Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. Fortinet
  3. Fortinet Certified Solution Specialist
  4. FCSS_NST_SE-7.6 - FCSS - Network Security 7.6 Support Engineer

Fortinet FCSS_NST_SE-7.6 FCSS - Network Security 7.6 Support Engineer Exam Practice Test

Demo: 19 questions
Total 66 questions
Get FCSS_NST_SE-7.6 Full Access Download FCSS_NST_SE-7.6 PDF

FCSS - Network Security 7.6 Support Engineer Questions and Answers

Question 1

The local OSPF router is unable to establish adjacency with a peer.

Which two things should the administrator do to troubleshoot the issue? (Choose two.)

Options:

A.

Check whether TCP port 179 is blocked.

B.

Check if there is an active static route to the peer.

C.

Check whether both peers have an IP address within the same subnet.

D.

Check if IP protocol 89 is blocked.

Question 2

Refer to the exhibit, which shows a partial output of a real-time LDAP debug.

What two conclusions can you draw from the output? (Choose two.)

Options:

A.

The user was found in the LDAP tree, whose root is TAC.ottawa.fortinet.com.

B.

FortiOS performs a bind to the LDAP server using the user's credentials.

C.

FortiOS collects the user group information.

D.

FortiOS is performing the second step (Search Request) in the LDAP authentication process.

Question 3

Refer to the exhibit, which shows one way communication of the downstream FortiGate with the upstream FortiGate within a Security Fabric.

What three actions must you take to ensure successful communication? (Choose three.)

Options:

A.

You must authorize the downstream FortiGate on the root FortiGate.

B.

FortiGate must not be in NAT mode.

C.

Ensure TCP port 8013 is not blocked along the way.

D.

You must enable Security Fabric/Fortitelemetry on the receiving interface of the upstream FortiGate.

E.

Ensure the port for Neighbor Discovery has been changed.

Question 4

Exhibit.

Refer to the exhibit, which shows the output of a session. Which two statements are true? (Choose Iwo.)

Options:

A.

The TCP session has been successfully established.

B.

The session was initiated from an authenticated user.

C.

The session is being inspected using flow inspection.

D.

The session is being offloaded.

Question 5

Refer to the exhibit, which shows the modified output of the routing kernel.

Which statement is true?

Options:

A.

The egress interface associated with static route 8.8.8.8/32 is administratively up.

B.

The default static route through 10.200.1.254 is not in the forwarding information base.

C.

The default static route through port2 is in the forwarding information base.

D.

The BGP route to 10.0.4.0/24 is not in the forwarding information base.

Question 6

Refer to the exhibit showing a debug output.

An administrator deployed FSSO in DC Agent Mode but FSSO is failing on FortiGate. Pinging FortiGate from where the collector agent is deployed is successful.

The administrator then produces the debug output shown in the exhibit.

What could be causing this error message?

Options:

A.

The TCP port 445 is blocked between FortiGate and collector agent.

B.

The collector agent preshared password is mismatched.

C.

The FortiGate cannot resolve the active directory server name.

D.

The FortiGate and the collector agent are using different TCP ports.

Question 7

Exhibit 1.

Exhibit 2.

Refer to the exhibits, which show the configuration on FortiGate and partial internet session information from a user on the internal network.

An administrator would like to lest session failover between the two service provider connections.

Which two changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two.)

Options:

A.

Change the priority of the port! static route to 11.

B.

Change the priority of the port2 static route to 5.

C.

Configure unset snat-route-change to return it to the default setting.

D.

Configure set snat-route-change enable.

Question 8

Refer to the exhibit, which shows a partial output of the real-time LDAP debug.

What two actions can the administrator take to resolve this issue? (Choose two.)

Options:

A.

Ensure the user logs in using 'John Smith' not 'jsmith'.

B.

Ensure the user is providing the correct user credentials.

C.

Ensure the user is a member of at least one AD group to ensure step 4 of the LDAP authentication process is successful.

D.

Ensure the account is active.

Question 9

During which phase of IKEv2 does the Diffie-Helman key exchange take place?

