← Back to exam page

NSE8_811 Fortinet NSE 8 Written Exam

Loading demo links...

Showing 4–6 of 10 questions

Question 4

A company has just deployed a new FortiMail in gateway mode. The administrator is asked to strengthen e-mail protection by applying the policies shown below.

• E-mails can only be accepted if a valid e-mail account exists.

• Only authenticated users can send e-mails out.

Which two actions will satisfy the requirements? (Choose two.)

Select all that apply, then click Submit answer.

  • Configure recipient address verification.

  • Configure inbound recipient policies.

  • Configure outbound recipient policies.

  • Configure access control rules.
Question 5

A FortiGate is used as a VPN hub for a number of remote spoke VPN units (Group A) spokes using a phase 1 main mode dial-up tunnel and pre-shared keys. You are asked to establish VPN connectivity for a newly acquired organization's sites for which new devices will be provisioned Group B spokes.

Both existing Group A and new Group B spoke units are dynamically addressed through a single public IP Address on the hub. You are asked to ensure that spokes from Group B have different access permissions than the existing VPN spokes units Group A.

Which two solutions meet the requirements for the new spoke group? (Choose two.)

Select all that apply, then click Submit answer.

  • Implement a new phase 1 dial-up main mode tunnel with a different pre-shared key than the Group A spokes.

  • Implement a new phase 1 dial-up main mode tunnel with certificate authentication.

  • Implement a new phase 1 dial-up main mode tunnel with pre-shared keys and XAuth.

  • Implement separate phase 1 dial-up aggressive mode tunnels with a distinct peer ID.
Question 6

An organization has one central site and three remote sites. A FortiSIEM has been installed on the central site and now all devices across the remote sites must be centrally monitored by the FortiSIEM at the central site.

Which action will reduce the WAN usage by the monitoring system?

Select an option, then click Submit answer.

  • Enable SD-WAN FEC (Forward Error Correction) on the FortiGate at the remote site.

  • Install both Supervisor and Collector on each remote site.

  • Install local Collectors on each remote site.

  • Disable real-time log upload on the remote sites.