Summer Sale Discount Flat 70% Offer - Ends in 0d 00h 00m 00s - Coupon code: 70diswrap

Fortinet FCSS_NST_SE-7.6 Dumps

Fortinet NSE 6 - Network Security 7.6 Support Engineer Questions and Answers

Question 1

Refer to the exhibit, which shows the output of a BGP debug command.

as

What can you conclude about the router in this scenario?

Options:

A.

The router 100.64.3.1 needs to update the local AS number in its BGP configuration in order to bring up the 8GP session with the local router.

B.

An inbound route-map on local router is blocking the prefixes from neighbor 100.64.3.1.

C.

All of the neighbors displayed are part of a single BGP configuration on the local router with the neighbor-range set to a value of 4.

D.

The BGP session with peer 10.127.0.75 is up.

Question 2

Refer to the exhibit.

as

The partial output of FortiOS kernel slabs is shown. Which statement about total slab size is true?

Options:

A.

The total slab size of the ip_session Tlab is 14080 kB and is associated with the user space.

B.

The total slab size of the tcp_session slab is 7500 kB and is associated with the kernel.

C.

The total slab size of the ip6_session slab is 1472 kB and is associated with the kernel.

D.

The total slab size of the UDPv6 slab is 14080 kB and is associated with the user space.

Question 3

Refer to the exhibit.

as

Which three pieces of information does the diagnose sys top command provide? (Choose three.)

Options:

A.

The miglogd daemon is running on CPU core ID 0.

B.

The diagnose sys top command has been running for 18 minutes.

C.

The miglogd daemon would be on top of the list, if the administrator pressed m on the keyboard.

D.

The cmdbsvr process is occupying 2.4% of the total user memory space.

E.

If the neweli daemon continues to be in the R state, it will need to be manually restarted.

Question 4

Refer to the exhibit, which shows a partial output from the get router info routing-table database command.

as

The administrator wants to configure a default static route for port3 and assign a distance of 50 and a priority of 0.

What will happen to the port1 and port2 default static routes after the port3 default static route is created?

Options:

A.

The port2 default static route will be injected into the forwarding information base (FIB).

B.

The port1 default static route will be injected into the FIB.

C.

Neither of the routes shown in the output will be injected into the FIB.

D.

Both default static routes shown in the output will be injected into the FIB.

Question 5

The local OSPF router is unable to establish adjacency with a peer.

Which two things should the administrator do to troubleshoot the issue? (Choose two.)

Options:

A.

Check if both peers have an IP address within the same subnet.

B.

Check if IP protocol 89 is blocked.

C.

Check if TCP port 179 is blocked.

D.

Check if there is an active static route to the peer.

Question 6

Refer to the exhibit.

The exhibit shows the output from using the command diagnose debug application samld -1 to diagnose a SAML connection.

as

Based on this output, what can you conclude?

Options:

A.

Active Directory is used for authentication.

B.

The authentication request is for an SSL VPN connection.

C.

The IdP IP address is 10.1.10.254.

D.

The IdP IP address is 10.1.10.2.

Question 7

Refer to the exhibit.

as

Which two statements about the output are true, considering NGFW-1 and NGFW-2 have been up for a week? (Choose two.)

Options:

A.

If FGVM...649 is rebooted, FGVM...650 will become the primary FortiGate and retain that role, even after FGVM...649 rejoins the cluster.

B.

If port7 becomes disconnected on the secondary FortiGate, both FortiGate devices will elect themselves as primary.

C.

If a configuration change is made to the secondary FortiGate, the Configuration Status will not change.

D.

If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.

Question 8

When FortiGate enters conserve mode because of memory pressure, which action can FortiGate perform to preserve memory?

Options:

A.

FortiGate automatically reboots to clear memory and restore full operation.

B.

FortiGate switches to a less memory-intensive inspection mode, such as flow-based inspection.

C.

FortiGate reduces or stops non-essential processes like logging and antivirus scanning.

D.

FortiGate begins dropping all new sessions to protect resources.

Question 9

While troubleshooting a FortiGate web filter issue, users report that they cannot access any websites, even though those sites are not explicitly blocked by any web filter profiles that are applied to firewall policies.

as

What are the three most likely reasons for this behavior? (Choose three answers)

Options:

A.

The web filter cache has been cleared causing all websites to take longer to be rated.

B.

The SSL/TLS deep inspection was configured but the browsers do not have the FortiGate certificate installed.

