortiGate

—

Question 14

Refer to the exhibits.

Exhibit A -

Exhibit B -

A customer wants to deploy 12 FortiAP 431F devices on high density conference center, but they do not currently have any PoE switches to connect them to. They want to be able to run them at full power while having network redundancy.
From the FortiSwitch models and sample retail prices shown in the exhibit, which build of materials would have the lowest cost, while fulfilling the customer’s requirements?

A: 1x FortiSwitch 248E-FPOE
B: 2x FortiSwitch 224E-POE
C: 2x FortiSwitch 248E-FPOE
D: 2x FortiSwitch 124E-FPOE

—

Question 15

Refer to the exhibits.

Exhibit A -

Exhibit B -

A customer is looking for a solution to authenticate the clients connected to a hardware switch interface of a FortiGate 400E.
Referring to the exhibits, which two conditions allow authentication to the client devices before assigning an IP address? (Choose two.)

A: FortiGate devices with NP6 and hardware switch interfaces cannot support 802.1X authentication
B: Devices connected directly to ports 3 and 4 can perform 802.1X authentication
C: Ports 3 and 4 can be part of different switch interfaces
D: Client devices must have 802.1X authentication enabled

—

That’s the end of your free questions

You’ve reached the preview limit for NSE8_812

Consider upgrading to gain full access!

Page 1 of 3 • Questions 1-25 of 73

1 2 3

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!