Fortinet NSE 8 - Written (NSE8_812) - Finra Actual Exam Questions
Last updated on May 02, 2026
A customer with a FortiDDoS 200F protecting their fibre optic internet connection from incoming traffic sees that all the traffic was dropped by the device even though they were not under a DoS attack. The traffic flow was restored after it was rebooted using the GUI. Which two options will prevent this situation in the future? (Choose two)
Change the Adaptive Mode.
Create an HA setup with a second FortiDDoS 200F
Move the internet connection from the SFP interfaces to the LC interfaces
Replace with a FortiDDoS 1500F
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
Refer to The exhibit showing a FortiEDR configuration. Based on the exhibit, which statement is correct?
The presence of a cryptolocker malware at rest on the filesystem will be detected by the Ransomware Prevention security policy.
FortiEDR Collector will not collect OS Metadata.
If a malicious file is executed and attempts to establish a connection it will generate duplicate events.
If an unresolved file rule is triggered, by default the file is logged but not blocked.
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
SD-WAN is configured on a FortiGate. You notice that when one of the internet links has high latency the time to resolve names using DNS from FortiGate is very high. You must ensure that the FortiGate DNS resolution times are as low as possible with the least amount of work. What should you configure?
Configure local out traffic to use the outgoing interface based on SD-WAN rules with a manual defined IP associated to a loopback interface and configure an SD-WAN rule from the loopback to the DNS server.
Configure an SD-WAN rule to the DNS server and use the FortiGate interface IPs in the source address.
Configure two DNS servers and use DNS servers recommended by the two internet providers.
Configure local out traffic to use the outgoing interface based on SD-WAN rules with the interface IP and configure an SD-WAN rule to the DNS server.
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
A FortiGate must be configured to accept VoIP traffic which will include session initiation protocol (SIP) traffic. Which statement about the VoIP configuration options is correct?
Restricting SIP requests is only possible when using the SIP Session Helper.
Rate tracking of SIP requests is only possible when the application layer gateway (ALG) is set to Flow mode.
FortiOS cannot accept SIP traffic if both the SIP Session Helper and the application layer gateway (ALG) are disabled.
By default, VoIP traffic will be processed using the SIP Session Helper.
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
You are deploying a FortiExtender (FEX) on a FortiGate-60F. The FEX will be managed by the FortiGate. You anticipate high utilization. The requirement is to minimize the overhead on the device for WAN traffic. Which action achieves the requirement in this scenario?
Add a switch between the FortiGate and FEX.
Enable CAPWAP connectivity between the FortiGate and the FortiExtender.
Change connectivity between the FortiGate and the FortiExtender to use VLAN Mode
Add a VLAN under the FEX-WAN interface on the FortiGate.
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
Finish Practice?
Are you sure you want to finish? This will end your practice session.