Month End Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dumps65

DumpsWrap Logo

Fortinet FCSS_NST_SE-7.6 Dumps

Page: 1 / 7
Total 66 questions
Get FCSS_NST_SE-7.6 Full Access Download FCSS_NST_SE-7.6 PDF

FCSS - Network Security 7.6 Support Engineer Questions and Answers

Question 1

An administrator wants to capture encrypted phase 2 traffic between two FotiGate devices using the built-in sniffer.

If the administrator knows that there Is no NAT device located between both FortiGate devices, which command should the administrator run?

Options:

A.

diagnose sniffer packet any 'udp port 500'

B.

diagnose sniffer packet any 'lp proto 50'

C.

diagnose sniffer packet any 'udp port 4500'

D.

diagnose sniffer packet any 'ah'

Question 2

Refer to the exhibit, which shows the output of get router info ospf neighbor.

as

What can you conclude from the command output?

Options:

A.

The network type connecting the local Fortigate and OSPF neighbor 0.0.0.10 is point-to-point.

B.

All neighbors are in area 0.0.0.0.

C.

The local FortiGate is the BDR.

D.

The local FortiGate is not a DROther.

Question 3

In IKEv2, which exchange establishes the first CHILD_SA?

Options:

A.

IKE_SA_INIT

B.

INFORMATIONAL

C.

CREATE_CHILD_SA

D.

IKE_Auth

Question 4

Refer to the exhibit, which shows a partial web filter profile configuration.

as

The URL is categorized as File Sharing and Storage.

Which action does FortiGate take if a user attempts to access

Options:

A.

FortiGate blocks the connection as an invalid URL.

B.

Based on the URL Filter configuration, FortiGate allows the connection.

C.

FortiGate blocks the connection, based on the FortiGuard category-based filter configuration.

D.

Based on the Web Content filter configuration, access to www.dropbox.com would be exempted.

Question 5

In the SAML negotiation process, which section does the Identity Provider (IdP) provide the SAML attributes utilized in the authentication process to the Service Provider (SP)?

Options:

A.

SP Login dump

B.

Authentication Response

C.

Authentication Request

D.

Assertion dump

Question 6

Refer to the exhibit, which shows a partial output of a real-time LDAP debug.

as

What two conclusions can you draw from the output? (Choose two.)

Options:

A.

The user was found in the LDAP tree, whose root is TAC.ottawa.fortinet.com.

B.

FortiOS performs a bind to the LDAP server using the user's credentials.

C.

FortiOS collects the user group information.

D.

FortiOS is performing the second step (Search Request) in the LDAP authentication process.

Question 7

Refer to the exhibit, which shows the output of a BGP debug command.

as

What can you conclude about the router in this scenario?

Options:

A.

The router 100.64.3.1 needs to update the local AS number in its BGP configuration in order to bring up the 8GP session with the local router.

B.

An inbound route-map on local router is blocking the prefixes from neighbor 100.64.3.1.

C.

All of the neighbors displayed are part of a single BGP configuration on the local router with the neighbor-range set to a value of 4.

D.

The BGP session with peer 10.127.0.75 is up.

Question 8

Refer to the exhibit, which shows the omitted output of a session table entry.

as

Which two statements are true? (Choose two.)

Options:

A.

The traffic has been tagged for VLAN 0000.

B.

NP7 is handling offloading of this session.

C.

The traffic matches Policy ID 1.

D.

The session has been offloaded.

Question 9

Refer to the exhibits.

as

An administrator Is expecting to receive advertised route 8.8.8.8/32 from FGT-A. On FGT-B, they confirm that the route is being advertised and received, however, the route is not being injected into the routing table. What is the most likely cause of this issue?

Options:

A.

A batter route to the 8.8.8.8/32 network exists in the routing table.

B.

FGT-B is configured with a prefix list denying the 8.8.8.8/32 network to be injected into the routing table.

C.

The administrator has misconfigured redistribution of routes on FGT-A.

D.

FGT-8 is configured with a distribution list denying the 8.8.8.8/32 network to be injected into the routing table.

Question 10

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate.

Which action will FortiGate take when using the default settings for SSL certificate inspection?

