Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Fortinet FCSS_NST_SE-7.6 Dumps Questions Answers

Fortinet NSE 6 - Network Security 7.6 Support Engineer Questions and Answers

Question 1

Exhibit.

Refer to the exhibit, which shows the output of get system ha status.

NGFW-1 and NGFW-2 have been up for a week.

Which two statements about the output are true? (Choose two.)

Options:

A.

If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.

B.

If port 7 becomes disconnected on the secondary, both FortiGate devices will elect itself as primary.

C.

If FGVM...649 is rebooted. FGVM...650 will become the primary and retain that role, even after FGVM...649 rejoins the cluster.

D.

If no action is taken, the primary FortiGate will leave the cluster because of the current sync status.

Buy Now
Question 2

Refer to the exhibit.

The exhibit shows the output from using the command diagnose debug application samld -1 to diagnose a SAML connection.

Based on this output, what can you conclude?

Options:

A.

Active Directory is used for authentication.

B.

The authentication request is for an SSL VPN connection.

C.

The IdP IP address is 10.1.10.254.

D.

The IdP IP address is 10.1.10.2.

Question 3

Refer to the exhibit, which shows the partial output of command diagnose debug rating.

In this exhibit, which FDS server will the FortiGate algorithm choose?

Options:

A.

66.117.56.37

B.

208.91.112.194

C.

209.22.147.36

D.

64.26.151.37

Question 4

Which two protocol states indicate that traffic is bidirectional? (Choose two.)

Options:

A.

proto_state=01 for a TCP session.

B.

proto_state=01 for a UDP session.

C.

proto_state=05 for a TCP session.

D.

proto_state=00 for an ICMP session.

Question 5

Refer to the exhibit.

The partial output of diagnose sys session stat command is shown.

Which statement about the output shown in the exhibit is correct?

Options:

A.

113 sessions have been dropped because of memory page exhaustion.

B.

There have been 131072 recorded ephemeral sessions but there are no current ones.

C.

562 TCP sessions have their proto_state set to 01 if there is no inspection.

D.

27 sessions have expired but are still in the session table in case any out-of-order packets arrive.

Question 6

Refer to the exhibit.

The exhibit shows the output of a session. Which two statements are correct? (Choose two.)

Options:

A.

The session did not match a firewall policy.

B.

The gateway to the destination is 10.1.10.1.

C.

The session was initiated from an authenticated user.

D.

The TCP session has been successfully established.

Question 7

Refer to the exhibit.

The exhibit shows a session entry. Which statement about this TCP session is true?

Options:

A.

The session will expire in one second.

B.

It is a TCP session from 10.9.31.117 to 10.1.0.3.

C.

The session is offloaded using NPU.

D.

Return traffic to the initiator is sent to 10.9.31.117.

Question 8

Refer to the exhibits.

An OSPF peer is advertising route 172.16.52.0/24. The local FortiGate is configured with an inbound distribution list that allows the 172.16.0.0/16 network to be injected into its routing table. However, the 1 ' 2.16.52.0/24 subnet cannot be seen in the FIB.

Which two stops can the administrator of the local FortiGate take to ensure that the advertised 172.16. 52.0/24 subnet will be injected into the routing table? (Choose two.)

Options:

A.

Add another entry to the prefix list to specifically allow the 172.16.52.0/24 network.

B.

Change the ge value to 17.

C.

Change the R- value lo 16.

D.

Modify the default prefix-list behavior from implicit deny to implicit allow.

Question 9

Refer to the exhibit.

The output of a BGO debug command is shown.

What is the most likely reason that the local FortiGate is not receiving any prefixes from its neighbors?

Options:

A.

The local router is waiting for the keepalive message from the router 10.125.0.60.

B.

None of the three neighbors has successfully established the TCP three-way handshake with the local router.

C.

The router 100.64.3.1 is waiting for the OPEN message from the local router.

D.

The RIB-OUT configuration for router 10.127.0.75 prevents any route advertisement to the local router.

Question 10

Refer to the exhibit, which shows the output of the command get router info bgp neighbors 100.64.2.254 advertised-routes.

What can you conclude from the output?

Options:

A.

The BGP state of the two BGP participants is OpenConfirm.

B.

The router ID of the neighbor is 100.64.2.254.

C.

The BGP neighbor is advertising the 10.20.30.40/24 network to the local router.

