Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

FCSS_NST_SE-7.6 Questions and Answers

Question # 6

Which three common FortiGate-to-collector-agent connectivity issues can you identify using the FSSO real-time debug? (Choose three.)

A.

Log is full on the collector agent.

B.

Inability to reach IP address of the collector agent.

C.

Refused connection. Potential mismatch of TCP port.

D.

Mismatched pre-shared password.

E.

Incompatible collector agent software version.

Full Access
Question # 7

Exhibit.

Refer to the exhibit, which shows the output of a session. Which two statements are true? (Choose Iwo.)

A.

The TCP session has been successfully established.

B.

The session was initiated from an authenticated user.

C.

The session is being inspected using flow inspection.

D.

The session is being offloaded.

Full Access
Question # 8

Refer to the exhibit, which shows a partial output of the real-time LDAP debug.

What two actions can the administrator take to resolve this issue? (Choose two.)

A.

Ensure the user logs in using 'John Smith' not 'jsmith'.

B.

Ensure the user is providing the correct user credentials.

C.

Ensure the user is a member of at least one AD group to ensure step 4 of the LDAP authentication process is successful.

D.

Ensure the account is active.

Full Access
Question # 9

Exhibit 1.

Exhibit 2.

Refer to the exhibits, which show the configuration on FortiGate and partial internet session information from a user on the internal network.

An administrator would like to lest session failover between the two service provider connections.

Which two changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two.)

A.

Change the priority of the port! static route to 11.

B.

Change the priority of the port2 static route to 5.

C.

Configure unset snat-route-change to return it to the default setting.

D.

Configure set snat-route-change enable.

Full Access
Question # 10

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?

A.

Set snat-route-change to enable.

B.

Set the priority of the static default route using port2 to 1.

C.

Set preserve-session-route to enable.

D.

Set the priority of the static default route using port1 to 10.

Full Access
Question # 11

Refer to the exhibit.

An IPsec VPN tunnel is dropping, as shown by the debug output.

Analyzing the debug output, what could be causing the tunnel to go down?

A.

Phase 2 drops but Phase 1 is up.

B.

Dead Peer Detection is not receiving its acknowledge packet.

C.

The tunnel drops during rekey negotiation.

D.

The tunnel drops after the timer expires.

Full Access
Question # 12

Refer to the exhibit, which shows a partial output of the fssod daemon real-time debug command.

What two conclusions can you draw Itom the output? (Choose two.)

A.

The workstation with IP 10.124.2.90 will be polled frequently using TCP port 445 to see if the user is still logged on.

B.

The logon event can be seen on the collector agent installed on Windows.

C.

FSSO is using DC agent mode to detect logon events.

D.

FSSO is using agentless polling mode to detect logon events.

Full Access
Question # 13

Refer to the exhibit, which shows the port1 interface configuration on FortiGate and partial session information for ICMP traffic.

What happens to the session information if a routing change occurs that affects this session?

A.

Only the interface and gateway information for dev=7 will be removed.

B.

The session information will not change unless the current route has been removed from the routing table.

C.

The session will be flagged as dirty but no route lookups will be performed.

D.

Sessions involving port7 or port19 will not have their routing information flushed.

Full Access
Question # 14

Refer to the exhibit, which shows one way communication of the downstream FortiGate with the upstream FortiGate within a Security Fabric.

What three actions must you take to ensure successful communication? (Choose three.)

A.

You must authorize the downstream FortiGate on the root FortiGate.

B.

FortiGate must not be in NAT mode.

C.

Ensure TCP port 8013 is not blocked along the way.

D.

You must enable Security Fabric/Fortitelemetry on the receiving interface of the upstream FortiGate.

E.

Ensure the port for Neighbor Discovery has been changed.

Full Access
Question # 15

Refer to the exhibit, which shows the output of a BGP debug command.

What can you conclude about the router in this scenario?

A.

The router 100.64.3.1 needs to update the local AS number in its BGP configuration in order to bring up the 8GP session with the local router.

B.

An inbound route-map on local router is blocking the prefixes from neighbor 100.64.3.1.

C.

All of the neighbors displayed are part of a single BGP configuration on the local router with the neighbor-range set to a value of 4.

D.

The BGP session with peer 10.127.0.75 is up.

Full Access
Question # 16

Exhibit.

Refer to the exhibit, which shows the output of a diagnose command.

What can you conclude about the debug output in this scenario?

A.

The first server provided to FortiGate when it performed a DNS query looking for a list of rating servers, was 121.111.236.179.

B.

There is a natural correlation between the value in the FortiGuard-requests field and the value in the Weight field.

C.

FortiGate used 64.26.151.37 as the initial server to validate its contract.

D.

Servers with a negative TZ value are less preferred for rating requests.

Full Access
Question # 17

Refer to the exhibit, which shows a partial web filter profile configuration.

The URL www.dropbox.com is categorized as File Sharing and Storage.

Which action does FortiGate take if a user attempts to access www.dropbox.com?

A.

FortiGate blocks the connection as an invalid URL.

B.

Based on the URL Filter configuration, FortiGate allows the connection.

C.

FortiGate blocks the connection, based on the FortiGuard category-based filter configuration.

D.

Based on the Web Content filter configuration, access to www.dropbox.com would be exempted.

Full Access
Question # 18

Exhibit.

Refer to the exhibit, which shows the output of diagnose automation test.

What can you observe from the output? (Choose two.)

A.

The automation stitch test is not being logged.

B.

The automation stitch test failed but the HA failover was successful.

C.

An HA failover occurred.

D.

The test was unsuccessful.

Full Access
Question # 19

Refer to the exhibit, which shows the partial output of a diagnose command.

Which two conclusions can you draw from the output shown in the exhibit? (Choose two.)

A.

FortiGate will drop the expected traffic if it does not arrive within 23 seconds.

B.

Clearing the master session has no impact on the expectation session.

C.

This is a pinhole session to allow traffic for a TCP protocol that dynamically assigns TCP ports.

D.

The session is checked against firewall policy ID 25.

Full Access