Options:

A.

FortiGate uses the SNI from the user's web browser.

B.

FortiGate closes the connection because this represents an invalid SSL/TLS configuration.

C.

FortiGate uses the first entry listed in the SAN field in the server certificate.

D.

FortiGate uses the CN information from the Subject field in the server certificate.

Question 11

Refer to the exhibit, which shows the output o! the BGP database.

as

Which two statements are correct? (Choose two.)

Options:

A.

The advertised prefix of 10.20.30.0'24 was configured using the network command.

B.

The first four prefixes are being advertised using a legacy route advertisement.

C.

The advertised prefix of 10.20.30.0'24 is being advertised through the redistribution of another routing protocol.

D.

The output shows all prefixes advertised by all neighbors as well as the local router.

Question 12

Which authentication option can you not configure under config user radius on FortiOS?

Options:

A.

mschap

B.

pap

C.

mschap2

D.

eap

Question 13

Which statement about IKEv2 is true?

Options:

A.

Both IKEv1 and IKEv2 share the feature of asymmetric authentication.

B.

IKEv1 and IKEv2 have enough of the header format in common that both versions can run over the same UDP port.

C.

IKEv1 and IKEv2 use same TCP port but run on different UDP ports.

D.

IKEv1 and IKEv2 share the concept of phase1 and phase2.

Question 14

Refer to the exhibit, which shows the partial output of a real-time OSPF debug.

as

Why are the two FortiGate devices unable to form an adjacency?

Options:

A.

The Hello packet is being sent from an OSPF router with ID 0.0.0.112.

B.

The two FortiGate devices attempting adjacency are in area 0.0.0.0.

C.

One FortiGate device is configured to require authentication, while the other is not.

D.

The passwords on the FortiGate devices do not match.

Question 15

Refer to the exhibit showing a debug output.

as

An administrator deployed FSSO in DC Agent Mode but FSSO is failing on FortiGate. Pinging FortiGate from where the collector agent is deployed is successful.

The administrator then produces the debug output shown in the exhibit.

What could be causing this error message?

Options:

A.

The TCP port 445 is blocked between FortiGate and collector agent.

B.

The collector agent preshared password is mismatched.

C.

The FortiGate cannot resolve the active directory server name.

D.

The FortiGate and the collector agent are using different TCP ports.

Question 16

Which three common FortiGate-to-collector-agent connectivity issues can you identify using the FSSO real-time debug? (Choose three.)

Options:

A.

Log is full on the collector agent.

B.

Inability to reach IP address of the collector agent.

C.

Refused connection. Potential mismatch of TCP port.

D.

Mismatched pre-shared password.

E.

Incompatible collector agent software version.

Question 17

Refer to the exhibit, which contains partial output from an IKE real-time debug.

as

The administrator does not have access to the remote gateway.

Based on the debug output, which configuration change the administrator make to the local gateway to resolve the phase 1 negotiation error?

Options:

A.

In the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.

B.

In the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.

C.

In the phase 1 network configuration, set the IKE version to 2.

D.

In the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.

Question 18

Refer to the exhibit, which shows a truncated output of a real-time LDAP debug.

as

What two conclusions can you draw from the output? (Choose two.)

Options:

A.

The name of the configured LDAP server is Lab.

B.

The user is authenticating using CN=John Smith.

C.

FortiOS is able to locate the user in step 3 (Bind Request) of the LDAP authentication process.

D.

FortiOS is performing the second step (Search Request) in the LDAP authentication process.

Question 19

Which two statements about conserve mode are true? (Choose two.)

Options:

A.

FortiGate enters conserve mode when the system memory reaches the configured extreme threshold.

B.

FortiGate starts taking the configured action for new sessions requiring content inspection when the system memory reaches the configured red threshold.

C.

FortiGate exits conserve mode when the system memory goes below the configured green threshold.

D.

FortiGate starts dropping all new sessions when the system memory reaches the configured red threshold.

Load More FCSS_NST_SE-7.6 Questions
Page: 1 / 7
Total 66 questions
Get FCSS_NST_SE-7.6 Full Access Download FCSS_NST_SE-7.6 PDF