https://www.newpassleader.com/Fortinet/NSE8-exam-preparation-materials.html (65 Q&As Dumps, 30%OFF Special Discount: 30free )

NEW QUESTION NO: 6
You are asked to write a FortiAnalyzer report that lists the session that has consumed the most bandwidth.
You are required to include the source IP, destination IP, application, application category, hostname, and total bandwidth consumed.
Which dataset meets these requirements?
A. select from_itime(itime) as timestamp, srcip, dstip, app, appcat, hostname, sum(coalesce('sentbyte", 0) +coalesce('recbyte ", 0)) as bandwidth from $log where $filter LIMIT 1
B. select from_itime(itime) as timestamp, srcip, dstip, app, appcat, hostname, sum(coalesce('sentbyte", 0) +coalesce('recbyte", 0)) as bandwidth from $log where $filter LIMIT 1
C. select from_itime(itime) as timestamp, srcip, dstip, app, appcat, hostname, sum(coalesce('sentbyte", 0) +coalesce('rcvdbyte", 0)) as bandwidth from $log where $filter LIMIT 1
D. select from_itime(itime) as timestamp, sourceip, destip, app, appcat, hostname, sum(coalesce('sentbyte', 0)+coalesce('rcvdbyte", 0)) as bandwidth from $log where $filter LIMIT 1
Answer: C
Explanation/Reference:
http://docs.fortinet.com/uploaded/files/2617/fortianalyzer-5.2.4-dataset-reference.pdf

NEW QUESTION NO: 7
You verified that application control is working from previous configured categories. You just added Skype on blocked signatures. However, after applying the profile to your firewall policy, clients running Skype can still connect and use the application.
What are two causes of this problem? (Choose two.)
A. The FakeSkype.botnet signature is included on your application control sensor.
B. SSL inspection is not enabled.
C. The application control database is not updated.
D. A client on the network was already connected to the Skype network and serves as relay prior to configuration changes to block Skype
Answer: B,C

NEW QUESTION NO: 8

Given the following error message:

FortiManager fails to import policy ID 1.
What is the problem?
A. FortiManager already has Address LAN which has interface mapping set to "internal" in its database, it is contradicting with the STUDENT-2 FortiGate device which has address LAN mapped to "any".
B. FortiManager already has address LAN which has interface mapping set to "any" in its database; this conflicts with the STUDENT-2 FortiGate device which has address "LAN" mapped to "internal".
C. Policy ID 1 for this managed FortiGate device already exists on the FortiManager policy package named STUDENT-2.
D. Policy ID 1 does not have interface mapping on FortiManager.
Answer: D
Explanation/Reference:
http://kb.fortinet.com/kb/documentLink.do?externalID=FD38544

NEW QUESTION NO: 9
Your FortiGate has multiple CPUs. You want to verify the load for each CPU.
Which two commands will accomplish this task? (Choose two.)
A. get system performance status
B. diag system mpstat
C. diag system cpu stat
D. diag system top
Answer: A,D
Explanation/Reference:
http://kb.fortinet.com/kb/documentLink.do?externalID=13825

NEW QUESTION NO: 10

A customer just bought an additional FortiGate device and plans to use their existing load balancer to distribute traffic across two FortiGate units participating on a BGP network serving different neighbors. The customer has mixed traffic of IPv4 and IPv6 TCP, UDP, and ICMP. The two FortiGate devices shown in the exhibit should be redundant to each other so that the NAT session and active session tables will synchronize and fail over to the unit that is still operating without any loss of data if one of the units fail.
Which high availability solution would you implement?
A. FortiGate Cluster Protocol (FGCP)
B. Fortinet redundant UTM protocol (FRUP)
C. FortiGate Session Life Support Protocol (FGSP)
D. Virtual Router Redundancy Protocol (VRRP)
Answer: A
Explanation/Reference:
http://docs.fortinet.com/uploaded/files/1074/fortigate-ha-40-mr2.pdf

NEW QUESTION NO: 11
You have deployed two FortiGate devices as an HA pair. One FortiGate will process traffic while the other FortiGate is a standby. The standby monitors the primary for failure and only takes the role of processing traffic if it detects that the primary FortiGate has failed.
Which style of FortiGate HA does this scenario describe?
A. active-passive HA
B. active-active HA
C. partial mesh HA
D. full mesh HA
Answer: A

NEW QUESTION NO: 12
You are asked to establish a VPN tunnel with a service provider using a third-party VPN device. The service provider has assigned subnet 30.30.30.0/24 for your outgoing traffic going towards the services hosted by the provider on network 20.20.20.0/24. You have multiple computers which will be accessing the remote services hosted by the service provider.

Which three configuration components meet these requirements? (Choose three.)
A. Configure an IP Pool of type Overload for range 30.30.30.10-30.30.30.10. Enable NAT on a policy from your LAN forwards the VPN tunnel and select that pool.
B. Configure IPsec phase 2 proxy IDs for a source of 30.30.30.0/24 and destination of 20.20.20.0/24.
C. Configure IPsec phase 2 proxy IDs for a source of 10.10.10.0/24 and destination of 20.20.20.0/24.
D. Configure a static route towards the VPN tunnel for 20.20.20.0/24.
E. Configure an IP Pool of Type One-to-One for range 30.30.30.10-30.30.30.10. Enable NAT on a policy from your LAN towards the VPN tunnel and select that pool.
Answer: B,D,E

NEW QUESTION NO: 13
Which command detects where a routing path is broken?
A. diag debug route <destination>
B. exec route ping <destination>
C. exec traceroute <destination>
D. diag route null
Answer: C

NEW QUESTION NO: 14
A FortiGate is deployed in the NAT/Route operation mode.
This operation mode operates at which OSI layer?
A. Layer 2
B. Layer 3
C. Layer 4
D. Layer 1
Answer: B

NEW QUESTION NO: 15

A customer wants to secure the network shown in the exhibit with a full redundancy design.
Which security design would you use?
A. Place a FortiGate FGCP Cluster between DD and AA, then connect it to SW1, SW2, SW3, and SW4.
B. Place a FortiGate FGCP Cluster between BB and AA, then connect it to SW1, SW2, SW3, and SW4.
C. Place a FortiGate FGCP Cluster between BB and CC, then connect it to SW1, SW2, SW3, and SW4.
D. Place a FortiGate FGCP Cluster between DD and FF, then connect it to SW1, SW2, SW3, and SW4.
Answer: A

NEW QUESTION NO: 16
Which command syntax would you use to configure the serial number of a FortiGate as its host name?
A)

B)

C)

D)

A. Option A
B. Option B
C. Option C
D. Option D
Answer: C
Explanation/Reference:
http://docs.fortinet.com/uploaded/files/2002/FortiOS%20Handbook%20-%20System%20Administration%
205.2.pdf