NSE8 試験問題を無料オンラインアクセス

There is an interface-mode IPsec tunnel configured between FortiGate1 and FortiGate2. You want to run
OSPF over the IPsec tunnel. On both FortiGates. the IPsec tunnel is based on physical interface Port1.
Port1 has the default MTU setting on both FortiGate units. Which statement is true about this scenario?

• A.The MTU must be set manually on the IPsec interface.
• B.The MTU must be set manually in the OSPF interface configuration.
• C.An IP address must be assigned to the IPsec interface on FortiGate1 and FortiGate2.
• D.A multicast firewall policy must be added on FortiGate1 and FortiGate2 to allow protocol 89.

Which command syntax would you use to configure the serial number of a FortiGate as its host name?
A:

B:

C:

D:

• A.Option B
• B.Option D
• C.Option A
• D.Option C

Your company uses a cluster of two FortiGate 3600C units in active-passive mode to protect the
corporate network. The FortiGate cluster sends its logs to a FortiAnalyzer and you have configured
scheduled weekly reports for the Internet bandwidth usage of each corporate VLAN. During a scheduled
maintenance window, you make a series of configuration changes. When the next FortiAnalyzer weekly
report is generated, you notice that Internet bandwidth usage reported by the FortiAnalyzer is far less than
expected.
What is the reason for this discrepancy?

• A.You changed from active-passive to active-active, causing the session traffic counters to become
  inaccurate.
• B.You enabled HA session-pickup, which is turn disabled session accounting.
• C.You applied an antivirus profile on some of the policies, and no traffic can be accelerated.
• D.You disabled all security profiles on some of the firewall policies, and the traffic matching those policies
  is now accelerated.

Your colleague has enabled virtual clustering to load balance traffic between the cluster units. You notice
that all traffic is currently directed to a single FortiGate unit. Your colleague has applied the configuration
shown in the exhibit.
Which step would you perform to load balance traffic within the virtual cluster?

• A.Add an additional virtual cluster high-availability link to enable cluster load balancing.
• B.Issue the diagnose sys ha reset-uptime command on the unit that is currently processing traffic to
  enable load balancing.
• C.Input Virtual Cluster domain 1 and Virtual Cluster domain 2 device priorities for each cluster unit.
• D.Use the set override enable command on both units to allow the secondary unit to load balance traffic.

You are asked to design a secure solution using Fortinet products for a company. The company recently
has Web servers that were exploited and defaced. The customer has also experienced Denial or Service
due to SYN Flood attacks. Taking this into consideration, the customer's solution should have the
following requirements:
- management requires network-based content filtering with man-in-the-middle inspection
- the customer has no existing public key infrastructure but requires centralized certificate management
- users are tracked by their active directory username without installing any software on their hosts
- Web servers that have been exploited need to be protected from the OW ASP Top 10
- notification of high volume SYN Flood attacks when a threshold has been triggered
Which three solutions satisfy these requirements? (Choose three.)

• A.FortiDDOS
• B.FortiWeb
• C.FortiCiient
• D.FortiGate
• E.FortiAuthenticator