Winter Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

Fortinet FCSS_NST_SE-7.4 FCSS - Network Security 7.4 Support Engineer Exam Practice Test

Demo: 12 questions
Total 40 questions

FCSS - Network Security 7.4 Support Engineer Questions and Answers

Question 1

Refer to the exhibit, which contains the output ofdiagnose vpn tunnellist.

Which command will capture ESP traffic for the VPN named DialUp_0?

Options:

A.

diagnose sniffer packet any 'ip proto 50'

B.

diagnose sniffer packet any 'host 10.0.10.10'

C.

diagnose sniffer packet any 'esp and host 10.200.3.2'

D.

diagnose sniffer packet any 'port 4500'

Question 2

Refer to the exhibit, which shows a session entry.

Which statement about this session is true?

Options:

A.

Return traffic to the initiator is sent to 10.1.0.1.

B.

Return traffic to the initiator is sent lo 10.200.1.254.

C.

It is an ICMP session from 10.1.10.10 to 10.200.1.1.

D.

It is an ICMP session from 10.1.10.1 to 10.200.5.1.

Question 3

Refer to the exhibit, which shows a truncated output of a real-time LDAP debug.

What two conclusions can you draw from the output? (Choose two.)

Options:

A.

The name of the configured LDAP server is Lab.

B.

The user is authenticating using CN=John Smith.

C.

FortiOS is able to locate the user in step 3 (Bind Request) of the LDAP authentication process.

D.

FortiOS is performing the second step (Search Request) in the LDAP authentication process.

Question 4

Exhibit.

Refer to the exhibit, which shows a partial output of diagnose hardware aysinfo memory.

Which two statements about the output are true? (Choose two.)

Options:

A.

There are 98908 kB o! memory that will never be used.

B.

The user space has 708880 kB of physical memory that is not used by the system.

C.

The I/O cache, which has 641364 kB of memory allocated to it.

D.

The value indicated next to the inactive heading represents the currently unused cache page.

Question 5

Exhibit.

Refer to the exhibit, which contains partial output from an IKE real-time debug.

Which two statements about this debug output are correct? (Choose two.)

Options:

A.

Perfect Forward Secrecy (PFS) is enabled in the configuration.

B.

The local gateway IP address is 10.0.0.1.

C.

It shows a phase 2 negotiation.

D.

The initiator provided remote as its IPsec peer ID.

Question 6

Refer to the exhibit, which shows the output of get router info bgp summary.

Which two statements are true? (Choose two.)

Options:

A.

The local ForliGate has received one prefix from BGP neighbor 100.64.1.254.

B.

The TCP connection with BGP neighbor 100.64.2.254 was successful.

C.

The local FortiGate has received 18 packets from a BGP neighbor.

D.

The local FortiGate is still calculating the prefixes received from BGP neighbor 100.64.2.264

Question 7

Which two statements about conserve mode are true? (Choose two.)

Options:

A.

FortiGate enters conserve mode when the system memory reaches the configured extreme threshold.

B.

FortiGate starts taking the configured action for new sessions requiring content inspection when the system memory reaches the configured red threshold.

C.

FortiGate exits conserve mode when the system memory goes below the configured green threshold.

D.

FortiGate starts dropping all new sessions when the system memory reaches the configured red threshold.

Question 8

Which statement about parallel path processing is correct (PPP)?

Options:

A.

PPP chooses froma group of parallel options lo identity the optimal path tor processing a packet.

B.

Only FortiGate hardware configurations affect the path that a packet takes.

C.

PPP does not apply to packets that are part of an already established session.

D.

Software configuration has no impact on PPP.

Question 9

Exhibit.

Refer to the exhibit, which contains a screenshot of some phase 1 settings.

The VPN is not up. To diagnose the issue, the administrator enters the following CLI commands on an SSH session on FortiGate:

However, the IKE real-time debug does not show any output. Why?

Options:

A.

The administrator must also run the command diagnose debug enable.

B.

The debug shows only error messages. If there is no output, then the phase 1 and phase 2 configurations match.

C.

The log-filter setting is incorrect. The VPN traffic does not match this filter.

D.

Replace diagnose debug application ike -1 with diagnose debug application ipsec -1.

Question 10

Which statement aboutprotocol options is true?

Options:

A.

Protocol options allow administrators to configure a maximum number of sessions for each configured protocol.

B.

Protocol options give administrators a streamlined method to instruct FortiGate to block all sessions corresponding to disabled protocols.

C.

Protocol options allow administrators to configure the Any setting for all enabled protocols, which provides the most efficient use of system resources.

D.

Protocol options allow administrators to configure which Layer 4 port numbers map to upper-layer protocols, such as HTTP, SMTP, FTP, and so on.

Question 11

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?

Options:

A.

Set snat-route-change to enable.

B.

Set the priority of the static default route using port2 to 1.

C.

Set preserve-session-route to enable.

D.

Set the priority of the static default route using port1 to 10.

Question 12

Exhibit.

Refer to the exhibit, which shows a partial web fillet profile configuration.

Which action does FortiGate lake if a user attempts to access www. dropbox. com, which is categorized as File Sharing and Storage?

Options:

A.

FortiGate allows the connection, based on the URL Filter configuration.

B.

FortiGate blocks the connection as an invalid URL.

C.

FortiGate exempts the connection, based on the Web Content Filter configuration.

D.

FortiGate blocks the connection, based on the FortiGuard category based filter configuration.

Demo: 12 questions
Total 40 questions