Refer to the exhibit.
The exhibit shows a full-mesh topology between FortiGate and FortiSwitch devices. To deploy this configuration, two requirements must be met:
* 20 Gbps full duplex connectivity is available between each FortiGate and the FortiSwitch devices
* The FortiGate HA must be in AP mode
Referring to the exhibit, what are two actions that will fulfill the requirements? (Choose two.)
A. Configure both FortiSwitch devices as peers with ICL over cable E, create one MCLAG on ports connected to cables A and C, and create another MCLAG on ports connected to cables B and D.
B. Configure the master FortiGate with one LAG and FortiLink split interface enabled on ports connected to cables A and C and make sure the same ports are used for cables B and D on the slave.
C. Configure the master FortiGate with one LAG and FortiLink split interface disabled on ports connected to cables A and C and make sure the same ports are used for cables B and D on the slave.
D. Configure both FortiSwitch devices as peers with ISL over cable E, create one MCLAG on ports connected to cables A and C, and create another MCLAG on ports connected to cables B and D.
正解:A,C
質問 2:
Exhibit
An Administrator reports continuous high CPU utilization on a FortiGate device due to the IPS engine. The exhibit shows the global IPS configuration. Which two configuration actions will reduce the CPU usage? (Choose two.)
A. Disable fail open.
B. Change the algorithm to low.
C. Reduce the number of packets logged.
D. Enable intelligent mode.
正解:C,D
質問 3:
You deploy a FortiGate device in a remote office based on the requirements shown below.
-- Due to company's security policy, management IP of your FortiGate is not allowed to access the Internet.
-- Apply Web Filtering, Antivirus, IPS and Application control to the protected subnet.
-- Be managed by a central FortiManager in the head office.
Which action will help to achieve the requirements?
A. Configure the FortiGuard override server and use the IP address of the FortiManager
B. Configure the FortiGuard override server and use the IP address of service, fortiguard net.
C. Configure a default route and make sure that the FortiGate device can pmg to service fortiguard net.
D. Configure FortiGate to use FortiGuard Filtering Port 8888.
正解:A
質問 4:
A company has just rolled out new remote sites and now you need to deploy a single firewall policy to all of these sites to allow Internet access using FortiManager. For this particular firewall policy, the source address object is called LAN, but its value will change according to the site the policy is being installed.
Which statement about creating the object LAN is correct?
A. Create a new object called LAN and use it as a variable on a TCL script.
B. Create a new object called LAN and set meta-fields per remote site.
C. Create a new object called LAN and promote it to the global database.
D. Create a new object called LAN and enable per-device mapping.
正解:D
質問 5:
Refer to the exhibit.
The FortiAP profile used by the FortiGate managed AP is shown in the exhibit.
Which two statements in this scenario are correct? (Choose two.)
A. Interference will be prevented between FortiAP devices using this profile.
B. All FortiAP devices using this profile will have Radio 1 monitor wireless clients.
C. This profile will map specific SSIDs available to the FortiAP devices.
D. All FortiAP devices using this profile will have Radio 1 scan rogue access points.
正解:B,D
解説: (Pass4Test メンバーにのみ表示されます)
Kayama -
NSE8_811試験問題集はいい資料ですので、私はNSE8_811試験問題集を選びました。もちろん、NSE8_811試験に合格しました。