Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Fortinet > Fortinet Certified Solution Specialist > FCSS_NST_SE-7.6

FCSS_NST_SE-7.6 Fortinet NSE 6 - Network Security 7.6 Support Engineer Question and Answers

Question # 4

Refer to the exhibit, which shows a truncated output of a real-time RADIUS debug.

Which two statements are true? (Choose two answers)

A.

The RADIUS server queried for authentication is located at IP address 172.25.188.164.

B.

Authentication was unsuccessful.

C.

The authentication scheme used was pop3.

D.

Authentication was successful.

E.

Two-factor authentication was required.

Full Access
Question # 5

Refer to the exhibit, which shows the output of get router info bgp summary.

Which two statements are true? (Choose two.)

A.

The local ForliGate has received one prefix from BGP neighbor 100.64.1.254.

B.

The TCP connection with BGP neighbor 100.64.2.254 was successful.

C.

The local FortiGate has received 18 packets from a BGP neighbor.

D.

The local FortiGate is still calculating the prefixes received from BGP neighbor 100.64.2.264

Full Access
Question # 6

Refer to the exhibit, which shows the port1 interface configuration on FortiGate and partial session information for ICMP traffic.

What happens to the session information if a routing change occurs that affects this session?

A.

Only the interface and gateway information for dev=7 will be removed.

B.

The session information will not change unless the current route has been removed from the routing table.

C.

The session will be flagged as dirty but no route lookups will be performed.

D.

Sessions involving port7 or port19 will not have their routing information flushed.

Full Access
Question # 7

Refer to the exhibit.

The output from a collector agent log is shown. The collector agent is showing the status of a workstation as Not Verified . What are two common causes for this message? (Choose two.)

A.

The workstation has come out of hibernate mode.

B.

The workstation remote registry service is not running.

C.

Traffic to ports 139 and 445 is blocked.

D.

DNS cannot resolve the workstation name.

Full Access
Question # 8

Refer to the exhibit, which a network topology and a partial routing table.

FortiGate has already been configured with a firewall policy that allows all ICMP traffic to flow from port1 to port3.

Which changes must the administrator perform to ensure the server at 10.4.0.1/24 receives the echo reply from the laptop at 10.1.0.1/24?

A.

Enable asymmetric routing under config system settings.

B.

Change the configuration from strict RPF check mode to feasible RPF check mode.

C.

A firewall policy that allows all ICMP traffic from port3 to port1.

D.

Modify the default gateway on the laptop from 10.1.0.2 to 10.2.0.2.

Full Access
Question # 9

Refer to the exhibit.

The output of a BGO debug command is shown.

What is the most likely reason that the local FortiGate is not receiving any prefixes from its neighbors?

A.

The local router is waiting for the keepalive message from the router 10.125.0.60.

B.

None of the three neighbors has successfully established the TCP three-way handshake with the local router.

C.

The router 100.64.3.1 is waiting for the OPEN message from the local router.

D.

The RIB-OUT configuration for router 10.127.0.75 prevents any route advertisement to the local router.

Full Access
Question # 10

Which Iwo troubleshooting steps should you perform lf you encounter issues with intermittent web filter behavior? (Choose two.)

A.

Check that the inspection mode configured for the web filter profile matches that of the firewall policy where it is applied.

B.

Check that FortiGate is not entering conserve mode.

C.

Check that the correct port is mapped to HTTP in the Protocol Options

D.

Check that the communication between FortiGate and FortiGuard is stable

Full Access
Question # 11

Refer to the exhibit.

Which two observations can you make about the web filter traffic captured using the flow tool? (Choose two.)

A.

The session is offloaded to the NPU.

B.

The firewall policy is configured with proxy-based inspection mode.

C.

The web filter profile is configured with proxy-based inspection mode.

D.

The HTTPS port is mapped to 443 in the SSL/SSH Inspection Profile

Full Access
Question # 12

Refer to the exhibit, which shows the output of a BGP debug command.

What can you conclude about the router in this scenario?

A.

The router 100.64.3.1 needs to update the local AS number in its BGP configuration in order to bring up the 8GP session with the local router.

B.

An inbound route-map on local router is blocking the prefixes from neighbor 100.64.3.1.

C.

All of the neighbors displayed are part of a single BGP configuration on the local router with the neighbor-range set to a value of 4.

D.

The BGP session with peer 10.127.0.75 is up.

Full Access
Question # 13

Refer to the exhibit.

Which three pieces of information does the diagnose sys top command provide? (Choose three.)

A.

The miglogd daemon is running on CPU core ID 0.

B.

The diagnose sys top command has been running for 18 minutes.

C.

The miglogd daemon would be on top of the list, if the administrator pressed m on the keyboard.

D.

The cmdbsvr process is occupying 2.4% of the total user memory space.

E.

If the neweli daemon continues to be in the R state, it will need to be manually restarted.

Full Access
Question # 14

Refer to the exhibit.

Assuming a default configuration, which three statements are true? (Choose three.)

A.

Strict RPF is enabled by default.