C.

The webfilter-force-off setting has been enabled under config system fortiguard.

D.

The DNS server is unreachable, preventing URL resolution.

E.

The FortiGuard Web Filtering license has expired, causing FortiGate to apply the default block action.

Question 10

Refer to the exhibit.

as

An IPsec VPN tunnel is dropping, as shown by the debug output.

Analyzing the debug output, what could be causing the tunnel to go down?

Options:

A.

Phase 2 drops but Phase 1 is up.

B.

Dead Peer Detection is not receiving its acknowledge packet.

C.

The tunnel drops during rekey negotiation.

D.

The tunnel drops after the timer expires.

Question 11

What are two functions of automation stitches? (Choose two.)

Options:

A.

You can configure automation stitches to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.

B.

You can configure automation stitches to modify packet headers and payloads if specific traffic triggers an anomaly IPS event.

C.

You can configure automation stitches to insert a delay between actions if the automation stitches are set to execute actions in parallel.

D.

You can configure automation stitches to take parameters from previous actions as input for the next action if the automation stitches are set to execute actions in sequence.

Question 12

A VPN tunnel is up. To monitor traffic flow, the administrator enters the following CLI commands on an SSH session on FortiGate:

# diagnose debug enable

# diagnose sniffer packet any ' udp and port 500 ' 4

However, the sniffer does not show any output. Assuming default configuration values, what are two possible reasons there is no output? (Choose two answers)

Options:

A.

The filter should be modified to also capture packets for TCP port 443 or UDP port 4500 .

B.

NAT Traversal is enabled.

C.

The sniffer must be restricted to the remote peer IP address.

D.

The sniffer output will be ignored because running diagnose debug enable shows only application real-time debugs.

Question 13

Refer to the exhibits,

as

which show the configuration on FortiGate and partial session information for internet traffic from a user on the internal network. If the priority on route ID 2 were changed from 10 to 0, what would happen to traffic matching that user session? (Choose one answer)

Options:

A.

The session would be deleted, and the client would need to start a new session.

B.

The session would remain in the session table, but its traffic would now egress from both port1 and port2.

C.

The session would remain in the session table, and its traffic would egress from port2.

D.

The session would remain in the session table, and its traffic would egress from port1.

Question 14

Which authentication option can you not configure under config user radius on FortiOS?

Options:

A.

mschap

B.

pap

C.

mschap2

D.

eap

Question 15

Refer to the exhibit, which shows a partial web filter profile configuration.

as

The URL is categorized as File Sharing and Storage.

Which action does FortiGate take if a user attempts to access

Options:

A.

FortiGate blocks the connection as an invalid URL.

B.

Based on the URL Filter configuration, FortiGate allows the connection.

C.

FortiGate blocks the connection, based on the FortiGuard category-based filter configuration.

D.

Based on the Web Content filter configuration, access to www.dropbox.com would be exempted.

Question 16

Refer to the exhibit, which shows partial outputs from two routing debug commands.

as

Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?

Options:

A.

Set snat-route-change to enable.

B.

Set the priority of the static default route using port2 to 1.

C.

Set preserve-session-route to enable.

D.

Set the priority of the static default route using port1 to 10.

Question 17

During which phase of IKEv2 does the Diffie-Helman key exchange take place?

Options:

A.

IKE_Req_INIT

B.

Create_CHILD_SA

C.

IKE_Auth

D.

IKE_SA_INIT

Question 18

Exhibit.

as

Refer to the exhibit, which contains a screenshot of some phase 1 settings.

The VPN is not up. To diagnose the issue, the administrator enters the following CLI commands on an SSH session on FortiGate:

as

However, the IKE real-time debug does not show any output. Why?

Options:

A.

The administrator must also run the command diagnose debug enable.

B.

The debug shows only error messages. If there is no output, then the phase 1 and phase 2 configurations match.

C.

The log-filter setting is incorrect. The VPN traffic does not match this filter.

D.

Replace diagnose debug application ike -1 with diagnose debug application ipsec -1.

Question 19

Refer to the exhibit.

as

Assuming a default configuration, which three statements are true? (Choose three.)

Options:

A.

Strict RPF is enabled by default.

B.

User B: Fail. There is no route to 95.56.234.24 .

C.

User A: Pass. The default static route through wan1 passes the RPF check regardless of the source IP address.

D.

