PassLeader just published the NEWEST Fortinet NSE8 exam dumps! And, PassLeader offer two types of the NSE8 dumps — NSE8 VCE dumps and NSE8 PDF dumps, both VCE and PDF contain the NEWEST NSE8 exam questions, they will help you PASSING the Fortinet NSE8 exam easily! Now, get the NEWEST NSE8 dumps in VCE and PDF from PassLeader — http://www.passleader.com/nse8.html (70 Q&As Dumps)
What’s more, part of that PassLeader NSE8 dumps now are free — https://drive.google.com/open?id=0B-ob6L_QjGLpN0wyemxuQTI1UTA
QUESTION 36
A data center for example.com hosts several separate Web applications. Users authenticate with all of them by providing their Active Directory (AD) login credentials. You do not have access to Example, Inc.’s AD server. Your solution must do the following:
– provide single sign-on (SSO) for all protected Web applications
– prevent login brute forcing
– scan FTPS connections to the Web servers for exploits
– scan Webmail for OWASP Top 10 vulnerabilities such as session cookie hijacking, XSS, and SQL injection attacks
Which solution meets these requirements?
A. Apply FortiGate deep inspection to FTPS.
It must forward FTPS, HTTP, and HTTPS to FortiWeb.
Configure FortiWeb to query the AD server, and apply SSO for Web requests.
FortiWeb must forward FTPS directly to the Web servers without inspection, but proxy HTTP/HTTPS and block Web attacks.
B. Deploy FortiDDos to block brute force attacks.
Configure FortiGate to forward only FTPS, HTTP, and HTTPS to FortiWeb.
Configure FortiWeb to query the AD server, and apply SSO for Web requests.
Also configure it to scan FTPS and Web traffic, then forward allowed traffic to the Web servers.
C. Use FortiGate to authenticate and proxy HTTP/HTTPS; to verify credentials, FortiGate queries the AD server.
Also configure FortiGate to scan FTPS before forwarding, and to mitigate SYN floods.
Configure FortiWeb to block Web attacks.
D. Install FSSO Agent on servers.
Configure FortiGate to inspect FTPS.
FortiGate will forward FTPS, HTTP, and HTTPS to FortiWeb.
FortiWeb must block Web attacks, then forward all traffic to the Web servers.
Answer: D
QUESTION 37
A company wants to protect against Denial of Service attacks and has launched a new project. They want to block the attacks that go above a certain threshold and for some others they are just trying to get a baseline of activity for those types of attacks so they are letting the traffic pass through without action. Given the following:
– The interface to the Internet is on WAN1.
– There is no requirement to specify which addresses are being protected or protected from.
– The protection is to extend to all services.
– The tcp_syn_flood attacks are to be recorded and blocked.
– The udp_flood attacks are to be recorded but not blocked.
– The tcp_syn_flood attack’s threshold is to be changed from the default to 1000.
The exhibit shows the current DoS-policy. Which policy will implement the project requirements?
Answer: BD
QUESTION 38
Your security department has requested that you implement the OpenSSL TLS Heartbeat lnformation disclosure signature using an IPS sensor to scan traffic destined to the FortiGate. You must log all packets that attempt to exploit this vulnerability. Referring to the exhibit, which two configurations are required to accomplish this task? (Choose two.)
Answer: B
QUESTION 39
Which command syntax would you use to configure the serial number of a FortiGate as its host name?
Answer: C
QUESTION 40
The output shown on the exhibit from FortiManager is displayed during an import if the device configuration. Which statement describes the correct action taken for these duplicate objects?
A. The import fails because of the duplicate entries detected which exist in the ADOM database.
B. Forti Manager installs these duplicate objects to the managed device from the ADOM database.
C. FortiManager does not import these duplicate entries into the ADOM database because they already exist in the ADOM database.
D. FortiManager creates indexed duplicate entries for these objects in the ADOM database.
Answer: B
Learning the PassLeader NSE8 dumps with VCE and PDF for 100% passing Fortinet certification — http://www.passleader.com/nse8.html (70 Q&As Dumps)
BONUS!!! Download part of PassLeader NSE8 dumps for free — https://drive.google.com/open?id=0B-ob6L_QjGLpN0wyemxuQTI1UTA