Question 1

On a FortiGateConfigured in Transparent mode, which configuration option allows you to control Multicast

traffic passing through the?

Options :

A :

B :

C :

D :

Answer: C

Question 2

A customer's cybersecurity department needs to implement security for the traffic between two VPCs in AWS,

but these belong to different departments within the company. The company uses a single region for all their

VPCs.

Which two actions will achieve this requirement while keeping separate management of each department's

VPC? (Choose two.)

Options :

A : Create a transit VPC with a FortiGate HA cluster, connect to the other two using VPC peering, and use routing tables to force traffic through the FortiGate cluster.

B : Create an 1AM account for the cybersecurity department to manage both existing VPC, create a FortiGate HA Cluster on each VPC and IPSEC VPN to force traffic between the VPCs through the FortiGate clusters

C : Migrate all the instances to the same VPC and create 1AM accounts for each department, then implement a new subnet for a FortiGate auto-scaling group and use routing tables to force the traffic through the FortiGate cluster.

D : Create a VPC with a FortiGate auto-scaling group with a Transit Gateway attached to the three VPC to force routing through the FortiGate cluster

Answer: A,D

Question 3

Refer to the exhibit.

A customer wants FortiClient EMS configured to deploy to 1500 endpoints. The deployment will be integrated

with FortiOS and there is an Active Directory server.

Given the configuration shown in the exhibit, which two statements about the installation are correct? (Choose

two.)

Options :

A : If no client update time is specified on EMS, the user will be able to choose the time of installation if they wish to delay.

B : A client can be eligible for multiple enabled configurations on the EMS server, and one will be chosen based on first priority

C : You can only deploy initial installations to Windows clients.

D : You must use Standard or Enterprise SQL Server rather than the included SQL Server Express

E : The Windows clients only require "File and Printer Sharing0 allowed and the rest is handled by Active Directory group policy

Answer: B,C

Question 4

Refer to the exhibit, which shows diagnostic output.

A customer reports that ICMP traffic flow from 192.168.1.11 to 93.190.134.171 is not corresponding to the SD-WAN setup. What is the problem in this scenario?

Options :

A : SD-WAN Rule is matching only DNS traffic.

B : Port1 is used because it has more available bandwidth.

C : Traffic is matched by policy route.

D : Route for the destination IP is missing in the routing table.

Answer: C

Question 5

Refer to the exhibit showing an SD-WAN configuration.

According to the exhibit, if an internal user pings 10.1.100.2 and 10.1.100.22 from subnet 172.16.205.0/24, which outgoing interfaces will be used?

Options :

A :

port16 and port1

B : port1 and port1

C : port16 and port15

D : port1 and port15

Answer: A

Confidently Practice Online with Free NSE8_812 Exam Cram

Buying Options: