Fortinet NSE8_812 시험

Question No : 1

An automation stitch was configured using an incoming webhook as the trigger named 'my_incoming_webhook'.
The action is configured to execute the CLI Script shown:

• A.data: ‘{ “hostname”: “bad_host_1”, “ip”: [“1.1.1.1”]}’ url: http://192.168.226.129/api/v2/monitor/system/automation-stitch/webhook/my_incoming_webhook
• B.data: ‘{ “hostname”: “bad_host_1”, “ip”: “1.1.1.1”}’ url: http://192.168.226.129/api/v2/monitor/system/automation-stitch/webhook/my_incoming_webhook
• C.data: ‘{ “hostname”: “bad_host_1”, “ip”: [“1.1.1.1”]}’ url: http://192.168.226.129/api/v2/cmdb/system/automation-stitch/webhook/my_incoming_webhook
• D.data: ‘{ “hostname”: “bad_host_1”, “ip”: “1.1.1.1”}’ url: http://192.168.226.129/api/v2/cmdb/system/automation-stitch/webhook/my_incoming_webhook

답을 확인하기

정답:

Question No : 2

Refer to the exhibit.



The exhibit shows the forensics analysis of an event detected by the FortiEDR core.
In this scenario, which statement is correct regarding the threat?

• A.This is an exfiltration attack and has been stopped by FortiED
• B.This is an exfiltration attack and has not been stopped by FortiEDR
• C.This is a ransomware attack and has not been stopped by FortiED
• D.This is a ransomware attack and has been stopped by FortiEDR

답을 확인하기

정답:

Question No : 3

Refer to the exhibit containing the configuration snippets from the FortiGate.
Customer requirements:



• SSLVPN Portal must be accessible on standard HTTPS port (TCP/443)
• Public IP address (129.11.1.100) is assigned to portl
• Datacenter.acmecorp.com resolves to the public IP address assigned to portl
The customer has a Let's Encrypt certificate that is going to expire soon and it reports that subsequent attempts to renew that certificate are failing.
Reviewing the requirement and the exhibit, which configuration change below will resolve this issue?
A)



B)



C)



D)

• A.Option A
• B.Option B
• C.Option C
• D.Option D

답을 확인하기

정답:
Explanation:
https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/822087/automatically-provision-a-certificate

Question No : 4

A customer's cybersecurity department needs to implement security for the traffic between two VPCs in AWS, but these belong to different departments within the company. The company uses a single region for all their VPCs.
Which two actions will achieve this requirement while keeping separate management of each department's VPC? (Choose two.)

• A.Create a transit VPC with a FortiGate HA cluster, connect to the other two using VPC peering, and use routing tables to force traffic through the FortiGate cluster.
• B.Create an 1AM account for the cybersecurity department to manage both existing VPC, create a FortiGate HA Cluster on each VPC and IPSEC VPN to force traffic between the VPCs through the FortiGate clusters
• C.Migrate all the instances to the same VPC and create 1AM accounts for each department, then implement a new subnet for a FortiGate auto-scaling group and use routing tables to force the traffic through the FortiGate cluster.
• D.Create a VPC with a FortiGate auto-scaling group with a Transit Gateway attached to the three VPC to force routing through the FortiGate cluster

답을 확인하기

정답:
Explanation:
To implement security for the traffic between two VPCs in AWS, while keeping separate management of each department’s VPC, two possible actions are:
Create a transit VPC with a FortiGate HA cluster, connect to the other two using VPC peering, and use routing tables to force traffic through the FortiGate cluster. This option allows the cybersecurity department to manage the transit VPC and apply security policies on the FortiGate cluster, while the other departments can manage their own VPCs and instances. The VPC peering connections enable direct communication between the VPCs without using public IPs or gateways. The routing tables can be configured to direct all inter-VPC traffic to the transit VPC.
Create a VPC with a FortiGate auto-scaling group with a Transit Gateway attached to the three VPCs to force routing through the FortiGate cluster. This option also allows the cybersecurity department to manage the security VPC and apply security policies on the FortiGate cluster, while the other departments can manage their own VPCs and instances. The Transit Gateway acts as a network hub that connects multiple VPCs and on-premises networks. The routing tables can be configured to direct all inter-VPC traffic to the security VPC.
Reference:
https://docs.fortinet.com/document/fortigate-public-cloud/7.2.0/aws-administration-guide/506140/connecting-a-local-fortigate-to-an-aws-vpc-vpn
https://docs.fortinet.com/document/fortigate-public-cloud/7.0.0/sd-wan-architecture-for-enterprise/166334/sd-wan-configuration

