Fortinet FCSS_NST_SE-7.4 FCSS - Network Security 7.4 Support Engineer Exam Practice Test

The automation stitch test is not being logged.

The automation stitch test failed but the HA failover was successful.

An HA failover occurred.

The test was unsuccessful.

Return traffic to the initiator is sent to 10.1.0.1.

Return traffic to the initiator is sent lo 10.200.1.254.

It is an ICMP session from 10.1.10.10 to 10.200.1.1.

It is an ICMP session from 10.1.10.1 to 10.200.5.1.

Create_CHILD_SA

IKE_Auth

IKE_Req_INIT

IKE_SA_NIT

If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.

If port 7 becomes disconnected on the secondary, both FortiGate devices will elect itself as primary.

If FGVM...649 is rebooted. FGVM...650 will become the primary and retain that role, even after FGVM...649 rejoins the cluster.

If no action is taken, the primary FortiGate will leave the cluster because of the current sync status.

You must authorize the downstream FortiGate on the root FortiGate.

FortiGate must not be in NAT mode.

Ensure TCP port 8013 is not blocked along the way.

You must enable Security Fabric/Fortitelemetry on the receiving interface of the upstream FortiGate.

Ensure the port for Neighbor Discovery has been changed.

The BGP state of the two BGP participants is OpenConfirm.

The router ID of the neighbor is 100.64.2.254.

The BGP neighbor is advertising the 10.20.30.40/24 network to the local router.

The local router is advertising the 10.20.30.40/24 network to its BGP neighbor.

The traffic has been tagged for VLAN 0000.

NP7 is handling offloading of this session.

The traffic matches Policy ID 1.

The session has been offloaded.

Remote registry is not running on the workstation.

The user's status shows as "not verified" in the collector agent.

DNS resolution is unable to resolve the workstation name.

The FortiGate firmware version is not compatible with that of the collector agent.

A firewall is blocking traffic to port 139 and 445.

The workstation with IP 10.124.2.90 will be polled frequently using TCP port 445 to see if the user is still logged on.

The logon event can be seen on the collector agent installed on Windows.

FSSO is using DC agent mode to detect logon events.

FSSO is using agentless polling mode to detect logon events.

Both IKEv1 and IKEv2 share the feature of asymmetric authentication.

IKEv1 and IKEv2 have enough of the header format in common that both versions can run over the same UDP port.

IKEv1 and IKEv2 use same TCP port but run on different UDP ports.

IKEv1 and IKEv2 share the concept of phase1 and phase2.

Packet was dropped because of policy route misconfiguration.

Packet was dropped because of traffic shaping.

Trusted host list misconfiguration.

VIP or IP pool misconfiguration.

The local ForliGate has received one prefix from BGP neighbor 100.64.1.254.

The TCP connection with BGP neighbor 100.64.2.254 was successful.

The local FortiGate has received 18 packets from a BGP neighbor.

The local FortiGate is still calculating the prefixes received from BGP neighbor 100.64.2.264

An ISDB route

A regular policy route

A regular policy route, which is associated with an active static route in the FIB

An SD-WAN rule

With the auxiliary session selling disabled, only auxiliary sessions are offloaded.

With the auxiliary session setting enabled. ECMP traffic is accelerated to the NP6 processor.

With the auxiliary session setting enabled. Iwo sessions are created in case of routing change.

With the auxiliary session setting disabled, for each traffic path. FortiGate uses the same auxiliary session.

mschap

pap

mschap2

eap

Set snat-route-change to enable.

Set the priority of the static default route using port2 to 1.

Set preserve-session-route to enable.

Set the priority of the static default route using port1 to 10.

Protocol options allow administrators to configure a maximum number of sessions for each configured protocol.

Protocol options give administrators a streamlined method to instruct FortiGate to block all sessions corresponding to disabled protocols.

Protocol options allow administrators to configure the Any setting for all enabled protocols, which provides the most efficient use of system resources.

Protocol options allow administrators to configure which Layer 4 port numbers map to upper-layer protocols, such as HTTP, SMTP, FTP, and so on.

You can configure automation stitches on any FortiGate device in a Security Fabric environment.

You can configure automation stitches to execute actions sequentially by taking parameters from previous actions as input for the current action.

You can set an automation stitch configured to execute actions in parallel to insert a specific delay between actions.

You can create automation stitches to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.

A batter route to the 8.8.8.8/32 network exists in the routing table.

FGT-B is configured with a prefix list denying the 8.8.8.8/32 network to be injected into the routing table.

The administrator has misconfigured redistribution of routes on FGT-A.

FGT-8 is configured with a distribution list denying the 8.8.8.8/32 network to be injected into the routing table.