New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet NSE8_812 Exam - Topic 2 Question 31 Discussion

Actual exam question for Fortinet's NSE8_812 exam
Question #: 31
Topic #: 2
[All NSE8_812 Questions]

Refer to the CLI output:

Given the information shown in the output, which two statements are correct? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: B, D, E

Bmust be set to enable mode-cfg, which is required for injecting IKE routes on the ADVPN shortcut tunnels.

Dmust be set to enable add-route, which is the command that actually injects the IKE routes.

Emust be set to enable mode-cfg-allow-client-selector, which allows custom phase 2 selectors to be configured.

The other options are incorrect. Option A is incorrect because net-device disable is not required for injecting IKE routes on the ADVPN shortcut tunnels. Option C is incorrect because IKE version 1 is not supported for ADVPN.

References:

Phase 2 selectors and ADVPN shortcut tunnels | FortiGate / FortiOS 7.2.0

Configuring SD-WAN/ADVPN with FortiGate | FortiGate / FortiOS 7.2.0


by Marcelle at Sep 11, 2024, 04:28 PM

Limited Time Offer

25%

Off

Get Premium NSE8_812 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Teddy
3 months ago
E? Really? I thought blacklisted IPs were permanent.
upvoted 0 times
...
Leonie
3 months ago
D sounds too absolute, not sure if that's always the case.
upvoted 0 times
...
Mammie
3 months ago
C is true, I saw that in the last update.
upvoted 0 times
...
Nickie
4 months ago
A seems off, local techniques should come first, right?
upvoted 0 times
...
Erinn
4 months ago
B is definitely correct, attackers can be blocked early.
upvoted 0 times
...
Lenna
4 months ago
I have a vague memory of option D being mentioned, but I’m not convinced that an IP used by an attacker will always be blocked.
upvoted 0 times
...
William
4 months ago
I practiced a question similar to this, and I feel like option C might be correct since updating IP reputation is crucial for security.
upvoted 0 times
...
Daniel
4 months ago
I'm not entirely sure about option A; I remember something about geographical IP policies, but I can't recall if they come after local techniques.
upvoted 0 times
...
Merlyn
5 months ago
I think option B sounds familiar because we discussed how FortiWeb can block threats before they reach the servers.
upvoted 0 times
...
Justine
5 months ago
Alright, let me take another look at the details in the CLI output. I feel like I'm getting closer to understanding which two options are accurate based on the information provided.
upvoted 0 times
...
Timothy
5 months ago
This is a good opportunity to apply my knowledge of IP reputation and security features. I think I can narrow it down to the two correct statements if I think it through step-by-step.
upvoted 0 times
...
Melissa
5 months ago
I'm a bit confused by the wording of some of these options. I'll need to make sure I fully comprehend what each statement is saying before selecting my answers.
upvoted 0 times
...
Eden
5 months ago
Okay, the key information seems to be about IP reputation and how it's used for blocking attackers. I'll focus on understanding those concepts to determine the right answers.
upvoted 0 times
...
Gertude
5 months ago
Hmm, this looks like a tricky one. I'll need to carefully read through the CLI output and the answer choices to figure out which two statements are correct.
upvoted 0 times
...
Miles
5 months ago
Okay, let's think this through step-by-step. The web filtering rating service and FortiAnalyzer's threat detection services license are both potential culprits. I'll make sure to verify those first.
upvoted 0 times
...
Maryann
5 months ago
I'm leaning towards (3) and (4) as well. Trying to attribute monetary values to the qualitative benefits seems too subjective and difficult. I'll focus on acknowledging them and assessing them in a way that works for the organization.
upvoted 0 times
...
Diane
9 months ago
Wait, so if I get blocked, can I just change my IP and pretend to be a different person? Seems like a loophole to me!
upvoted 0 times
...
Valene
10 months ago
I bet the exam writer was laughing when they came up with option E. 'Restore reputation from a blacklist? What is this, a get-out-of-jail-free card?'
upvoted 0 times
Aja
9 months ago
C) The IP Reputation feature has been manually updated
upvoted 0 times
...
Tanesha
9 months ago
A) Geographical IP policies are enabled and evaluated after local techniques.
upvoted 0 times
...
...
Raylene
10 months ago
C is a tricky one. The output doesn't explicitly say the IP Reputation feature was manually updated, so I'm not sure about that one.
upvoted 0 times
...
Annmarie
10 months ago
E is definitely wrong. You can't restore reputation from blacklisted IP addresses. That would kind of defeat the purpose of the blacklist, wouldn't it?
upvoted 0 times
Ryan
9 months ago
You're right, E is definitely incorrect. Blacklisted IP addresses cannot have their reputation restored.
upvoted 0 times
...
Shawn
9 months ago
I agree, and I believe D is also correct. Once an IP address is marked as used by an attacker, it will always be blocked.
upvoted 0 times
...
Linwood
9 months ago
I think B is correct. Attackers can indeed be blocked before they reach the servers.
upvoted 0 times
...
...
Rosenda
10 months ago
I'm not sure about D. Just because an IP was previously used by an attacker doesn't mean it will always be blocked. That doesn't seem quite right.
upvoted 0 times
Elza
8 months ago
User4: That makes sense. It's important to have some control over which IPs are blocked.
upvoted 0 times
...
Gianna
8 months ago
User3: Maybe the IP Reputation feature allows for some flexibility in blocking.
upvoted 0 times
...
Gilma
9 months ago
User2: Yeah, I agree. It's not guaranteed that an IP used by an attacker will always be blocked.
upvoted 0 times
...
Dominga
9 months ago
User1: I think you're right, D doesn't seem accurate.
upvoted 0 times
...
Maricela
10 months ago
I think the correct statements are B) Attackers can be blocked before they target the servers behind the FortiWeb and C) The IP Reputation feature has been manually updated.
upvoted 0 times
...
Maricela
10 months ago
I agree, just because an IP was used by an attacker doesn't mean it will always be blocked.
upvoted 0 times
...
...
Odette
10 months ago
A and B seem like the correct options here. The output shows that the IP Reputation feature is enabled, and it can block attackers before they target the servers.
upvoted 0 times
...
Lavonda
11 months ago
I'm not sure about statement C, but I think D is also correct because an IP address used by an attacker will always be blocked.
upvoted 0 times
...
Annamaria
11 months ago
I agree with Haydee, attackers can be blocked before they target the servers and the IP Reputation feature has been manually updated.
upvoted 0 times
...
Haydee
11 months ago
I think the correct statements are B and C.
upvoted 0 times
...

Save Cancel