You have deployed a FortiGate In NAT/Route mode as a secure as a web gateway with a few P-base authentication firewall policies. Your customer reports that some users now have different browsing permission =s from what is expected. All these users are browsing using internet Explorer through Desktop Connection to a Terminal Server. When you took at the Fortigate logs the username for the Terminal Server IP is not consistent.
Which action will correct this problem?
A. Make sure Terminal Service is using the correct DNS ever.
B. Change the FSSO polling mode to windows NetAPI
C. Configure FSSO Advanced with LDAP integration
D. Install the TS/Citrix on the terminal server
正解:D
質問 2:
Refer to the exhibit.

You are working on FortiGate 61E operating in flow-based inspection mode with various settings optimized for performance. The main Internet firewall policy is using the "default" antivirus profile. You found that some executable virus samples files downloaded over HTTP are not being blocked by the FortiGate.
Referring to the exhibit, how can this be fixed?
A. Change the set default-db configuration to extreme.
B. Add set content-disarm enable to the configuration.
C. Disable the emulator feature.
D. Change the set scan-mode configuration to full.
正解:D
質問 3:
Click the Exhibit button.

You configured an IPsec tunnel to a branch office. Now you want to make sure that the encryption of the tunnel is offloaded to hardware.
Referring to the exhibit, which statement is true?
A. Traffic is not offloaded.
B. Outgoing traffic is offloaded: incoming traffic not offloaded.
C. Incoming and outgoing traffic is offloaded
D. Outgoing traffic is offloaded, you cannot determine if incoming traffic is offloaded at this time.
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Exhibit
Click the Exhibit button.

A FortiGate is configured for a dial-up IPsec VPN to allow multiple remote FortiGates to connect to it.
However, FortiGates A and B have problems connecting to the VPN. Only one of them can be connected at a time. If site B tries to connect white site A is connected, site A is disconnected. The IKE real time debug shows the output in the exhibit when site A is disconnected.
Which configuration setting should be executed in the dial-up configuration to allow both VPNs to be connected at the same time?
A. set add-router enable
B. set enforce-unique-id disable
C. set router-overlap allow
D. set single-source disable
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
You must create a high Availability deployment with two FortiWebs in Amazon Services (AWS): each on different Availability Zones(AZ) from the same region. At the same time, each FortiWeb should be able to deliver content from the Web server of both of the AZs. Which deployment would will this requirement?
A. Configure the FortiWebs Active-Active Ha mode and use AWS Router 53 load Router balance the internal Web servers.
B. Use AWS Elastic load Balancer (ELB) for both FortiWebs in standdone mode and the internal Web servers in an ELB sandwich.
C. Configure the FortiWebs in Active-Active HA mode and use AWS Elastic load Balancer (ELB) for the internal Web servers.
D. Use AWS Router 53 to load balance FortiWebs in standone mode and use AWS Virtual private Cloud (VPC) peering to load balance the internal Web servers.
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
Mori -
Pass4TestのこのNSE8_811問題集の問題を暗記して試験に受けてみて、試験の内容がほぼ問題集の内容に一致していてびっくりしました。スムーズにかけたし、合格することもできました。