User B: Pass. FortiGate will use asymmetric routing using wan1 to reply to traffic for 95.56.234.24.

E.

User C: Fail. There is no route to 10.0.4.63 using port1 in the touting table.

Question 20

Refer to the exhibit.

as

If the default settings are m place, what can you conclude about the conserve mode shown in the exhibit?

Options:

A.

FortiGate is currently allowing new sessions that require flow-based content inspection and blocking sessions that require proxy-based content inspection

B.

FortiGate is currently allowing new sessions and will continue to allow sessions if memory increases another 6%.

C.

FortiGate is currently allowing now sessions that require flow-based or proxy-based content inspection, but is not performing inspection on those sessions.

D.

FortiGate is currently blocking all new sessions regardless of the content inspection requirements or configuration settings because of high memory use.

Question 21

Refer to the exhibit.

as

A partial output from an IKE real-time debug is shown

The administrator does not have access to (he remote gateway

Based on the debug output, which two conclusions can you draw? (Choose two.)

Options:

A.

The remote peer is the initiating peer.

B.

This is a phase1 negotiation.

C.

There is a Diffie-Hellman group mismatch.

D.

This is a phase2 negotiation

Question 22

Refer to the exhibit, which shows one way communication of the downstream FortiGate with the upstream FortiGate within a Security Fabric.

as

What three actions must you take to ensure successful communication? (Choose three.)

Options:

A.

You must authorize the downstream FortiGate on the root FortiGate.

B.

FortiGate must not be in NAT mode.

C.

Ensure TCP port 8013 is not blocked along the way.

D.

You must enable Security Fabric/Fortitelemetry on the receiving interface of the upstream FortiGate.

E.

Ensure the port for Neighbor Discovery has been changed.

Question 23

as

Which two observations can you make from the output? (Choose two.)

Options:

A.

The configuration was backed up

B.

A high availability (HA) failover occurred.

C.

The lest was unsuccessful.

D.

The automation stitch test is not being logged.

Question 24

What are two reasons you might see iprope_in check () check failed, drop when using the debug How? (Choose two.)

Options:

A.

The packet was dropped because it is not allowed by any firewall policy.

B.

The packet was dropped because there is no route to the source.

C.

The packet was dropped because the trusted host list is misconfigured

D.

The packet was dropped because the requested service is not enabled on FortiGate

Question 25

Refer to the exhibit.

as

Which route will traffic take to get to the 100.65.0.0/24 network considering the routes are all configured with the same distance?

Options:

A.

The BGP route

B.

The policy route

C.

The static route

D.

The OS PF route

Question 26

What is the diagnose test application ipsmonitor 5 command used for? (Choose one answer)

Options:

A.

To disable the IPS engine

B.

To provide information regarding IPS sessions

C.

To restart all IPS engines and monitors

D.

To enable IPS bypass mode

Question 27

Exhibit.

as

Refer to the exhibit, which shows the output of diagnose automation test.

What can you observe from the output? (Choose two.)

Options:

A.

The automation stitch test is not being logged.

B.

The automation stitch test failed but the HA failover was successful.

C.

An HA failover occurred.

D.

The test was unsuccessful.

Question 28

Refer to the exhibit.

as

The output of diagnose sys session list command is shown.

If the HA ID for the primary device is 9, what happens if the primary fails and the secondary becomes the primary?

Options:

A.

The session is synchronized with the secondary device, however, because application control is applied. the session is marked dirty and has to be reevaluated after failover.

B.

The session will be removed from the session table of the secondary device because the TCP session is not yet fully established.

C.

The session continues to permit traffic on the new primary device after failover. without requiring the client to restart the session with the server.

D.

The session state is preserved but the kernel will re-evaluate the session because the routing information will be flushed

Question 29

Which two statements about application-layer test commands are true? (Choose two answers)

Options:

A.

Some of them display statistics and configuration information about a feature or process.

B.

Some of them display real-time application debugs.

C.

Some of them display output only after you run the diagnose debug console enable command.

D.

Some of them can be used to restart an application.

Question 30

Refer to the exhibit, which shows the output of get router info bgp summary.

as

Which two statements are true? (Choose two.)

Options:

A.

The local ForliGate has received one prefix from BGP neighbor 100.64.1.254.

B.

The TCP connection with BGP neighbor 100.64.2.254 was successful.

C.

The local FortiGate has received 18 packets from a BGP neighbor.

D.