B.

User B: Fail. There is no route to 95.56.234.24 .

C.

User A: Pass. The default static route through wan1 passes the RPF check regardless of the source IP address.

D.

User B: Pass. FortiGate will use asymmetric routing using wan1 to reply to traffic for 95.56.234.24.

E.

User C: Fail. There is no route to 10.0.4.63 using port1 in the touting table.

Full Access
Question # 15

Refer to the exhibit.

The partial output of a session table entry is shown.

Which two statements about the output shown in the exhibit are correct? (Choose two.)

A.

NP7 is handling offloading of this session.

B.

The traffic matches Policy ID 1.

C.

The session has been offloaded.

D.

The traffic is tagged for a VLAN interface.

Full Access
Question # 16

Refer to the exhibit, which shows the partial output of command diagnose debug rating.

In this exhibit, which FDS server will the FortiGate algorithm choose?

A.

66.117.56.37

B.

208.91.112.194

C.

209.22.147.36

D.

64.26.151.37

Full Access
Question # 17

Refer to the exhibit, which shows a truncated output of a real-time LDAP debug.

What two conclusions can you draw from the output? (Choose two.)

A.

The name of the configured LDAP server is Lab.

B.

The user is authenticating using CN=John Smith.

C.

FortiOS is able to locate the user in step 3 (Bind Request) of the LDAP authentication process.

D.

FortiOS is performing the second step (Search Request) in the LDAP authentication process.

Full Access
Question # 18

Refer to the exhibit, which shows the output of get router info ospf neighbor.

What can you conclude from the command output?

A.

The network type connecting the local Fortigate and OSPF neighbor 0.0.0.10 is point-to-point.

B.

All neighbors are in area 0.0.0.0.

C.

The local FortiGate is the BDR.

D.

The local FortiGate is not a DROther.

Full Access
Question # 19

Which authentication option can you not configure under config user radius on FortiOS?

A.

mschap

B.

pap

C.

mschap2

D.

eap

Full Access
Question # 20

During the SAML negotiation process, in which section does the Identity Provider (IdP) provide the SAML attributes used in the authentication process to the Service Provider (SP)?

A.

Bindings HTTP post

B.

Assertion dump

C.

Authentication request

D.

Authentication response

Full Access
Question # 21

What can cause an IKEv2 tunnel to go down after it was initially brought up successfully?

A.

A mismatched proposal was detected during the IKE_AUTH exchange.

B.

A mismatched Diffie-Hellman group was detected during the IKE_SA_INIT exchange.

C.

A mismatched pre-shared key was detected during the IKE_AUTH exchange.

D.

Mismatched quick-mode selectors were detected during the CREATE_CHILD_SA exchange.

Full Access
Question # 22

Which statement about parallel path processing is correct (PPP)?

A.

PPP chooses from a group of parallel options lo identity the optimal path tor processing a packet.

B.

Only FortiGate hardware configurations affect the path that a packet takes.

C.

PPP does not apply to packets that are part of an already established session.

D.

Software configuration has no impact on PPP.

Full Access
Question # 23

Refer to the exhibits.

An administrator Is expecting to receive advertised route 8.8.8.8/32 from FGT-A. On FGT-B, they confirm that the route is being advertised and received, however, the route is not being injected into the routing table. What is the most likely cause of this issue?

A.

A batter route to the 8.8.8.8/32 network exists in the routing table.

B.

FGT-B is configured with a prefix list denying the 8.8.8.8/32 network to be injected into the routing table.

C.

The administrator has misconfigured redistribution of routes on FGT-A.

D.

FGT-B is configured with a distribution list denying the 8.8.8.8/32 network to be injected into the routing table.

Full Access
Question # 24

Refer to the exhibit, which shows the output of a diagnose command. What can you conclude from the RTT value?

A.

Its value represents the time it takes to receive a response after a rating request is sent to a particular server.

B.

Its value is incremented with each packet lost.

C.

It determines which FortiGuard server is used for license validation.

D.

Its initial value is statically set to 10.

Full Access
Question # 25

What are two reasons you might see iprope_in check () check failed, drop when using the debug How? (Choose two.)

A.

The packet was dropped because it is not allowed by any firewall policy.

B.

The packet was dropped because there is no route to the source.

C.

The packet was dropped because the trusted host list is misconfigured

D.

The packet was dropped because the requested service is not enabled on FortiGate

Full Access
Question # 26

The output of a policy route table entry is shown.

Which type of policy route does the output show?

A.

A regular policy route, which is not associated with an active static route in the FIB

B.

An ISDB route

C.

An SD-WAN rule

D.

A regular policy route, which is associated with an active static route in the FIB

Full Access
Question # 27

Which exchange lakes care of DoS protection in IKEv2?

A.

Create_CHILD_SA

B.

IKE_Auth

C.

IKE_Req_INIT

D.

IKE_SA_NIT

Full Access
Question # 28

Refer to the exhibit.

A partial output of diagnose npu up6 port-list on FortiGate 2000E is shown.

