Weekend Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dumps65

DumpsWrap Logo

Fortinet FCSS_NST_SE-7.4 Dumps

Page: 1 / 7
Total 66 questions
Get FCSS_NST_SE-7.4 Full Access Download FCSS_NST_SE-7.4 PDF

FCSS - Network Security 7.4 Support Engineer Questions and Answers

Question 1

Exhibit.

as

Refer to the exhibit, which contains a screenshot of some phase 1 settings.

The VPN is not up. To diagnose the issue, the administrator enters the following CLI commands on an SSH session on FortiGate:

as

However, the IKE real-time debug does not show any output. Why?

Options:

A.

The administrator must also run the command diagnose debug enable.

B.

The debug shows only error messages. If there is no output, then the phase 1 and phase 2 configurations match.

C.

The log-filter setting is incorrect. The VPN traffic does not match this filter.

D.

Replace diagnose debug application ike -1 with diagnose debug application ipsec -1.

Question 2

Which three common FortiGate-to-collector-agent connectivity issues can you identify using the FSSO real-time debug? (Choose three.)

Options:

A.

Log is full on the collector agent.

B.

Inability to reach IP address of the collector agent.

C.

Refused connection. Potential mismatch of TCP port.

D.

Mismatched pre-shared password.

E.

Incompatible collector agent software version.

Question 3

In which two slates is a given session categorized as ephemeral? (Choose two.)

Options:

A.

A UDP session with only one packet received

B.

A UOP session with packets sent and received

C.

A TCP session waiting for the SYN ACK

D.

A TCP session waiting for FIN ACK

Question 4

Refer to the exhibit, which shows a session entry.

as

Which statement about this session is true?

Options:

A.

Return traffic to the initiator is sent to 10.1.0.1.

B.

Return traffic to the initiator is sent lo 10.200.1.254.

C.

It is an ICMP session from 10.1.10.10 to 10.200.1.1.

D.

It is an ICMP session from 10.1.10.1 to 10.200.5.1.

Question 5

Which two statements about conserve mode are true? (Choose two.)

Options:

A.

FortiGate enters conserve mode when the system memory reaches the configured extreme threshold.

B.

FortiGate starts taking the configured action for new sessions requiring content inspection when the system memory reaches the configured red threshold.

C.

FortiGate exits conserve mode when the system memory goes below the configured green threshold.

D.

FortiGate starts dropping all new sessions when the system memory reaches the configured red threshold.

Question 6

Refer to the exhibit, which shows the output of the command get router info bgp neighbors 100.64.2.254 advertised-routes.

as

What can you conclude from the output?

Options:

A.

The BGP state of the two BGP participants is OpenConfirm.

B.

The router ID of the neighbor is 100.64.2.254.

C.

The BGP neighbor is advertising the 10.20.30.40/24 network to the local router.

D.

The local router is advertising the 10.20.30.40/24 network to its BGP neighbor.

Question 7

Exhibit 1.

as

Exhibit 2.

as

Refer to the exhibits, which show the configuration on FortiGate and partial internet session information from a user on the internal network.

An administrator would like to lest session failover between the two service provider connections.

Which two changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two.)

Options:

A.

Change the priority of the port! static route to 11.

B.

Change the priority of the port2 static route to 5.

C.

Configure unset snat-route-change to return it to the default setting.

D.

Configure set snat-route-change enable.

Question 8

Refer to the exhibits.

as

An administrator is attempting to advertise the network configured on port3. However, FGT-A is not receiving the prefix.

Which two actions can the administrator take to fix this problem? (Choose two.)

Options:

A.

Modify the prefix using the network command from 172.16.0.0/16 to 172.16.54.0/24.

B.

Manually add the BGP route on FGT-A.

C.

Restart BGP using a soft reset to force both peers to exchange their complete BGP routing tables.

D.

Use the set network-import-check disable command.

Question 9

Exhibit.

as

Refer to the exhibit, which shows the output of a session. Which two statements are true? (Choose Iwo.)

Options:

A.

The TCP session has been successfully established.

B.

The session was initiated from an authenticated user.

C.

The session is being inspected using flow inspection.

D.

The session is being offloaded.

Question 10

Refer to the exhibit.

as

An IPsec VPN tunnel is dropping, as shown by the debug output.

