Fortinet NSE 8 - Recertification Sample Questions:
1. Refer to the exhibits.
Exhibit A
Exhibit B
Exhibit C
A customer is trying to set up a VPN with a FortiGate, but they do not have a backup of the configuration. Output during a troubleshooting session is shown in the exhibits A and B and a baseline VPN configuration is shown in Exhibit C.
Referring to the exhibits, which configuration will restore VPN connectivity?
A)
B)
C)
D) 
2. Refer to the exhibit.
A FortiGate is configured for a dial-up IPsec VPN to allow multiple remote FortiGate devices to connect to it. However, FortiGate A and B have problems connecting to the VPN. Only one of them can be connected at a time. If site B tries to connect while site A is connected, site A is disconnected. The IKE real-time debug shows the output in the exhibit when site A is disconnected.
Referring to the exhibit, which configuration setting should be executed in the dial-up configuration to allow both VPNs to be connected at the same time?
A) set add-route enable
B) set single-source disable
C) set enforce-unique-id disable
D) set route-overlap allow
3. You are troubleshooting a FortiMail Cloud service integrated with Office 365 where outgoing emails are not reaching the recipients' mail.
What are two possible reasons for this problem? (Choose two.)
A) The FortiMail access control rules to relay from Office 365 servers public IPs are missing.
B) A Mail Flow connector from the Exchange Admin Center has not been set properly to the FortiMail Cloud FQDN
C) The FortiMail access control rule to relay from Office 365 servers FQDN is missing
D) The FortiMail DKIM key was not set using the Auto Generation option
4. Examine the two static routes to the same destination subnet 172.20.168.0/24 as shown below; then answer the question following it.
config router static
edit 1
set dst 172.20.168.0 255.255.255.0
set distance 20
set priority 10
set device port1
next
edit 2
set dst 172.20.168.0 255.255.255.0
set distance 20
set priority 20
set device port2
next
end
Which of the following statements correctly describes the static routing configuration provided above?
A) The FortiGate evenly shares the traffic to 172.20.168.0/24 through both routes.
B) Only the route that is using port1 will show up in the routing table.
C) The FortiGate sends all the traffic to 172.20.168.0/24 through port1.
D) The FortiGate shares the traffic to 172.20.168.0/24 through both routes, but the port2 route will carry approximately twice as much of the traffic.
5. A customer wants to implement a RADIUS Single Sign On (RSSO) solution for multiple FortiGate devices. The customer's network already includes a RADIUS server that can generate the logon and logoff accounting records. However, the RADIUS server can send those records to only one destination. What should the customer do to overcome this limitation?
A) Send the RADIUS records to an LDAP server and add the LDAP server to the FortiGate configuration .
B) Send the RADIUS records to one of the FortiGate devices, which can replicate them to the other FortiGate units.
C) Use the RADIUS accounting proxy feature available in FortiAuthenticator devices.
D) Send the RADIUS records to an RSSO Collector Agent.
Solutions:
| Question # 1 Answer: D | Question # 2 Answer: D | Question # 3 Answer: A,B | Question # 4 Answer: C | Question # 5 Answer: D |
We're so confident of our products that we provide no hassle product exchange.


By Arlen

