Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam NSE8_812 Topic 2 Question 31 Discussion

Actual exam question for Fortinet's NSE8_812 exam
Question #: 31
Topic #: 2
[All NSE8_812 Questions]

Refer to the CLI output:

Given the information shown in the output, which two statements are correct? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: B, D, E

Bmust be set to enable mode-cfg, which is required for injecting IKE routes on the ADVPN shortcut tunnels.

Dmust be set to enable add-route, which is the command that actually injects the IKE routes.

Emust be set to enable mode-cfg-allow-client-selector, which allows custom phase 2 selectors to be configured.

The other options are incorrect. Option A is incorrect because net-device disable is not required for injecting IKE routes on the ADVPN shortcut tunnels. Option C is incorrect because IKE version 1 is not supported for ADVPN.

References:

Phase 2 selectors and ADVPN shortcut tunnels | FortiGate / FortiOS 7.2.0

Configuring SD-WAN/ADVPN with FortiGate | FortiGate / FortiOS 7.2.0


by Marcelle at Sep 11, 2024, 04:28 PM

Limited Time Offer

25%

Off

Get Premium NSE8_812 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Diane
22 days ago
Wait, so if I get blocked, can I just change my IP and pretend to be a different person? Seems like a loophole to me!
upvoted 0 times
...
Valene
26 days ago
I bet the exam writer was laughing when they came up with option E. 'Restore reputation from a blacklist? What is this, a get-out-of-jail-free card?'
upvoted 0 times
Aja
2 days ago
C) The IP Reputation feature has been manually updated
upvoted 0 times
...
Tanesha
4 days ago
A) Geographical IP policies are enabled and evaluated after local techniques.
upvoted 0 times
...
...
Raylene
29 days ago
C is a tricky one. The output doesn't explicitly say the IP Reputation feature was manually updated, so I'm not sure about that one.
upvoted 0 times
...
Annmarie
1 months ago
E is definitely wrong. You can't restore reputation from blacklisted IP addresses. That would kind of defeat the purpose of the blacklist, wouldn't it?
upvoted 0 times
Shawn
2 days ago
I agree, and I believe D is also correct. Once an IP address is marked as used by an attacker, it will always be blocked.
upvoted 0 times
...
Linwood
4 days ago
I think B is correct. Attackers can indeed be blocked before they reach the servers.
upvoted 0 times
...
...
Rosenda
2 months ago
I'm not sure about D. Just because an IP was previously used by an attacker doesn't mean it will always be blocked. That doesn't seem quite right.
upvoted 0 times
Dominga
1 days ago
User1: I think you're right, D doesn't seem accurate.
upvoted 0 times
...
Maricela
24 days ago
I think the correct statements are B) Attackers can be blocked before they target the servers behind the FortiWeb and C) The IP Reputation feature has been manually updated.
upvoted 0 times
...
Maricela
28 days ago
I agree, just because an IP was used by an attacker doesn't mean it will always be blocked.
upvoted 0 times
...
...
Odette
2 months ago
A and B seem like the correct options here. The output shows that the IP Reputation feature is enabled, and it can block attackers before they target the servers.
upvoted 0 times
...
Lavonda
2 months ago
I'm not sure about statement C, but I think D is also correct because an IP address used by an attacker will always be blocked.
upvoted 0 times
...
Annamaria
2 months ago
I agree with Haydee, attackers can be blocked before they target the servers and the IP Reputation feature has been manually updated.
upvoted 0 times
...
Haydee
2 months ago
I think the correct statements are B and C.
upvoted 0 times
...

Save Cancel