Fortinet NSE8_812 Exam - Topic 3 Question 52 Discussion

Actual exam question for Fortinet's NSE8_812 exam

Question #: 52
Topic #: 3

Refer to the exhibit.

The exhibit shows the topology a customer wants to implement using a flexible authentication scheme. Users connecting from trusted remote locations are authenticated using only their username/password when connecting to the SSLVPN FortiGate in the data center.

When connecting from the Untrusted Clients, users must authenticate using 2-factor authentication.

In this scenario, which RADIUS attribute can be used as a RADIUS policy selector on the FortiAuthenticator to accomplish this goal?

ACalling-Station-Id

BFramed-IP-Address

CTunnel-Client-Auth-Id

DLogin-IP-Host

Show Suggested Answer

Suggested Answer: C

by Shaquana at Nov 25, 2025, 10:37 PM

Limited Time Offer

25%

Off

Get Premium NSE8_812 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Adell

2 days ago

Definitely 2-factor for untrusted clients, no doubt about it!

upvoted 0 times

...

Sharita

7 days ago

Framed-IP-Address could also work, but not my first pick.

upvoted 0 times

...

Tomas

26 days ago

Wait, are we sure about that? Seems too simple.

upvoted 0 times

...

Lenna

1 month ago

Totally agree, it helps identify the connection type!

upvoted 0 times

...

Lavonna

1 month ago

I think Calling-Station-Id is the right choice here.

upvoted 0 times

...

Nathan

1 month ago

Haha, I bet the exam writers are trying to trick us with these options!

upvoted 0 times

...

Rupert

2 months ago

Hmm, this is a tricky one. I'll have to think about it some more.

upvoted 0 times

...

Leslee

2 months ago

I'm not sure, but I think B might be the correct answer.

upvoted 0 times

...

Jacqueline

2 months ago

I vaguely recall that Framed-IP-Address is used for something else, but I can't remember the specifics. I hope I can narrow it down to one of the other options during the exam.

upvoted 0 times

...

Herminia

2 months ago

I’m a bit confused about the options. I thought Login-IP-Host was more about the IP address of the client rather than the authentication method.

upvoted 0 times

...

Emogene

2 months ago

I practiced a similar question where we had to choose RADIUS attributes based on client types. I feel like Tunnel-Client-Auth-Id could be the right choice for differentiating between trusted and untrusted clients.

upvoted 0 times

...

Jessenia

2 months ago

I feel pretty confident about this one. The key is identifying the RADIUS attribute that can distinguish between the trusted and untrusted clients.

upvoted 0 times

...

Roslyn

3 months ago

I'm a bit confused by the 2-factor authentication requirement. I'll need to make sure I understand how that fits into the overall authentication scheme.

upvoted 0 times

...

Sherell

3 months ago

Okay, I've got a strategy. I'll consider each answer option and think about how the RADIUS attribute could be used to differentiate between the trusted and untrusted clients.

upvoted 0 times

...

Alayna

3 months ago

Option C looks good to me.

upvoted 0 times

...

Vincenza

3 months ago

I remember studying RADIUS attributes, but I'm not entirely sure which one applies here. I think Calling-Station-Id might be relevant for identifying the client location.

upvoted 0 times

...

Catalina

4 months ago

Hmm, this seems like a tricky one. I'll need to think through the different RADIUS attributes and how they might be used in this scenario.

upvoted 0 times

...

Della

4 months ago

I think I'll start by carefully reviewing the topology diagram and the question details. That should give me a good understanding of the requirements.

upvoted 0 times

Verlene

3 months ago

I agree, the topology is key to understanding the setup.

upvoted 0 times

...

Jolanda

4 months ago

I’m leaning towards Login-IP-Host for untrusted clients.

upvoted 0 times

...

Brianne

4 months ago

I think Calling-Station-Id makes sense for the policy selector.

upvoted 0 times

...