D.

The local router is advertising the 10.20.30.40/24 network to its BGP neighbor.

Question 11

Exhibit.

Refer to the exhibit, which shows two entries that were generated in the FSSO collector agent logs.eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee

What three conclusions can you draw from these log entries? {Choose three.)

Options:

A.

Remote registry is not running on the workstation.

B.

The user ' s status shows as " not verified " in the collector agent.

C.

DNS resolution is unable to resolve the workstation name.

D.

The FortiGate firmware version is not compatible with that of the collector agent.

E.

A firewall is blocking traffic to port 139 and 445.

Question 12

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Why is the port2 default route not in the second command output?

Options:

A.

The port2 interface is disabled in the FortiGate configuration.

B.

The port1 default route has a higher priority value than the default route using port2.

C.

The port1 default route has a lower priority value than the default route using port2.

D.

The port1 default route has a lower distance than the default route using port2.

Question 13

Which two observations can you make from the output? (Choose two.)

Options:

A.

The configuration was backed up

B.

A high availability (HA) failover occurred.

C.

The lest was unsuccessful.

D.

The automation stitch test is not being logged.

Question 14

A VPN tunnel is up. To monitor traffic flow, the administrator enters the following CLI commands on an SSH session on FortiGate:

# diagnose debug enable

# diagnose sniffer packet any ' udp and port 500 ' 4

However, the sniffer does not show any output. Assuming default configuration values, what are two possible reasons there is no output? (Choose two answers)

Options:

A.

The filter should be modified to also capture packets for TCP port 443 or UDP port 4500 .

B.

NAT Traversal is enabled.

C.

The sniffer must be restricted to the remote peer IP address.

D.

The sniffer output will be ignored because running diagnose debug enable shows only application real-time debugs.

Question 15

Refer to the exhibit, which shows a truncated output of a real-time LDAP debug.

What two conclusions can you draw from the output? (Choose two.)

Options:

A.

The name of the configured LDAP server is Lab.

B.

The user is authenticating using CN=John Smith.

C.

FortiOS is able to locate the user in step 3 (Bind Request) of the LDAP authentication process.

D.

FortiOS is performing the second step (Search Request) in the LDAP authentication process.

Question 16

Which exchange lakes care of DoS protection in IKEv2?

Options:

A.

Create_CHILD_SA

B.

IKE_Auth

C.

IKE_Req_INIT

D.

IKE_SA_NIT

Question 17

Exhibit.

Refer to the exhibit, which shows a FortiGate configuration.

An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however the web filter is not inspecting any traffic that is passing through the policy.

What must the administrator do to fix the issue?

Options:

A.

Disable webfilter-force-off.

B.

Increase webfilter-timeout.

C.

Enable fortiguard-anycast.

D.

Change protocol to TCP.

Question 18

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate. Which two actions will FortiGate take when using the default settings for SSL certificate inspection? (Choose two answers)

Options:

A.

FortiGate uses the SNI from the user ' s web browser.

B.

FortiGate does not decrypt the traffic if the traffic is blocked by the web filter profile.

C.

FortiGate uses the CN information from the Subject field in the server certificate.

D.

FortiGate does not decrypt the traffic if the traffic is allowed by the web filter profile.

Question 19

Refer to the exhibit.

The output of diagnose sys session list command is shown.

If the HA ID for the primary device is 9, what happens if the primary fails and the secondary becomes the primary?

Options:

A.

The session is synchronized with the secondary device, however, because application control is applied. the session is marked dirty and has to be reevaluated after failover.

B.

The session will be removed from the session table of the secondary device because the TCP session is not yet fully established.

C.

The session continues to permit traffic on the new primary device after failover. without requiring the client to restart the session with the server.

D.

The session state is preserved but the kernel will re-evaluate the session because the routing information will be flushed

Question 20

Which Iwo actions does FortiGate take after an administrator enables the auxiliary session selling? (Choose two.)

Options:

A.

FortiGate only offloads auxiliary sessions.

B.

FortiGate accelerates all ECMP traffic to the NP6 processor

C.

FortiGates creates a now auxiliary session for each packet it receives.

D.

FortiGate creates two sessions in case of a routing change.

Question 21

Exhibit 1.

Exhibit 2.

Refer to the exhibits, which show the configuration on FortiGate and partial internet session information from a user on the internal network.