Question No : 5

Refer to the exhibit showing an SD-WAN configuration.






According to the exhibit, if an internal user pings 10.1.100.2 and 10.1.100.22 from subnet 172.16.205.0/24, which outgoing interfaces will be used?

• A.port16 and port1
• B.port1 and port1
• C.port16 and port15
• D.port1 and port15

답을 확인하기

정답:
Explanation:
According to the exhibit, the SD-WAN configuration has two rules: one for traffic to 10.1.100.0/24 subnet, and one for traffic to 10.1.100.16/28 subnet. The first rule uses the best quality strategy, which selects the SD-WAN member with the best measured quality based on performance SLA metrics. The second rule uses the manual strategy, which specifies port1 as the SD-WAN member to select. Therefore, if an internal user pings 10.1.100.2 and 10.1.100.22 from subnet 172.16.205.0/24, the outgoing interfaces will be port16 and port1 respectively, assuming that port16 has the best quality among the SD-WAN members.
Reference:
https://docs.fortinet.com/document/fortigate/6.2.14/cookbook/218559/configuring-the-sd-wan-interface
https://docs.fortinet.com/document/fortigate/7.2.8/administration-guide/686587/ecmp-support-for-the-longest-match-in-sd-wan-rule-matching

Question No : 6

Refer to the exhibits.







The exhibits show a FortiGate network topology and the output of the status of high availability on the FortiGate.
Given this information, which statement is correct?

• A.The ether type values of the HA packets are 0x8890, 0x8891, and 0x8892
• B.The cluster mode can support a maximum of four (4) FortiGate VMs
• C.The cluster members are on the same network and the IP addresses were statically assigned.
• D.FGVMEVLQOG33WM3D and FGVMEVGCJNHFYI4A share a virtual MAC address.

답을 확인하기

정답:
Explanation:
The output of the status of high availability on the FortiGate shows that the cluster mode is active-passive, which means that only one FortiGate unit is active at a time, while the other unit is in standby mode. The active unit handles all traffic and also sends HA heartbeat packets to monitor the standby unit. The standby unit becomes active if it stops receiving heartbeat packets from the active unit, or if it receives a higher priority from another cluster unit. In active-passive mode, all cluster units share a virtual MAC address for each interface, which is used as the source MAC address for all packets forwarded by the cluster.
Reference: https://docs.fortinet.com/document/fortigate/6.4.0/cookbook/103439/high-availability-with-two-fortigates

Question No : 7

Refer to the CLI configuration of an SSL inspection profile from a FortiGate device configured to protect a web server:



Based on the information shown, what is the expected behavior when an HTTP/2 request comes in?

• A.FortiGate will reject all HTTP/2 ALPN headers.
• B.FortiGate will strip the ALPN header and forward the traffic.
• C.FortiGate will rewrite the ALPN header to request HTTP/1.
• D.FortiGate will forward the traffic without modifying the ALPN header.

답을 확인하기

정답:
Explanation:
https://docs.fortinet.com/document/fortigate/7.0.0/new-features/710924/http-2-support-in-proxy-mode-ssl-inspection

Question No : 8

On a FortiGate Configured in Transparent mode, which configuration option allows you to control Multicast traffic passing through the?