Analyzing the debug output, what could be causing the tunnel to go down?

Options:

A.

Phase 2 drops but Phase 1 is up.

B.

Dead Peer Detection is not receiving its acknowledge packet.

C.

The tunnel drops during rekey negotiation.

D.

The tunnel drops after the timer expires.

Question 11

Refer to the exhibit, which shows the port1 interface configuration on FortiGate and partial session information for ICMP traffic.

as

What happens to the session information if a routing change occurs that affects this session?

Options:

A.

Only the interface and gateway information for dev=7 will be removed.

B.

The session information will not change unless the current route has been removed from the routing table.

C.

The session will be flagged as dirty but no route lookups will be performed.

D.

Sessions involving port7 or port19 will not have their routing information flushed.

Question 12

Refer to the exhibit, which shows the partial output of a real-time OSPF debug.

as

Why are the two FortiGate devices unable to form an adjacency?

Options:

A.

The Hello packet is being sent from an OSPF router with ID 0.0.0.112.

B.

The two FortiGate devices attempting adjacency are in area 0.0.0.0.

C.

One FortiGate device is configured to require authentication, while the other is not.

D.

The passwords on the FortiGate devices do not match.

Question 13

Refer to the exhibit, which shows the output of get router info ospf neighbor.

as

What can you conclude from the command output?

Options:

A.

The network type connecting the local Fortigate and OSPF neighbor 0.0.0.10 is point-to-point.

B.

All neighbors are in area 0.0.0.0.

C.

The local FortiGate is the BDR.

D.

The local FortiGate is not a DROther.

Question 14

The local OSPF router is unable to establish adjacency with a peer.

Which two things should the administrator do to troubleshoot the issue? (Choose two.)

Options:

A.

Check whether TCP port 179 is blocked.

B.

Check if there is an active static route to the peer.

C.

Check whether both peers have an IP address within the same subnet.

D.

Check if IP protocol 89 is blocked.

Question 15

Refer to the exhibit, which shows the modified output of the routing kernel.

as

Which statement is true?

Options:

A.

The egress interface associated with static route 8.8.8.8/32 is administratively up.

B.

The default static route through 10.200.1.254 is not in the forwarding information base.

C.

The default static route through port2 is in the forwarding information base.

D.

The BGP route to 10.0.4.0/24 is not in the forwarding information base.

Question 16

Refer to the exhibit showing a debug output.

as

An administrator deployed FSSO in DC Agent Mode but FSSO is failing on FortiGate. Pinging FortiGate from where the collector agent is deployed is successful.

The administrator then produces the debug output shown in the exhibit.

What could be causing this error message?

Options:

A.

The TCP port 445 is blocked between FortiGate and collector agent.

B.

The collector agent preshared password is mismatched.

C.

The FortiGate cannot resolve the active directory server name.

D.

The FortiGate and the collector agent are using different TCP ports.

Question 17

Refer to the exhibit, which shows the omitted output of a session table entry.

as

Which two statements are true? (Choose two.)

Options:

A.

The traffic has been tagged for VLAN 0000.

B.

NP7 is handling offloading of this session.

C.

The traffic matches Policy ID 1.

D.

The session has been offloaded.

Question 18

Refer to the exhibit, which contains the output of diagnose vpn tunnel list.

as

Which command will capture ESP traffic for the VPN named DialUp_0?

Options:

A.

diagnose sniffer packet any 'ip proto 50'

B.

diagnose sniffer packet any 'host 10.0.10.10'

C.

diagnose sniffer packet any 'esp and host 10.200.3.2'

D.

diagnose sniffer packet any 'port 4500'

Question 19

Refer to the exhibit, which shows the partial output of FortiOS kernel slabs.

as

Which statement is true?

Options:

A.

The total slab size of the sctp_session slab is 0 kB and is associated with the user space.

B.

The total slab size of the ip_session slab is 3600 kB and is associated with the user space.

C.

The total slab size of the ip6_session slab is 1300 kB and is associated with the kernel.

D.

The total slab size of the tcp_session slab is 7500 kB and is associated with the kernel.

Load More FCSS_NST_SE-7.4 Questions
Page: 1 / 7
Total 66 questions
Get FCSS_NST_SE-7.4 Full Access Download FCSS_NST_SE-7.4 PDF