NSE8_811 Topics

The following section outlines the topics assessed in both the Written exam and the practical lab required for the NSE8. The topics below were taken from the NSE 8 Certification Public Handbook, last updated on the 28th of January 2022.
*** This exam is being retired on the 31st of March 2023 **

Written Exam Certification Topics

1. Security architectures

    a) Fortinet cloud security solutions

        i) FortiGate VM models and licensing

        ii) FortiGate VM deployments

        iii) Fortinet on private clouds

        iv) Fortinet on public clouds

    b) Designing resilient solutions

        i) Fortinet solutions advanced high availability features

        ii) Fortinet solutions operation and deployment modes

        iii) FortiGate Cluster protocol

        iv) FortiGate Session Life Support protocol

        v) Session-aware load-balancing clustering

        vi) Load balancing

        vii) Fault tolerance

    c) Designing enhanced Fortinet solutions

        i) Fortinet solutions for specific scenarios

            (1) Secure access networks

            (2) Web application security

            (3) Advanced threat protection

            (4) Cloud security

            (5) Enterprise firewall

    d) Fortinet high-end solutions

        i) FortiGate 3000 Series

        ii) FortiGate 5000 Series

        iii) FortiGate 7000 Series

2. Hardware acceleration

    a) Hardware acceleration overview

        i) Content processors

        ii) Security processors

        iii) Network processors

        iv) FortiGate blades

        v) FortiGate chassis

    b) Traffic in Fortinet products

        i) Traffic offloading

        ii) Life of a packet

        iii) Fortinet communication ports and protocols

3. Networking

    a) Advanced routing

        i) Static routing

        ii) Dynamic routing

        iii) Routing and high availability

        iv) Asymmetric routing

        v) Secure SD-WAN

    b) Advanced NAT

        i) Central NAT

        ii) NAT64

        iii) NAT46

        iv) DNS64

    c) VPN technologies

        i) Advanced IPsec

        ii) Advanced SSL

    d) Network troubleshooting

        i) Debugging tools

        ii) Diagnostic tools

        iii) Routing and VPN troubleshooting

        iv) CLI in Fortinet solutions

4. Authentication

    a) Authentication with Fortinet products

        i) Advanced single sign-on

        ii) RADIUS

        iii) Two-factor authentication

        iv) 802.1x

        v) Certificate-based authentication

        vi) Troubleshooting

5. Content inspection

    a) Inspection modes

        i) SSL/SSH

        ii) Certificate

        iii) Sandbox inspection

    b) FortiOS security profiles

        i) Antivirus

        ii) Intrusion prevention systems (IPS)

        iii) Application control

        iv) Web filtering

        v) DNS filtering

        vi) VoIP inspection

        vii) Session helpers

    c) FortiGuard Services

6. Security operations

    a) Fortinet solutions APIs

        i) Rest API

    b) Handling security events with Fortinet solutions

        i) FortiSIEM

        ii) FortiAnalyzer

        iii) Log analysis

        iv) Event management

    c) Fortinet central management solutions

        i) FortiManager

        ii) FortiCloud

7. Integrated Solutions

    a) Integrate Fortinet solutions for advanced threat protection

    b) FortiLink

    c) Fortinet wireless solutions

    d) Fortinet authentication solutions

    e) Fortinet hybrid solutions (traditional network and cloud)

8. Enhanced Technologies

    a) Fortinet enhanced solutions including:

        i) FortiWeb

        ii) FortiADC

        iii) FortiDDoS

        iv) FortiAuthenticator

        v) FortiMail



Practical Exam Certification Topics

1. FortiOS Administration
    a) VDOMs
    b) Proxies
    c) Resilient networking

2. FortiOS Networking
    a) VPN deployments
    b) IPv6 networking
    c) Advanced routing

3. Authentication
    a) Single sign-on
    b) Authentication methods

4. Content Inspection
    a) Traffic inspection
    b) Traffic control

5. Security Fabric
    a) Fortinet Security Fabric

6. Secure Access
    a) Fortinet secure access solutions

7. Security Operations and Management
    a) FortiManager operation
    b) FortiSiem operation
    c) FortiAnalyzer operation

8. Enhanced Technologies
    a) FortiWeb to secure web applications
    b) Protection against DDoS attacks
    c) FortiMail to secure mailapplications
    d) FortiADC to load balance traffic

Comments

Post a Comment

Popular posts from this blog

NSE8 Lab Study Resources - Narbik CCIE R&S v5.1 Foundations

Image
 Hey All, I have been working on putting together some scenarios for lab practice and I've found myself falling back on some of the study materials I used when preparing for the CCIE EI (yet to obtain, on the list after the NSE8). A legendary trainer in this area is Narbik Kocharians CCIE 12410 who is the president of Micronics Networking and Training - his CCIE prep courses and text books are considered almost required reading for any serious candidate for this certification. His text books work through hands on labs that are focused on specific topics to help cement the theory of the different topics in the exam.  His textbook CCIE Routing and Switching 5.1 Foundations: Bridging the Gap between CCNP and CCIE is well aimed at the skill level required of the NSE8 and fortunately there is actually quite a bit of overlap in its 1100 pages. The chapters within the textbook are: 1. Physical Topology 2. Physical and Logical Topologies 3. Spanning Tree Protocol 4. Point-to-Point Protocol
Read more

Journey to the NSE8 - Change in tactic

 I've previously been studying the Secure Wireless LAN content in order to pass the final exam required for my NSE6 (on the way to the NSE8). Going over the material again at the moment I'm noticing that my study sessions are becoming a bit of a blur and I'm not absorbing the content as well as I should be, and I can see this track of study becoming like quicksand if I don't give myself a break from it. The NSE6 fortunately covers a lot of technologies, including FortiAuthenticator and FortiADC which are both heavily featured on the NSE8 blueprint. So from here Im going to review the training for the FortiADC and have a crack at that exam to finish off my NSE6
Read more

Specifying a domain name suffix for DHCP clients on a FortiGate (FortiOS)

Image
Domain Name Suffix You can specify a domain name suffix in a DHCP address pool on the FortiGate DHCP server . With this suffix assigned, the client only needs to input part of a domain name, and the system adds the domain name suffix for name resolution. For example a client can type in https://fortimanager in their web browser to access your fortimanager instance, instead of the FQDN of https://fortimanager.domain.local In FortiOS (current as of December 2022) this is configured via the CLI.   Configuration config system dhcp server     edit <#>          set domain <domain suffix>   In a full context this would be config system dhcp server     edit 1          set domain "lab.example.com"          set default-gateway 192.168.1.1          set netmask 255.255.255.0          set interface "port1"          config ip-range               edit 1                    set start-ip 192.168.1.100                    set end-ip 192.168.1.200               next         
Read more