• A.Option A
• B.Option B
• C.Option C
• D.Option D

답을 확인하기

정답:
Explanation:
When multicast-skip-policy is enabled, no check is performed based on multicast policy. A multicast packet received on an interface is flooded unconditionally to all interfaces (except the incoming interface) belonging to the same forwarding domain. Multicast packets are forwarded even when there is no multicast policy or the multicast policy is set to deny. To forward multicast traffic based on multicast policy, multicast-skip-policy must be disabled. In transparent mode, there is a per-VDOM configuration to skip policy check and forward all multicast traffic. This command is only available in transparent mode, and is disabled by default.

Question No : 9

A remote worker requests access to an SSH server inside the network. You deployed a ZTNA Rule to their FortiClient. You need to follow the security requirements to inspect this traffic.
Which two statements are true regarding the requirements? (Choose two.)

• A.FortiGate can perform SSH access proxy host-key validation.
• B.You need to configure a FortiClient SSL-VPN tunnel to inspect the SSH traffic.
• C.SSH traffic is tunneled between the client and the access proxy over HTTPS
• D.Traffic is discarded as ZTNA does not support SSH connection rules

답을 확인하기

정답:
Explanation:
ZTNA supports SSH connection rules that allow remote workers to access SSH servers inside the network through an HTTPS tunnel between the client and the access proxy (FortiGate). The access proxy acts as an SSH client to connect to the real SSH server on behalf of the user, and performs host-key validation to verify the identity of the server. The user can use any SSH client that supports HTTPS proxy settings, such as PuTTY or OpenSSH.
Reference:
https://docs.fortinet.com/document/fortigate/7.0.0/ztna-deployment/899992/configuring-ztna-rules-to-control-access
https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/29927/ztna-ssh-access-proxy-example

Question No : 10

Which two statements are correct on a FortiGate using the FortiGuard Outbreak Protection Service (VOS)? (Choose two.)

• A.The FortiGuard VOS can be used only with proxy-base policy inspections.
• B.If third-party AV database returns a match the scanned file is deemed to be malicious.
• C.The antivirus database queries FortiGuard with the hash of a scanned file
• D.The AV engine scan must be enabled to use the FortiGuard VOS feature
• E.The hash signatures are obtained from the FortiGuard Global Threat Intelligence database.

답을 확인하기

정답:
Explanation:
C. The antivirus database queries FortiGuard with the hash of a scanned file. This is how the FortiGuard VOS service works. The FortiGate queries FortiGuard with the hash of a scanned file, and FortiGuard returns a list of known malware signatures that match the hash.
E. The hash signatures are obtained from the FortiGuard Global Threat Intelligence database. This is where the FortiGuard VOS service gets its hash signatures from. The FortiGuard Global Threat Intelligence database is updated regularly with new malware signatures. https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/889364/fortiguard-outbreak-prevention

Question No : 11

Refer to the exhibit, which shows the high availability configuration for the FortiAuthenticator (FAC1).



Based on this information, which statement is true about the next FortiAuthenticator (FAC2) member that will join an HA cluster with this FortiAuthenticator (FAC1)?

• A.FAC2 can only process requests when FAC1 fails.
• B.FAC2 can have its HA interface on a different network than FAC1.
• C.The FortiToken license will need to be installed on the FAC2.
• D.FSSO sessions from FAC1 will be synchronized to FAC2.

답을 확인하기

정답:
Explanation:
https://docs.fortinet.com/document/fortiauthenticator/6.5.3/administration-guide/122076/high-availability
https://docs.fortinet.com/document/fortiauthenticator/6.5.3/administration-guide/122076/high-availability#Standalo

Question No : 12

A customer is planning on moving their secondary data center to a cloud-based laaS. They want to place all the Oracle-based systems Oracle Cloud, while the other systems will be on Microsoft Azure with ExpressRoute service to their main data center.
They have about 200 branches with two internet services as their only WAN connections. As a security consultant you are asked to design an architecture using Fortinet products with security, redundancy and performance as a priority.
Which two design options are true based on these requirements? (Choose two.)

