Month End Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

 
Home > Fortinet > Fortinet Certified Solution Specialist > FCSS_NST_SE-7.6

FCSS_NST_SE-7.6 FCSS - Network Security 7.6 Support Engineer Question and Answers

Question # 4

Refer to the exhibit, which shows the output of a debug command.

Which two statements about the output are true? (Choose two.)

A.

The interlace is part of the OSPF backbone area.

B.

There are a total of five OSPF routers attached to the vorz4 network segment

C.

One of the neighbors has a router ID of 0.0.0.4.

D.

In the network connected to port4, two OSPF routers are down.

Full Access
Question # 5

Refer to the exhibit, which shows the partial output of command diagnose debug rating.

In this exhibit, which FDS server will the FortiGate algorithm choose?

A.

66.117.56.37

B.

208.91.112.194

C.

209.22.147.36

D.

64.26.151.37

Full Access
Question # 6

Exhibit.

Refer to the exhibit, which contains a screenshot of some phase 1 settings.

The VPN is not up. To diagnose the issue, the administrator enters the following CLI commands on an SSH session on FortiGate:

However, the IKE real-time debug does not show any output. Why?

A.

The administrator must also run the command diagnose debug enable.

B.

The debug shows only error messages. If there is no output, then the phase 1 and phase 2 configurations match.

C.

The log-filter setting is incorrect. The VPN traffic does not match this filter.

D.

Replace diagnose debug application ike -1 with diagnose debug application ipsec -1.

Full Access
Question # 7

An administrator wants to capture encrypted phase 2 traffic between two FotiGate devices using the built-in sniffer.

If the administrator knows that there Is no NAT device located between both FortiGate devices, which command should the administrator run?

A.

diagnose sniffer packet any 'udp port 500'

B.

diagnose sniffer packet any 'lp proto 50'

C.

diagnose sniffer packet any 'udp port 4500'

D.

diagnose sniffer packet any 'ah'

Full Access
Question # 8

Which statement about protocol options is true?

A.

Protocol options allow administrators to configure a maximum number of sessions for each configured protocol.

B.

Protocol options give administrators a streamlined method to instruct FortiGate to block all sessions corresponding to disabled protocols.

C.

Protocol options allow administrators to configure the Any setting for all enabled protocols, which provides the most efficient use of system resources.

D.

Protocol options allow administrators to configure which Layer 4 port numbers map to upper-layer protocols, such as HTTP, SMTP, FTP, and so on.

Full Access
Question # 9

Which statement about IKEv2 is true?

A.

Both IKEv1 and IKEv2 share the feature of asymmetric authentication.

B.

IKEv1 and IKEv2 have enough of the header format in common that both versions can run over the same UDP port.

C.

IKEv1 and IKEv2 use same TCP port but run on different UDP ports.

D.

IKEv1 and IKEv2 share the concept of phase1 and phase2.

Full Access
Question # 10

Exhibit.

Refer to the exhibit, which shows the output of get system ha status.

NGFW-1 and NGFW-2 have been up for a week.

Which two statements about the output are true? (Choose two.)

A.

If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.

B.

If port 7 becomes disconnected on the secondary, both FortiGate devices will elect itself as primary.

C.

If FGVM...649 is rebooted. FGVM...650 will become the primary and retain that role, even after FGVM...649 rejoins the cluster.

D.

If no action is taken, the primary FortiGate will leave the cluster because of the current sync status.

Full Access
Question # 11

Refer to the exhibit, which shows a partial output of the real-time LDAP debug.

What two actions can the administrator take to resolve this issue? (Choose two.)

A.

Ensure the user logs in using 'John Smith' not 'jsmith'.

B.

Ensure the user is providing the correct user credentials.

C.

Ensure the user is a member of at least one AD group to ensure step 4 of the LDAP authentication process is successful.

D.

Ensure the account is active.

Full Access
Question # 12

Refer to the exhibit, which shows the output of the command get router info ospf neighbor.

To what extent does FortiGate operate when looking at its OSPF neighbors? (Choose two.)

A.

The local FortiGate has at least one interface that participates in a broadcast network.

B.

The local FortiGate has at least one interface that participates in a point-to-point network.

C.

The local FortiGate is the DR.

D.

Neighbor 0.0.0.18 is the designated router (DR).

Full Access
Question # 13

In the SAML negotiation process, which section does the Identity Provider (IdP) provide the SAML attributes utilized in the authentication process to the Service Provider (SP)?

A.

SP Login dump

B.

Authentication Response

C.

Authentication Request

D.

Assertion dump

Full Access
Question # 14

Refer to the exhibit, which shows the modified output of the routing kernel.

Which statement is true?

A.

The egress interface associated with static route 8.8.8.8/32 is administratively up.

B.

The default static route through 10.200.1.254 is not in the forwarding information base.

C.

The default static route through port2 is in the forwarding information base.

D.

The BGP route to 10.0.4.0/24 is not in the forwarding information base.

Full Access
Question # 15

Refer to the exhibit, which contains partial output from an IKE real-time debug.

The administrator does not have access to the remote gateway.

Based on the debug output, which configuration change the administrator make to the local gateway to resolve the phase 1 negotiation error?

A.

In the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.

B.

In the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.

C.

In the phase 1 network configuration, set the IKE version to 2.

D.

In the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.

Full Access
Question # 16

Which exchange lakes care of DoS protection in IKEv2?

A.

Create_CHILD_SA

B.

IKE_Auth

C.

IKE_Req_INIT

D.

IKE_SA_NIT

Full Access
Question # 17

In which two slates is a given session categorized as ephemeral? (Choose two.)

A.

A UDP session with only one packet received

B.

A UOP session with packets sent and received

C.

A TCP session waiting for the SYN ACK

D.

A TCP session waiting for FIN ACK

Full Access
Question # 18

Which statement about parallel path processing is correct (PPP)?

A.

PPP chooses from a group of parallel options lo identity the optimal path tor processing a packet.

B.

Only FortiGate hardware configurations affect the path that a packet takes.

C.

PPP does not apply to packets that are part of an already established session.

D.

Software configuration has no impact on PPP.

Full Access
Question # 19

Refer to the exhibit, which shows the port1 interface configuration on FortiGate and partial session information for ICMP traffic.

What happens to the session information if a routing change occurs that affects this session?

A.

Only the interface and gateway information for dev=7 will be removed.

B.

The session information will not change unless the current route has been removed from the routing table.

C.

The session will be flagged as dirty but no route lookups will be performed.

D.

Sessions involving port7 or port19 will not have their routing information flushed.

Full Access
Copyright myexamcollection.com. All Right Reserved.