FCSS_NST_SE-7.6 Questions Bank

FCSS - Network Security 7.6 Support Engineer Questions and Answers

Question 5

Refer to the exhibit.

An IPsec VPN tunnel is dropping, as shown by the debug output.

Analyzing the debug output, what could be causing the tunnel to go down?

Phase 2 drops but Phase 1 is up.

Dead Peer Detection is not receiving its acknowledge packet.

The tunnel drops during rekey negotiation.

The tunnel drops after the timer expires.

Question 6

What are two reasons you might see iprope_in_check() check failed, drop when using the debug flow? (Choose two.)

Packet was dropped because of policy route misconfiguration.

Packet was dropped because of traffic shaping.

Trusted host list misconfiguration.

VIP or IP pool misconfiguration.

Question 7

Refer to the exhibit.

Which three pieces of information does the diagnose sys top command provide? (Choose three.)

The miglogd daemon is running on CPU core ID 0.

The diagnose sys top command has been running for 18 minutes.

The miglogd daemon would be on top of the list, if the administrator pressed m on the keyboard.

The cmdbsvr process is occupying 2.4% of the total user memory space.

If the neweli daemon continues to be in the R state, it will need to be manually restarted.

Question 8

Which authentication option can you not configure under config user radius on FortiOS?

mschap

pap

mschap2

eap