Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

NSE8_811 by Fortinet - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

A customer wants to enable SYN flood mitigation in a FortiDDoS device. The FortiDDoS must reply with one SYN/ACK packet per SYN packet from a new source
IP address.
Which SYN flood mitigation mode must the customer use?

A SYN retransmission
B SYN/ACK cookie
C SYN cookie
D ACK cookie

Question 4

Refer to the exhibit.

Question 5

You are administering the FortiGate 5000 and FortiGate 7000 series products. You want to access the HTTPS GUI of the blade located in logical slot 3 of the secondary chassis in a high-availability cluster.
Which URL will accomplish this task?

A https://192.168.1.99:44322
B https://192.168.1.99:44323
C https://192.168.1.99:44313
D https://192.168.1.99:44302

Question 6

Refer to the exhibit.

Question 7

A customer wants to integrate their on-premise FortiGate with their Azure infrastructure.
Which two components must be in place to configure the Azure Fabric connector? (Choose two.)

A FortiGate-VM virtual appliance deployed on-premise.
B An inbound policy from the Azure FortiGate-VM virtual appliance.
C An outbound policy from the Azure FortiGate-VM virtual appliance.
D A FortiGate-VM virtual appliance deployed in Azure.

Question 8

You cannot ping the FortiGate default gateway 10.10.10.1 from the FortiGate CLI. The FortiGate interface facing the default gateway is wan1 and its IP address is
10.10.10.254/24. During the initial troubleshooting tests, you confirm that you can ping other IP addresses in the 10.10.10.0/24 subnet from the FortiGate CLI without packets lost.
Which two CLI commands will help you to troubleshoot this problem? (Choose two.)

A diagnose debug flow filter saddr 10.10.10.1 diagnose debug flow trace start 10
B diagnose hardware deviceinfo nic wan1
C diagnose ip arp list
D diag sniffer packet wan1 'arp and host 10.10.10.1'

Question 9

An organization has one central site and three remote sites. A FortiSIEM has been installed on the central site and now all devices across the remote sites must be centrally monitored by the FortiSIEM at the central site.
Which action will reduce the WAN usage by the monitoring system?

A Enable SD-WAN FEC (Forward Error Correction) on the FortiGate at the remote site.
B Install both Supervisor and Collector on each remote site.
C Install local Collectors on each remote site.
D Disable real-time log upload on the remote sites.

Question 10

A customer is looking for a way to remove javascripts, macros and hyperlinks from documents traversing the network without affecting the integrity of the content.
You propose to use the Content disarm and reconstruction (CDR) feature of the FortiGate.
Which two considerations are valid to implement CDR in this scenario? (Choose two.)

A The inspection mode of the FortiGate is not relevant for CDR to operate.
B CDR is supported on HTTPS, SMTPS, and IMAPS if deep inspection is enabled.
C CDR can only be performed on Microsoft Office Document and PDF files.
D Files processed by CDR can have the original copy quarantined on the FortiGate.

Question 11

You want to manage a FortiGate with the FortiCloud service. The FortiGate shows up in your list of devices on the FortiCloud Web site, but all management functions are either missing or grayed out.
Which statement is correct in this scenario?

A The management tunnel mode on the managed FortiGate must be changed to normal.
B The managed FortiGate is running a version of FortiOS that is either too new or too old for FortiCloud.
C The managed FortiGate requires that a FortiCloud management license be purchased and applied.
D You must manually configure system central-management on the FortiGate CLI and set the management type to fortiguard.

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 3 • Questions 1-25 of 53

1 2 3

→

Know a question that should be here? Contribute to this exam

Consider the following FortiGate configuration:

Which command-line option for deep inspection SSL would have the FortiGate re-sign all untrusted self-signed certificates with the trusted Fortinet_CA_SSL certificate?

A block
B inspect
C allow
D ignore

Refer to the exhibit.

A FortiGate is configured for a dial-up IPsec VPN to allow multiple remote FortiGate devices to connect to it. However, FortiGate A and B have problems connecting to the VPN. Only one of them can be connected at a time. If site B tries to connect while site A is connected, site A is disconnected. The IKE real-time debug shows the output in the exhibit when site A is disconnected.
Referring to the exhibit, which configuration setting should be executed in the dial-up configuration to allow both VPNs to be connected at the same time?

A set route-overlap allow
B set single-source disable
C set enforce-unique-id disable
D set add-route enable

You configured AV and Web filtering for your outgoing Internet connections. You later notice that not all Web sessions are being inspected and you start troubleshooting the problem.
Referring to the exhibit, what can be causing this problem?

A The Web session is using QUIC which is not inspected by the FortiGate.
B There are problems with the connection to the Web filter servers, therefore the Web session cannot be categorized.
C The SSL inspection options are not set to deep inspection.
D Web filtering is not licensed; therefore, no inspection occurs.

Given the configuration shown in the exhibit, which two statements are true? (Choose two.)

A LAG-3 on switches on FS448D-A and FS448D-B may be connected to a single 802.3ad trunk on another device.
B LAG-1 and LAG-2 should be connected to a 4-port single 802.3ad trunk on another device.
C port13 and port14 on FS448D-A should be connected to port13 and port14 on FS448D-B.
D LAG-1 and LAG-2 should be connected to a single 4-port 802.3ad interface on the FortiGate-A.

NSE8_811Preview

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

That's the end of the Preview