Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

NSE8-812 by Fortinet - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

A customer wants to use the FortiAuthenticator REST API to create an SSO group called SalesGroup.

The following API call is being made with the ‘curl’ utility:

Which statement correctly describes the expected behavior of the FortiAuthenticator REST API?

Question Image

A Only users with the “Full permission” role can access the REST API.
B If it is lost, the current REST API web service access key can be retrieved from the CLI with a diagnose command.
C The API call will fail because you cannot use POST with a specific I
D This API call will fail because it requires API version 2.

Question 4

Refer to the exhibits.

Topology -

Configuration -

The exhibits show a diagram of a requested topology and the base IPsec configuration.
A customer asks you to configure ADVPN via two internet underlays. The requirement is that you use one interface with a single IP address on DC FortiGate.
In this scenario, which feature should be implemented to achieve this requirement?

Question Image

A Use network-overlay id
B Change advpn2 to IKEv1
C Use local-id
D Use peer-id

Question 5

Refer to the exhibit.

A FortiGate cluster (CL-1) protects a data center hosting multiple web applications. A pair of FortiADC devices are already configured for SSL decryption (FAD-1), and re-encryption (FAD-2). CL-1 must accept unencrypted traffic from FAD-1, perform application detection on the plain-text traffic, and forward the inspected traffic to FAD-2.

The SSL-Offload-App-Detect application list and SSL-Offload protocol options profile are applied to the firewall policy handling the web application traffic on CL-1.

Given this scenario, which two configuration tasks must the administrator perform on CL-1? (Choose two.)

Question Image

Answer option image

Question 6

Refer to the exhibit.

A FortiWeb appliance is configured for load balancing web sessions to internal web servers. The Server Pool is configured as shown in the exhibit.

How will the sessions be load balanced between server 1 and server 2 during normal operation?

Question Image

A Server 1 will receive 0% of the sessions, Server 2 will receive 100% of the sessions
B Server 1 will receive 33.3% of the sessions, Server 2 will receive 66.6% of the sessions
C Server 1 will receive 20% of the sessions, Server 2 will receive 66.6% of the sessions
D Server 1 will receive 25% of the sessions, Server 2 will receive 75% of the sessions

Question 7

A retail customer with a FortiADC HA cluster load balancing five webservers in L7 Full NAT mode is receiving reports of users not able to access their website during a sale event. But for clients that were able to connect, the website works fine.
CPU usage on the FortiADC and the web servers is low, application and database servers are still able to handle more traffic, and the bandwidth utilization is under 30%.
Which two options can resolve this situation? (Choose two.)

A Change the persistence rule to LB_PERSIS_SSL_SESS_ID
B Add more web servers to the real server pool
C Disable SSL between the FortiADC and the web servers
D Add a connection-pool to the FortiADC virtual server

Question 8

You are troubleshooting a FortiMail Cloud service integrated with Office 365 where outgoing emails are not reaching the recipients’ mail.
What are two possible reasons for this problem? (Choose two.)

A The FortiMail access control rule to relay from Office 365 servers FQDN is missing
B The FortiMail DKIM key was not set using the Auto Generation option
C The FortiMail access control rules to relay from Office 365 servers public IPs are missing.
D A Mail Flow connector from the Exchange Admin Center has not been set properly to the FortiMail Cloud FQDN

Question 9

You are running a diagnose command continuously as traffic flows through a platform with NP6 and you obtain the following output:

Given the information shown in the output, which two statements are true? (Choose two.)

Question Image

A Enabling bandwidth control between the ISF and the NP will change the output
B The output is showing a packet descriptor queue accumulated counter
C Enable HPE shaper for the NP6 will change the output
D Host-shortcut mode is enabled
E There are packet drops at the XAUI

Question 10

Review the VPN configuration shown in the exhibit.

What is the Forward Error Correction behavior if the SD-WAN network traffic download is 500 Mbps and has 8% of packet loss in the environment?

Question Image

A 1 redundant packet for every 10 base packets
B 3 redundant packet for every 5 base packets
C 2 redundant packet for every 8 base packets
D 3 redundant packet for every 9 base packets

Question 11

Refer to the exhibits.

Exhibit A -

Exhibit B -

A customer wants to deploy 12 FortiAP 431F devices on high density conference center, but they do not currently have any PoE switches to connect them to. They want to be able to run them at full power while having network redundancy.
From the FortiSwitch models and sample retail prices shown in the exhibit, which build of materials would have the lowest cost, while fulfilling the customer’s requirements?

Question Image

A 1x FortiSwitch 248E-FPOE
B 2x FortiSwitch 224E-POE
C 2x FortiSwitch 248E-FPOE
D 2x FortiSwitch 124E-FPOE

Question 12

Refer to the exhibit.

