Free NSE8_812 Sample Questions — Fortinet NSE 8 Written Exam

You are troubleshooting a FortiMail Cloud service integrated with Office 365 where outgoing emails are not reaching the recipients’ mail. What are two possible reasons for this problem? (Choose two.)

• A. The FortiMail access control rule to relay from Office 365 servers FQDN is missing
• B. The FortiMail DKIM key was not set using the Auto Generation option
• C. The FortiMail access control rules to relay from Office 365 servers public IPs are missing
• D. Mail Flow connector from the Exchange Admin Center has not been set properly to the FortiMail Cloud FQDN

You are designing a setup where the FortiGate device is connected to two upstream ISPs using BGP. Part of the requirement is that you must be able to refresh the route advertisements manually without disconnecting the BGP neighborships. Which feature must you enable on the BGP neighbors to accomplish this goal?

• A. Graceful-restart
• B. Deterministic-med
• C. Synchronization
• D. Soft-reconfiguration

A customer’s cybersecurity department needs to implement security for the traffic between two VPCs in AWS, but these belong to different departments within the company. The company uses a single region for all their VPCs. Which two actions will achieve this requirement while keeping separate management of each departments VPC? (Choose two.)

• A. Create a transit VPC with a FortiGate HA cluster, connect to the other two using VPC peering, and use routing tables to force traffic through the FortiGate cluster
• B. Create an IAM account for the cybersecurity department to manage both existing VPC, create a FortiGate HA Cluster on each VPC and IPSEC VPN to force traffic between the VPCs through the FortiGate clusters
• C. Migrate all the instances to the same VPC and create IAM accounts for each department, then implement a new subnet for a FortiGate auto-scaling group and use routing tables to force the traffic through the FortiGate cluster
• D. Create a VPC with a FortiGate auto-scaling group with a Transit Gateway attached to the three VPC to force routing through the FortiGate cluster

You want to use the MTA adapter feature on FortiSandbox in an HA-Cluster. Which statement about this solution is true?

• A. The configuration of the MTA Adapter Local Interface is different than on port1
• B. The MTA adapter is only available in the primary node
• C. The MTA adapter mode is only detection mode
• D. The configuration is different than on a standalone device

You are migrating the branches of a customer to FortiGate devices. They require independent routing tables on the LAN side of the network. After reviewing the design, you notice the firewall will have many BGP sessions as you have two data centers (DC) and two ISPs per DC while each branch is using at least 10 internal segments. Based on this scenario, what would you suggest as the more efficient solution, considering that in the future the number of internal segments, DCs or internet links per DC will increase?

• A. No change in design is needed as even small FortiGate devices have a large memory capacity
• B. Acquire a FortiGate model with more capacity, considering the next 5 years growth
• C. Implement network-id, neighbor-group and increase the advertisement-interval
• D. Redesign the SD-WAN deployment to only use a single VPN tunnel and segment traffic using VRFs on BGP