Options:

A.

IKE_Req_INIT

B.

Create_CHILD_SA

C.

IKE_Auth

D.

IKE_SA_INIT

Question 10

In the SAML negotiation process, which section does the Identity Provider (IdP) provide the SAML attributes utilized in the authentication process to the Service Provider (SP)?

Options:

A.

SP Login dump

B.

Authentication Response

C.

Authentication Request

D.

Assertion dump

Question 11

Refer to the exhibit, which shows the output of diagnose sys session list.

If the HA ID for the primary device is 0, what happens if the primary fails and the secondary becomes the primary?

Options:

A.

The secondary device has this session synchronized; however, because application control is applied, the session is marked dirty and has to be re-evaluated after failover.

B.

Traffic for this session continues to be permitted on the new primary device after failover, without requiring the client to restart the session with the server.

C.

The session will be removed from the session table of the secondary device because of the presence of allowed error packets, which will force the client to restart the session with the server.

D.

The session state is preserved but the kernel will need to re-evaluate the session because NAT was applied.

Question 12

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?

Options:

A.

Set snat-route-change to enable.

B.

Set the priority of the static default route using port2 to 1.

C.

Set preserve-session-route to enable.

D.

Set the priority of the static default route using port1 to 10.

Question 13

Which two statements about an auxiliary session ate true? (Choose two.)

Options:

A.

With the auxiliary session selling disabled, only auxiliary sessions are offloaded.

B.

With the auxiliary session setting enabled. ECMP traffic is accelerated to the NP6 processor.

C.

With the auxiliary session setting enabled. Iwo sessions are created in case of routing change.

D.

With the auxiliary session setting disabled, for each traffic path. FortiGate uses the same auxiliary session.

Question 14

Which authentication option can you not configure under config user radius on FortiOS?

Options:

A.

mschap

B.

pap

C.

mschap2

D.

eap

Question 15

Refer to the exhibit, which shows the output of get router info ospf neighbor.

What can you conclude from the command output?

Options:

A.

The network type connecting the local Fortigate and OSPF neighbor 0.0.0.10 is point-to-point.

B.

All neighbors are in area 0.0.0.0.

C.

The local FortiGate is the BDR.

D.

The local FortiGate is not a DROther.

Question 16

In IKEv2, which exchange establishes the first CHILD_SA?

Options:

A.

IKE_SA_INIT

B.

INFORMATIONAL

C.

CREATE_CHILD_SA

D.

IKE_Auth

Question 17

Refer to the exhibit, which shows a session entry.

Which statement about this session is true?

Options:

A.

Return traffic to the initiator is sent to 10.1.0.1.

B.

Return traffic to the initiator is sent lo 10.200.1.254.

C.

It is an ICMP session from 10.1.10.10 to 10.200.1.1.

D.

It is an ICMP session from 10.1.10.1 to 10.200.5.1.

Question 18

Refer to the exhibit, which contains the output of diagnose vpn tunnel list.

Which command will capture ESP traffic for the VPN named DialUp_0?

Options:

A.

diagnose sniffer packet any 'ip proto 50'

B.

diagnose sniffer packet any 'host 10.0.10.10'

C.

diagnose sniffer packet any 'esp and host 10.200.3.2'

D.

diagnose sniffer packet any 'port 4500'

Question 19

Refer to the exhibit, which shows a partial web filter profile configuration.

The URL www.dropbox.com is categorized as File Sharing and Storage.

Which action does FortiGate take if a user attempts to access www.dropbox.com?

Options:

A.

FortiGate blocks the connection as an invalid URL.

B.

Based on the URL Filter configuration, FortiGate allows the connection.

C.

FortiGate blocks the connection, based on the FortiGuard category-based filter configuration.

D.

Based on the Web Content filter configuration, access to www.dropbox.com would be exempted.

Load More FCSS_NST_SE-7.6 Questions
Demo: 19 questions
Total 66 questions
Get FCSS_NST_SE-7.6 Full Access Download FCSS_NST_SE-7.6 PDF