Fortinet FCSS_NST_SE-7.6 FCSS - Network Security 7.6 Support Engineer Exam Practice Test

The Hello packet is being sent from an OSPF router with ID 0.0.0.112.

The two FortiGate devices attempting adjacency are in area 0.0.0.0.

One FortiGate device is configured to require authentication, while the other is not.

The passwords on the FortiGate devices do not match.

If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.

If port 7 becomes disconnected on the secondary, both FortiGate devices will elect itself as primary.

If FGVM...649 is rebooted. FGVM...650 will become the primary and retain that role, even after FGVM...649 rejoins the cluster.

If no action is taken, the primary FortiGate will leave the cluster because of the current sync status.

PPP chooses from a group of parallel options lo identity the optimal path tor processing a packet.

Only FortiGate hardware configurations affect the path that a packet takes.

PPP does not apply to packets that are part of an already established session.

Software configuration has no impact on PPP.

Perfect Forward Secrecy (PFS) is enabled in the configuration.

The local gateway IP address is 10.0.0.1.

It shows a phase 2 negotiation.

The initiator provided remote as its IPsec peer ID.

Strict RPF is enabled by default.

User B: Fail. There is no route to 95.56.234.24 using wan2 in the routing table.

User A: Pass. The default static route through wan1 passes the RPF check regardless of the source IP address.

User B: Pass. FortiGate will use asymmetric routing using wan1 to reply to traffic for 95.56.234.24.

User C: Fail. There is no route to 10.0.4.63 using port1 in the touting table.

Change the priority of the port! static route to 11.

Change the priority of the port2 static route to 5.

Configure unset snat-route-change to return it to the default setting.

Configure set snat-route-change enable.

Remote registry is not running on the workstation.

The user's status shows as "not verified" in the collector agent.

DNS resolution is unable to resolve the workstation name.

The FortiGate firmware version is not compatible with that of the collector agent.

A firewall is blocking traffic to port 139 and 445.

FortiGate uses the SNI from the user's web browser.

FortiGate closes the connection because this represents an invalid SSL/TLS configuration.

FortiGate uses the first entry listed in the SAN field in the server certificate.

FortiGate uses the CN information from the Subject field in the server certificate.

The workstation with IP 10.124.2.90 will be polled frequently using TCP port 445 to see if the user is still logged on.

The logon event can be seen on the collector agent installed on Windows.

FSSO is using DC agent mode to detect logon events.

FSSO is using agentless polling mode to detect logon events.

The administrator must also run the command diagnose debug enable.

The debug shows only error messages. If there is no output, then the phase 1 and phase 2 configurations match.

The log-filter setting is incorrect. The VPN traffic does not match this filter.

Replace diagnose debug application ike -1 with diagnose debug application ipsec -1.

Protocol options allow administrators to configure a maximum number of sessions for each configured protocol.

Protocol options give administrators a streamlined method to instruct FortiGate to block all sessions corresponding to disabled protocols.

Protocol options allow administrators to configure the Any setting for all enabled protocols, which provides the most efficient use of system resources.

Protocol options allow administrators to configure which Layer 4 port numbers map to upper-layer protocols, such as HTTP, SMTP, FTP, and so on.

Phase 2 drops but Phase 1 is up.

Dead Peer Detection is not receiving its acknowledge packet.

The tunnel drops during rekey negotiation.

The tunnel drops after the timer expires.

An ISDB route

A regular policy route

A regular policy route, which is associated with an active static route in the FIB

An SD-WAN rule

The total slab size of the sctp_session slab is 0 kB and is associated with the user space.

The total slab size of the ip_session slab is 3600 kB and is associated with the user space.

The total slab size of the ip6_session slab is 1300 kB and is associated with the kernel.

The total slab size of the tcp_session slab is 7500 kB and is associated with the kernel.

The name of the configured LDAP server is Lab.

The user is authenticating using CN=John Smith.

FortiOS is able to locate the user in step 3 (Bind Request) of the LDAP authentication process.

FortiOS is performing the second step (Search Request) in the LDAP authentication process.

Create_CHILD_SA

IKE_Auth

IKE_Req_INIT

IKE_SA_NIT

mschap

pap

mschap2

eap

The first server provided to FortiGate when it performed a DNS query looking for a list of rating servers, was 121.111.236.179.

There is a natural correlation between the value in the FortiGuard-requests field and the value in the Weight field.

FortiGate used 64.26.151.37 as the initial server to validate its contract.

Servers with a negative TZ value are less preferred for rating requests.

You must authorize the downstream FortiGate on the root FortiGate.

FortiGate must not be in NAT mode.

Ensure TCP port 8013 is not blocked along the way.

You must enable Security Fabric/Fortitelemetry on the receiving interface of the upstream FortiGate.

Ensure the port for Neighbor Discovery has been changed.