Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Fortinet Exam NSE8_812 Topic 2 Question 31 Discussion

Actual exam question for Fortinet's NSE8_812 exam
Question #: 31
Topic #: 2
[All NSE8_812 Questions]

Refer to the CLI output:

Given the information shown in the output, which two statements are correct? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: B, D, E

Bmust be set to enable mode-cfg, which is required for injecting IKE routes on the ADVPN shortcut tunnels.

Dmust be set to enable add-route, which is the command that actually injects the IKE routes.

Emust be set to enable mode-cfg-allow-client-selector, which allows custom phase 2 selectors to be configured.

The other options are incorrect. Option A is incorrect because net-device disable is not required for injecting IKE routes on the ADVPN shortcut tunnels. Option C is incorrect because IKE version 1 is not supported for ADVPN.

References:

Phase 2 selectors and ADVPN shortcut tunnels | FortiGate / FortiOS 7.2.0

Configuring SD-WAN/ADVPN with FortiGate | FortiGate / FortiOS 7.2.0


by Marcelle at Sep 11, 2024, 04:28 PM

Limited Time Offer

25%

Off

Get Premium NSE8_812 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Diane
1 months ago
Wait, so if I get blocked, can I just change my IP and pretend to be a different person? Seems like a loophole to me!
upvoted 0 times
...
Valene
1 months ago
I bet the exam writer was laughing when they came up with option E. 'Restore reputation from a blacklist? What is this, a get-out-of-jail-free card?'
upvoted 0 times
Aja
15 days ago
C) The IP Reputation feature has been manually updated
upvoted 0 times
...
Tanesha
17 days ago
A) Geographical IP policies are enabled and evaluated after local techniques.
upvoted 0 times
...
...
Raylene
1 months ago
C is a tricky one. The output doesn't explicitly say the IP Reputation feature was manually updated, so I'm not sure about that one.
upvoted 0 times
...
Annmarie
2 months ago
E is definitely wrong. You can't restore reputation from blacklisted IP addresses. That would kind of defeat the purpose of the blacklist, wouldn't it?
upvoted 0 times
Ryan
13 days ago
You're right, E is definitely incorrect. Blacklisted IP addresses cannot have their reputation restored.
upvoted 0 times
...
Shawn
15 days ago
I agree, and I believe D is also correct. Once an IP address is marked as used by an attacker, it will always be blocked.
upvoted 0 times
...
Linwood
17 days ago
I think B is correct. Attackers can indeed be blocked before they reach the servers.
upvoted 0 times
...
...
Rosenda
2 months ago
I'm not sure about D. Just because an IP was previously used by an attacker doesn't mean it will always be blocked. That doesn't seem quite right.
upvoted 0 times
Elza
2 days ago
User4: That makes sense. It's important to have some control over which IPs are blocked.
upvoted 0 times
...
Gianna
5 days ago
User3: Maybe the IP Reputation feature allows for some flexibility in blocking.
upvoted 0 times
...
Gilma
11 days ago
User2: Yeah, I agree. It's not guaranteed that an IP used by an attacker will always be blocked.
upvoted 0 times
...
Dominga
14 days ago
User1: I think you're right, D doesn't seem accurate.
upvoted 0 times
...
Maricela
1 months ago
I think the correct statements are B) Attackers can be blocked before they target the servers behind the FortiWeb and C) The IP Reputation feature has been manually updated.
upvoted 0 times
...
Maricela
1 months ago
I agree, just because an IP was used by an attacker doesn't mean it will always be blocked.
upvoted 0 times
...
...
Odette
2 months ago
A and B seem like the correct options here. The output shows that the IP Reputation feature is enabled, and it can block attackers before they target the servers.
upvoted 0 times
...
Lavonda
2 months ago
I'm not sure about statement C, but I think D is also correct because an IP address used by an attacker will always be blocked.
upvoted 0 times
...
Annamaria
2 months ago
I agree with Haydee, attackers can be blocked before they target the servers and the IP Reputation feature has been manually updated.
upvoted 0 times
...
Haydee
2 months ago
I think the correct statements are B and C.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77