An administrator is unable to analyze traffic flowing between port1 and port17 using the diagnose sniffer command.

Which two commands allow the administrator to view the traffic? (Choose two.)

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 29

What is the diagnose test application ipsmonitor 5 command used for? (Choose one answer)

A.

To disable the IPS engine

B.

To provide information regarding IPS sessions

C.

To restart all IPS engines and monitors

D.

To enable IPS bypass mode

Full Access
Question # 30

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Why is the port2 default route not in the second command output?

A.

The port2 interface is disabled in the FortiGate configuration.

B.

The port1 default route has a higher priority value than the default route using port2.

C.

The port1 default route has a lower priority value than the default route using port2.

D.

The port1 default route has a lower distance than the default route using port2.

Full Access
Question # 31

Refer to the exhibit, which shows one way communication of the downstream FortiGate with the upstream FortiGate within a Security Fabric.

What three actions must you take to ensure successful communication? (Choose three.)

A.

You must authorize the downstream FortiGate on the root FortiGate.

B.

FortiGate must not be in NAT mode.

C.

Ensure TCP port 8013 is not blocked along the way.

D.

You must enable Security Fabric/Fortitelemetry on the receiving interface of the upstream FortiGate.

E.

Ensure the port for Neighbor Discovery has been changed.

Full Access
Question # 32

Refer to the exhibit.

An IPsec VPN tunnel is dropping, as shown by the debug output.

Analyzing the debug output, what could be causing the tunnel to go down?

A.

Phase 2 drops but Phase 1 is up.

B.

Dead Peer Detection is not receiving its acknowledge packet.

C.

The tunnel drops during rekey negotiation.

D.

The tunnel drops after the timer expires.

Full Access
Question # 33

What are two reasons you might see iprope_in_check() check failed, drop when using the debug flow? (Choose two.)

A.

Packet was dropped because of policy route misconfiguration.

B.

Packet was dropped because of traffic shaping.

C.

Trusted host list misconfiguration.

D.

VIP or IP pool misconfiguration.

Full Access
Question # 34

Refer to the exhibit, which shows a partial web filter profile configuration.

The URL www.dropbox.com is categorized as File Sharing and Storage.

Which action does FortiGate take if a user attempts to access www.dropbox.com?

A.

FortiGate blocks the connection as an invalid URL.

B.

Based on the URL Filter configuration, FortiGate allows the connection.

C.

FortiGate blocks the connection, based on the FortiGuard category-based filter configuration.

D.

Based on the Web Content filter configuration, access to www.dropbox.com would be exempted.

Full Access
Question # 35

Refer to the exhibit.

The modified output of live routing kemel is shown

Which two statements about the output are (rue? (Choose two.)

A.

The BGP route to 10.0.4.0/24 is not in the forwarding information base.

B.

The default static route through 10.200.1 254 is in the forwarding information base.

C.

FortiGate is performing ECMP using both default static routes.

D.

The local FortiGate is receiving only one LSA from one OSPF neighbor.

Full Access
Question # 36

Refer to the exhibit.

The output of the command diagnose vpn tunnels liar is shown.

Which two statements accurately describe the status of the tunnel? (Choose two.)

A.

Phase 2 is down

B.

Phase 1 is down.

C.

There is currently no traffic traversing the tunnel

D.

Both Phase 1 and Phase 2 were negotiated successfully.

Full Access
Question # 37

Refer to the exhibit.

FortiGate is showing continuous high CPU usage During a maintenance window, the CLI command diagnose sys top displays the output shown in the exhibit. The CLI command diagnose twat application ipsmonitor 5 was run. but the CPU usage by daemon ipsengine did not drop Which immediate action can you take to reduce the CPU usage effectively?

A.

Reduce the number of IPS signatures enabled on the active IPS profiles

B.

Execute diagnose test application ipsMonitor 2inatead.

C.

Disable IPS on all firewall policies.

D.

Bypass all IPS engines

Full Access
Question # 38

Exhibit.

Refer to the exhibit, which shows the output of diagnose automation test.

What can you observe from the output? (Choose two.)

A.

The automation stitch test is not being logged.

B.

The automation stitch test failed but the HA failover was successful.

C.

An HA failover occurred.

D.

The test was unsuccessful.

Full Access
Question # 39

What are two functions of automation stitches? (Choose two.)

A.

You can configure automation stitches on any FortiGate device in a Security Fabric environment.

B.

You can configure automation stitches to execute actions sequentially by taking parameters from previous actions as input for the current action.

C.

You can set an automation stitch configured to execute actions in parallel to insert a specific delay between actions.

D.

You can create automation stitches to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.

Full Access
Question # 40

Refer to the exhibit.

The output of the command diagnose vpn tunnel list is shown.

Reviewing the debug command, what is the current status of the traffic flowing through the tunnel?

A.

The outbound IPsec SA was copied to the NPU.

B.

NP6 is handling the offloading.

C.

The inbound and outbound IPsec SAs were copied to the NPU.

D.

The inbound IPsec SA was copied to the NPU.

Full Access