• A.Systems running on Azure will need to go through the main data center to access the services on Oracle Cloud.
• B.Use FortiGate VM for IPSEC over ExpressRoute, as traffic is not encrypted by Azure.
• C.Branch FortiGate devices must be configured as VPN clients for the branches' internal network to be able to access Oracle services without using public IPs.
• D.Two ExpressRoute services to the main data center are required to implement SD-WAN between a FortiGate VM in Azure and a FortiGate device at the data center edge

답을 확인하기

정답:
Explanation:
A. Systems running on Azure will need to go through the main data center to access the services on Oracle Cloud. This is because the Oracle Cloud is not directly connected to the Azure Cloud. The traffic will need to go through the main data center in order to reach the Oracle Cloud.
C. Branch FortiGate devices must be configured as VPN clients for the branches' internal network to be able to access Oracle services without using public IPs. This is because the Oracle Cloud does not allow direct connections from the internet. The traffic will need to go through the FortiGate devices in order to reach the Oracle Cloud.
The other options are not correct.
B. Use FortiGate VM for IPSEC over ExpressRoute, as traffic is not encrypted by Azure. This is not necessary. Azure does encrypt traffic over ExpressRoute.
D. Two ExpressRoute services to the main data center are required to implement SD-WAN between a FortiGate VM in Azure and a FortiGate device at the data center edge. This is not necessary. A single ExpressRoute service can be used to implement SD-WAN between a FortiGate VM in Azure and a FortiGate device at the data center edge.
https://learn.microsoft.com/en-us/azure/expressroute/expressroute-about-encryption

Question No : 13

You must analyze an event that happened at 20:37 UTC.
One log relevant to the event is extracted from FortiGate logs:



The devices and the administrator are all located in different time zones Daylight savings time (DST) is disabled
• The FortiGate is at GMT-1000.
• The FortiAnalyzer is at GMT-0800
• Your browser local time zone is at GMT-03.00
You want to review this log on FortiAnalyzer GUI, what time should you use as a filter?

• A.20:37:08
• B.10:37:08
• C.17:37:08
• D.12.37:08

답을 확인하기

정답:
Explanation:
https://community.fortinet.com/t5/FortiAnalyzer/Technical-Note-Understanding-FortiAnalyzer-time-related-fields/ta-p/197569

Question No : 14

You are migrating the branches of a customer to FortiGate devices. They require independent routing tables on the LAN side of the network.
After reviewing the design, you notice the firewall will have many BGP sessions as you have two data centers (DC) and two ISPs per DC while each branch is using at least 10 internal segments.
Based on this scenario, what would you suggest as the more efficient solution, considering that in the future the number of internal segments, DCs or internet links per DC will increase?

• A.No change in design is needed as even small FortiGate devices have a large memory capacity.
• B.Acquire a FortiGate model with more capacity, considering the next 5 years growth.
• C.Implement network-id, neighbor-group and increase the advertisement-interval
• D.Redesign the SD-WAN deployment to only use a single VPN tunnel and segment traffic using VRFs on BGP

답을 확인하기

정답:
Explanation:
https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/810981/sd-wan-segmentation-over-a-single-overlay

Question No : 15

Refer to the exhibits.






A FortiGate cluster (CL-1) protects a data center hosting multiple web applications. A pair of FortiADC devices are already configured for SSL decryption (FAD-1), and re-encryption (FAD-2). CL-1 must accept unencrypted traffic from FAD-1, perform application detection on the plain-text traffic, and forward the inspected traffic to FAD-2.
The SSL-Offload-App-Detect application list and SSL-Offload protocol options profile are applied to the firewall policy handling the web application traffic on CL-1.
Given this scenario, which two configuration tasks must the administrator perform on CL-1? (Choose two.)
A)



B)



C)



D)

• A.Option A
• B.Option B
• C.Option C
• D.Option D

답을 확인하기

정답:
Explanation:
To enable application detection on plain-text traffic that has been decrypted by FortiADC, the administrator must perform two configuration tasks on CL-1:
Enable SSL offloading in the firewall policy and select the SSL-Offload protocol options profile. Enable application control in the firewall policy and select the SSL-Offload-App-Detect application list.
Reference: https://docs.fortinet.com/document/fortigate/6.4.0/cookbook/103438/application-detection-on-ssl-offloaded-traffic