Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

FCSS_NST_SE-7.6 Questions Bank

Fortinet NSE 6 - Network Security 7.6 Support Engineer Questions and Answers

Question 5

Refer to the exhibit.

The partial output of diagnose sys session stat command is shown.

Which statement about the output shown in the exhibit is correct?

Options:

A.

113 sessions have been dropped because of memory page exhaustion.

B.

There have been 131072 recorded ephemeral sessions but there are no current ones.

C.

562 TCP sessions have their proto_state set to 01 if there is no inspection.

D.

27 sessions have expired but are still in the session table in case any out-of-order packets arrive.

Question 6

Refer to the exhibit.

The exhibit shows the output of a session. Which two statements are correct? (Choose two.)

Options:

A.

The session did not match a firewall policy.

B.

The gateway to the destination is 10.1.10.1.

C.

The session was initiated from an authenticated user.

D.

The TCP session has been successfully established.

Question 7

Refer to the exhibit.

The exhibit shows a session entry. Which statement about this TCP session is true?

Options:

A.

The session will expire in one second.

B.

It is a TCP session from 10.9.31.117 to 10.1.0.3.

C.

The session is offloaded using NPU.

D.

Return traffic to the initiator is sent to 10.9.31.117.

Question 8

Refer to the exhibits.

An OSPF peer is advertising route 172.16.52.0/24. The local FortiGate is configured with an inbound distribution list that allows the 172.16.0.0/16 network to be injected into its routing table. However, the 1 ' 2.16.52.0/24 subnet cannot be seen in the FIB.

Which two stops can the administrator of the local FortiGate take to ensure that the advertised 172.16. 52.0/24 subnet will be injected into the routing table? (Choose two.)

Options:

A.

Add another entry to the prefix list to specifically allow the 172.16.52.0/24 network.

B.

Change the ge value to 17.

C.

Change the R- value lo 16.

D.

Modify the default prefix-list behavior from implicit deny to implicit allow.