An administrator would like to lest session failover between the two service provider connections.

Which two changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two.)

Options:

A.

Change the priority of the port1 static route to 11.

B.

Change the priority of the port2 static route to 5.

C.

Configure unset snat-route-change to return it to the default setting.

D.

Configure set snat-route-change enable.

Question 22

Refer to the exhibit.

If the default settings are m place, what can you conclude about the conserve mode shown in the exhibit?

Options:

A.

FortiGate is currently allowing new sessions that require flow-based content inspection and blocking sessions that require proxy-based content inspection

B.

FortiGate is currently allowing new sessions and will continue to allow sessions if memory increases another 6%.

C.

FortiGate is currently allowing now sessions that require flow-based or proxy-based content inspection, but is not performing inspection on those sessions.

D.

FortiGate is currently blocking all new sessions regardless of the content inspection requirements or configuration settings because of high memory use.

Question 23

Exhibit.

Refer to the exhibit, which shows a partial web fillet profile configuration.

Which action does FortiGate lake if a user attempts to access dropbox. com, which is categorized as File Sharing and Storage?

Options:

A.

FortiGate allows the connection, based on the URL Filter configuration.

B.

FortiGate blocks the connection as an invalid URL.

C.

FortiGate exempts the connection, based on the Web Content Filter configuration.

D.

FortiGate blocks the connection, based on the FortiGuard category based filter configuration.

Question 24

Refer to the exhibit, which shows a session entry.

Which statement about this session is true?

Options:

A.

Return traffic to the initiator is sent to 10.1.0.1.

B.

Return traffic to the initiator is sent lo 10.200.1.254.

C.

It is an ICMP session from 10.1.10.10 to 10.200.1.1.

D.

It is an ICMP session from 10.1.10.1 to 10.200.5.1.

Question 25

Which two statements about conserve mode are true? (Choose two.)

Options:

A.

FortiGate enters conserve mode when the system memory reaches the configured extreme threshold.

B.

FortiGate starts taking the configured action for new sessions requiring content inspection when the system memory reaches the configured red threshold.

C.

FortiGate exits conserve mode when the system memory goes below the configured green threshold.

D.

FortiGate starts dropping all new sessions when the system memory reaches the configured red threshold.

Question 26

Refer to the exhibit, which shows the output of a debug command.

Which two statements about the output are true? (Choose two.)

Options:

A.

The interlace is part of the OSPF backbone area.

B.

There are a total of five OSPF routers attached to the vorz4 network segment

C.

One of the neighbors has a router ID of 0.0.0.4.

D.

In the network connected to port4, two OSPF routers are down.

Question 27

Which two statements about an auxiliary session ate true? (Choose two.)

Options:

A.

With the auxiliary session selling disabled, only auxiliary sessions are offloaded.

B.

With the auxiliary session setting enabled. ECMP traffic is accelerated to the NP6 processor.

C.

With the auxiliary session setting enabled. Iwo sessions are created in case of routing change.

D.

With the auxiliary session setting disabled, for each traffic path. FortiGate uses the same auxiliary session.

Question 28

An administrator wants to capture encrypted phase 2 traffic between two FotiGate devices using the built-in sniffer.

If the administrator knows that there Is no NAT device located between both FortiGate devices, which command should the administrator run?

Options:

A.

diagnose sniffer packet any ' udp port 500 '

B.

diagnose sniffer packet any ' lp proto 50 '

C.

diagnose sniffer packet any ' udp port 4500 '

D.

diagnose sniffer packet any ' ah '

Question 29

Refer to the exhibit.

Partial output of diagnose sys session stat command is shown.

An administrator has noticed unusual behavior from FortiGate. It appears that sessions are randomly removed. Which two reasons could explain this? (Choose two.)

Options:

A.

FortiGate is deleting sessions because the kernel cannot allocate more memory pages

B.

FortiGate is dropping all TCP sessions with incomplete three-way handshakes.

C.

FortiGate is not accepting sessions because the device has been down 10 out of 120 seconds.

D.

FortiGate is flushing sessions because of high memory usage.

Question 30

Refer to the exhibit, which shows the partial output of FortiOS kernel slabs.

Which statement is true?

Options:

A.

The total slab size of the sctp_session slab is 0 kB and is associated with the user space.

B.