You are managing a FortiSwitch 3032E that is managed by FortiLink on a FortiGate 3960E. The 3032E is heavily utilized and there is only one port free.

The requirement is to add an additional three FortiSwitch 448E devices with 10Gbps SFP+ connectivity directly to the 3032E. The plan is to use split port (phy-mode) with QSFP28 mode to connect the new 448E switches.

In this scenario, which statement about the switch deployment is correct?

Question Image

A Additional ports on Switch 1 can be split for a maximum of 128 interfaces.
B The port mode of Switch 1 must be changed to QSFP.
C After enabling split ports and rebooting Switch 1, the new ports can be configured from the FortiGate.
D Switches 2-4 will connect successfully with Switch 1 split port in QSFP28 mode.

Question 13

A FortiGate must be configured to accept VoIP traffic which will include session initiation protocol (SIP) traffic.

Which statement about the VoIP configuration options is correct?

A FortiOS cannot accept SIP traffic if both the SIP Session Helper and the application layer gateway (ALG) are disabled.
B Restricting SIP requests is only possible when using the SIP Session Helper.
C By default, VoIP traffic will be processed using the SIP Session Helper.
D Rate tracking of SIP requests is only possible when the application layer gateway (ALG) is set to Flow mode.

Question 14

A customer with a FortiDDoS 200F protecting their fibre optic internet connection from incoming traffic sees that all the traffic was dropped by the device even though they were not under a DoS attack. The traffic flow was restored after it was rebooted using the GUI.
Which two options will prevent this situation in the future? (Choose two.)

A Change the Adaptive Mode.
B Create an HA setup with a second FortiDDoS 200
C Move the internet connection from the SFP interfaces to the LC interfaces.
D Replace with a FortiDDoS 1500

Question 15

A customer is operating a FortiWeb cluster in a high volume active-active HA group consisting of eight FortiWeb appliances. One of the secondary members is handling traffic for one specific VIP. What will happen with the traffic if that secondary FortiWeb appliance fails?

A Traffic will be redirected to the next appliance in the same traffic group.
B Traffic will be redistributed by the primary appliance to the remaining secondary appliances.
C Traffic will be redistributed by the primary appliance to the remaining secondary appliances that are configured to handle traffic for that specific VIP.
D Traffic will be redirected to the secondary member with the least number of sessions.

Question 16

SD-WAN is configured on a FortiGate. You notice that when one of the internet links has high latency the time to resolve names using DNS from FortiGate is very high.
You must ensure that the FortiGate DNS resolution times are as low as possible with the least amount of work.
What should you configure?

A Configure local out traffic to use the outgoing interface based on SD-WAN rules with a manual defined IP associated to a loopback interface and configure an SD-WAN rule from the loopback to the DNS server.
B Configure an SD-WAN rule to the DNS server and use the FortiGate interface IPs in the source address.
C Configure two DNS servers and use DNS servers recommended by the two internet providers.
D Configure local out traffic to use the outgoing interface based on SD-WAN rules with the interface IP and configure an SD-WAN rule to the DNS server.

Question 17

Refer to the exhibit, which shows a FortiGate configuration snippet.

A customer in Costa Rica has a FortiGate with SD-WAN configured to use a VPN connection to the United States to browse the internet using a public IP from that country. They would like to enable the SD-WAN rule using a webhook.

Which configuration must be added to the FortiGate, and which type of HTTP request must be used to accomplish this? (Choose two.)

Question Image

Answer option image

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 4 • Questions 1-25 of 83

1 2 3 4

→

Know a question that should be here? Contribute to this exam

Refer to the exhibits.

The exhibit shows a FortiGate model device that will be used for zero touch provisioning and a CLI Template.

To facilitate a more efficient roll out of FortiGate devices, you are tasked with using meta fields with the CLI Template to configure the DHCP server on the “office1” FortiGate.

Given this scenario, what would be the output of the config ip-range section on the CLI Template?

Question Image

Answer option image

Refer to the exhibit.

The exhibit shows the topology a customer wants to implement using a flexible authentication scheme. Users connecting from trusted remote locations are authenticated using only their username/password when connecting to the SSLVPN FortiGate in the data center.

When connecting from the Untrusted Clients, users must authenticate using 2-factor authentication.

In this scenario, which RADIUS attribute can be used as a RADIUS policy selector on the FortiAuthenticator to accomplish this goal?

Question Image

A Calling-Station-Id
B Framed-IP-Address
C Tunnel-Client-Auth-Id
D Login-IP-Host

NSE8-812Preview

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

That's the end of the Preview