The local FortiGate is still calculating the prefixes received from BGP neighbor 100.64.2.264

Question 31

What are two reasons you might see iprope_in_check() check failed, drop when using the debug flow? (Choose two.)

Options:

A.

Packet was dropped because of policy route misconfiguration.

B.

Packet was dropped because of traffic shaping.

C.

Trusted host list misconfiguration.

D.

VIP or IP pool misconfiguration.

Question 32

What is the correct order of the IKEv2 request-and-response protocol?

Options:

A.

Create_Child_SA, IKEAUTH, IKESAJNIT

B.

Create_Child_SA, IKE_SA_INIT. IKE_AUTH

C.

IKE SA INIT, IKE AUTH. Create Child SA OIKE AUTH.

D.

IKE_AUTH_IKE_SA_INIT, Create_Child_SA

Question 33

Which two statements about Security Fabric communications are true? (Choose two.)

Options:

A.

By default, the downstream FortiGate establishes a connection with the upstream FortiGate using TCP port 8013.

B.

FortiTelemetry must be manually enabled on the FortiGate interface.

C.

The default ports for FortiTelemetry and Neighbor Discovery can be modified.

D.

Security Fabric communication is enabled by default among all Fortinet devices.

Question 34

Exhibit.

as

Refer to the exhibit, which contains partial output from an IKE real-time debug.

Which two statements about this debug output are correct? (Choose two.)

Options:

A.

Perfect Forward Secrecy (PFS) is enabled in the configuration.

B.

The local gateway IP address is 10.0.0.1.

C.

It shows a phase 2 negotiation.

D.

The initiator provided remote as its IPsec peer ID.

Question 35

Which two statements about an auxiliary session ate true? (Choose two.)

Options:

A.

With the auxiliary session selling disabled, only auxiliary sessions are offloaded.

B.

With the auxiliary session setting enabled. ECMP traffic is accelerated to the NP6 processor.

C.

With the auxiliary session setting enabled. Iwo sessions are created in case of routing change.

D.

With the auxiliary session setting disabled, for each traffic path. FortiGate uses the same auxiliary session.

Question 36

Refer to the exhibit.

as

The output of the command diagnose vpn tunnel list is shown.

Reviewing the debug command, what is the current status of the traffic flowing through the tunnel?

Options:

A.

The outbound IPsec SA was copied to the NPU.

B.

NP6 is handling the offloading.

C.

The inbound and outbound IPsec SAs were copied to the NPU.

D.

The inbound IPsec SA was copied to the NPU.

Question 37

Refer to the exhibit.

as

An IPsec VPN tunnel using IKEv2 was brought up successfully, but when the tunnel rekey takes place the tunnel goes down.

The debug command for IKE was enabled and, in the exhibit, you can review the partial output of the debug IKE while attempting to bring the tunnel up.

What is causing. The tunnel to be down?

Options:

A.

A Diffie-Hellman mismatch

B.

Blocked traffic on UDP port 500

C.

A mismatch m the Phase 1 negotiations

D.

A mismatch in the Phase 2 negotiations

Question 38

Refer to the exhibit, which shows the partial output of a real-time OSPF debug.

as

Why are the two FortiGate devices unable to form an adjacency?

Options:

A.

The Hello packet is being sent from an OSPF router with ID 0.0.0.112.

B.

The two FortiGate devices attempting adjacency are in area 0.0.0.0.

C.

One FortiGate device is configured to require authentication, while the other is not.

D.

The passwords on the FortiGate devices do not match.

Question 39

Refer to the exhibit.

as

Partial output of the fssod daemon real-time debug command is shown. Which two conclusions can you draw from the output? (Choose two answers)

Options:

A.

FSSO cannot verify if the user is still logged in.

B.

Fortinet Single Sign-On (FSSO) is using DC Agent mode to detect logon events.

C.

FortiGate is frequently polling the workstation in case the user has logged out.

D.

FSSO is using agentless polling mode to detect logon events.

E.

FortiGate polled this event through TCP port 8000.

Question 40

What are two functions of automation stitches? (Choose two.)

Options:

A.

You can configure automation stitches on any FortiGate device in a Security Fabric environment.

B.

You can configure automation stitches to execute actions sequentially by taking parameters from previous actions as input for the current action.

C.

You can set an automation stitch configured to execute actions in parallel to insert a specific delay between actions.

D.

You can create automation stitches to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.

Page: 1 / 13
Total 134 questions