The total slab size of the ip_session slab is 3600 kB and is associated with the user space.

C.

The total slab size of the ip6_session slab is 1300 kB and is associated with the kernel.

D.

The total slab size of the tcp_session slab is 7500 kB and is associated with the kernel.

Question 31

Refer to the exhibit, which shows the modified output of the routing kernel.

Which statement is true?

Options:

A.

The egress interface associated with static route 8.8.8.8/32 is administratively up.

B.

The default static route through 10.200.1.254 is not in the forwarding information base.

C.

The default static route through port2 is in the forwarding information base.

D.

The BGP route to 10.0.4.0/24 is not in the forwarding information base.

Question 32

Refer to the exhibit.

Partial output of the get vpn ipsec tunnel details command is shown. Based on the output, which two statements are correct? (Choose two.)

Options:

A.

The npu_flag for this tunnel is 02.

B.

Different SPI values are a result of auto-negotiation being disabled for phase2 selectors.

C.

The npu_flag for this tunnel is 03.

D.

Anti-replay is enabled.

Question 33

Which three common FortiGate-to-collector-agent connectivity issues can you identify using the FSSO real-time debug? (Choose three.)

Options:

A.

Log is full on the collector agent.

B.

Inability to reach IP address of the collector agent.

C.

Refused connection. Potential mismatch of TCP port.

D.

Mismatched pre-shared password.

E.

Incompatible collector agent software version.

Question 34

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate.

Which action will FortiGate take when using the default settings for SSL certificate inspection?

Options:

A.

FortiGate uses the SNI from the user ' s web browser.

B.

FortiGate closes the connection because this represents an invalid SSL/TLS configuration.

C.

FortiGate uses the first entry listed in the SAN field in the server certificate.

D.

FortiGate uses the CN information from the Subject field in the server certificate.

Question 35

Exhibit.

Refer to the exhibit, which shows the output of diagnose automation test.

What can you observe from the output? (Choose two.)

Options:

A.

The automation stitch test is not being logged.

B.

The automation stitch test failed but the HA failover was successful.

C.

An HA failover occurred.

D.

The test was unsuccessful.

Question 36

Refer to the exhibit.

The partial output of a session table entry is shown.

Which two statements about the output shown in the exhibit are correct? (Choose two.)

Options:

A.

NP7 is handling offloading of this session.

B.

The traffic matches Policy ID 1.

C.

The session has been offloaded.

D.

The traffic is tagged for a VLAN interface.

Question 37

Refer to the exhibit.

An IPsec VPN tunnel using IKEv2 was brought up successfully, but when the tunnel rekey takes place the tunnel goes down.

The debug command for IKE was enabled and, in the exhibit, you can review the partial output of the debug IKE while attempting to bring the tunnel up.

What is causing. The tunnel to be down?

Options:

A.

A Diffie-Hellman mismatch

B.

Blocked traffic on UDP port 500

C.

A mismatch m the Phase 1 negotiations

D.

A mismatch in the Phase 2 negotiations

Question 38

Refer to the exhibit.

The output of the get router info bgp summary command is shown.

Which statement regarding adjacencies between the local router and its neighbors is correct?

Options:

A.

The local router and neighbor 100.64.2.254 are unable to establish adjacency until the adjacency with neighbor 100.64.1.254 ceases.

B.

The local router and neighbor 100.64.2.254 are unable to establish adjacency because the TCP session could not be established.

C.

The local router and neighbor 100.64.1.254 established adjacency because the priority of 100.64.1.254 is higher than that of 100.64.2.254.

D.

The local router and neighbor 100.64.2.254 are unable to establish adjacency because AS 100 is already used by neighbor 100.64.1.254.

Question 39

Refer to the exhibit, which shows the output of diagnose sys session stat.

Which statement about the output shown in the exhibit is correct?

Options:

A.

All the sessions in the session table are TCP sessions.

B.

162 sessions have been deleted because of memory page exhaustion.

C.

There are 166 TCP sessions waiting to complete the three-way handshake.

D.

There are two sessions that have not been removed in case any out-of-order packets arrive.

Question 40

In which two slates is a given session categorized as ephemeral? (Choose two.)

Options:

A.

A UDP session with only one packet received

B.

A UOP session with packets sent and received

C.

A TCP session waiting for the SYN ACK

D.

A TCP session waiting for FIN ACK