Fortinet nse8_812 Exam Dumps

Question 6 of 64

Refer to the exhibit.

FortiManager is configured with the Jinja Script under CLI Templates shown in the exhibit.

Which two statements correctly describe the expected behavior when running this template? (Choose two.)

The Jinja template will automatically map the interface with “WAN” role on the managed FortiGate

The template will work if you change the variable format to $(WAN).

The template will work if you change the variable format to {{ WAN }}.

The administrator must first manually map the interface for each device with a meta field

The template will fail because this configuration can only be applied with a CLI or TCL script.

Correct Answer: C, D

The expected behavior when running this template is that the template will work if you change the variable format to the correct Jinja syntax {{ WAN }}. Jinja templates use double curly braces {{ }} to enclose variables, which is the recognized syntax for variable substitution in Jinja. Additionally, the administrator must first manually map the interface for each device with a meta field. The meta fields are used to define specific values or interfaces that the Jinja template will use during execution. Therefore, for the given Jinja template to work properly, it must correctly reference these pre-defined meta fields.

Question 7 of 64

SD-WAN is configured on a FortiGate. You notice that when one of the internet links has high latency the time to resolve names using DNS from FortiGate is very high.

You must ensure that the FortiGate DNS resolution times are as low as possible with the least amount of work.

What should you configure?

Configure local out traffic to use the outgoing interface based on SD-WAN rules with a manual defined IP associated to a loopback interface and configure an SD-WAN rule from the loopback to the DNS server.

Configure an SD-WAN rule to the DNS server and use the FortiGate interface IPs in the source address.

Configure two DNS servers and use DNS servers recommended by the two internet providers.

Configure local out traffic to use the outgoing interface based on SD-WAN rules with the interface IP and configure an SD-WAN rule to the DNS server.

Correct Answer: D

To ensure low DNS resolution times on a FortiGate, it is crucial to direct the DNS query traffic efficiently. Configuring local out traffic to use the outgoing interface based on SD-WAN rules with the interface IP ensures that the FortiGate selects the optimal path for DNS requests. By setting an SD-WAN rule specifically to the DNS server, the FortiGate can dynamically choose the best link, enhancing DNS resolution performance and reducing latency effectively.

Question 8 of 64

Refer to the exhibits.

Exhibit A -

Exhibit B -

Exhibit C -

A customer is trying to set up a VPN with a FortiGate, but they do not have a backup of the configuration. Output during a troubleshooting session is shown in the exhibits A and B and a baseline VPN configuration is shown in Exhibit C.

Referring to the exhibits, which configuration will restore VPN connectivity?

Correct Answer: D

The configuration to restore VPN connectivity should accommodate the specific settings observed in the exhibits. Looking at Exhibit A and Exhibit B, we can see various parameters, such as the peer ID, the proposal 'aes256-sha256', and the necessity for NPU (Network Processing Unit) offloading indicated by 'npu_flag=03'. The configuration in Exhibit D matches these requirements, including NPU offloading and the correct use of 'aes256-sha256'. Therefore, the correct answer is the configuration that aligns with these settings, which is provided in option D.

Question 9 of 64

An HA topology is using the following configuration:

Based on this configuration, how long will it take for a failover to be detected by the secondary cluster member?

600ms

200ms

300ms

100ms

Correct Answer: A

In the given configuration, the heartbeat interval (hb-interval) is set to 3. This is equivalent to 300 milliseconds (ms) because the default heartbeat interval is generally taken as 100 ms multiplied by the set interval value. The hb-lost-threshold is 2, which means the failover will be detected after 2 missed heartbeats. Therefore, the total time to detect a failover will be 2 times the hb-interval, which is 2 x 300 ms = 600 ms. Hence, the correct answer is 600 ms.

Question 10 of 64

Refer to the exhibit.

You have deployed a security fabric with three FortiGate devices as shown in the exhibit.

FGT_2 has the following configuration:

FGT_1 and FGT_3 are configured with the default setting.

Which statement is true for the synchronization of fabric-objects?

Objects from the FortiGate FGT_2 will be synchronized to the upstream FortiGate

Objects from the root FortiGate will only be synchronized to FGT_2

Objects from the root FortiGate will not be synchronized to any downstream FortiGate

Objects from the root FortiGate will only be synchronized to FGT_3

Correct Answer: C

The configuration on FGT_2 with 'set fabric-object-unification local' indicates that objects will not be synchronized to or from FGT_2. Default setting means synchronization occurs between root FortiGate and downstream FortiGate devices. Since FGT_2's synchronization is set to local, it will not synchronize objects with any other device, not upstream to the root FortiGate nor downstream to FGT_3. Therefore, objects from the root FortiGate will not be synchronized to any downstream FortiGate.