Fortinet Network Security Expert 8 Written Exam (NSE8 801 - FortiOS 5.2) - NSE8 Exam Practice Test
Question 1
Your company uses a cluster of two FortiGate 3600C units in active-passive mode to protect the
corporate network. The FortiGate cluster sends its logs to a FortiAnalyzer and you have configured
scheduled weekly reports for the Internet bandwidth usage of each corporate VLAN. During a scheduled
maintenance window, you make a series of configuration changes. When the next FortiAnalyzer weekly
report is generated, you notice that Internet bandwidth usage reported by the FortiAnalyzer is far less than
expected.
What is the reason for this discrepancy?
corporate network. The FortiGate cluster sends its logs to a FortiAnalyzer and you have configured
scheduled weekly reports for the Internet bandwidth usage of each corporate VLAN. During a scheduled
maintenance window, you make a series of configuration changes. When the next FortiAnalyzer weekly
report is generated, you notice that Internet bandwidth usage reported by the FortiAnalyzer is far less than
expected.
What is the reason for this discrepancy?
Correct Answer: B
Question 2
Given the following FortiOS 5.2 commands:
Which vulnerability is being addresses when managing FortiGate through an encrypted management
protocol?
Which vulnerability is being addresses when managing FortiGate through an encrypted management
protocol?
Correct Answer: D
Question 3
Referring to the exhibit, you want to know if aggregating port7 and port22 will work.
Which statement is correct?
Which statement is correct?
Correct Answer: C
Question 4
Which three configuration scenarios will result in an IPsec negotiation failure between two FortiGate
devices? (Choose three.)
devices? (Choose three.)
Correct Answer: D
Question 5
Referring to the exhibit, which statement is true?
Correct Answer: B
Question 6
FortiGatel has a gateway-to-gateway IPsec VPN to FortiGate2. The entire IKE negotiation between
FortiGatel and FortiGate2 is on UDP port 500. A PC on FortuGate2's local area network is sending
continuous ping requests over the VPN tunnel to a PC of FortiGatel's local area network. No other traffic is
sent over the tunnel.
Which statement is true on this scenario?
FortiGatel and FortiGate2 is on UDP port 500. A PC on FortuGate2's local area network is sending
continuous ping requests over the VPN tunnel to a PC of FortiGatel's local area network. No other traffic is
sent over the tunnel.
Which statement is true on this scenario?
Correct Answer: C
Question 7
A customer wants to implement a RADIUS Single Sign On (RSSO) solution for multiple FortiGate devices.
The customer's network already includes a RADIUS server that can generate the logon and logoff accounting records.
However, the RADIUS server can send those records to only one destination.
What should the customer do to overcome this limitation?
The customer's network already includes a RADIUS server that can generate the logon and logoff accounting records.
However, the RADIUS server can send those records to only one destination.
What should the customer do to overcome this limitation?
Correct Answer: D
