Fortinet FCSS_NST_SE-7.4 Practice Test - Questions Answers
Question list
List of questions
Related questions
Exhibit.
Refer to the exhibit, which contains a screenshot of some phase 1 settings.
The VPN is not up. To diagnose the issue, the administrator enters the following CLI commands on an SSH session on FortiGate:
However, the IKE real-time debug does not show any output. Why?
The administrator must also run the command diagnose debug enable.
The debug shows only error messages. If there is no output, then the phase 1 and phase 2 configurations match.
The log-filter setting is incorrect. The VPN traffic does not match this filter.
Replace diagnose debug application ike -1 with diagnose debug application ipsec -1.
Exhibit.
Refer to the exhibit, which shows a partial output of diagnose hardware aysinfo memory.
Which two statements about the output are true? (Choose two)
There are 98908 kB o! memory that will never be used.
The user space has 708880 kB of physical memory that is not used by the system.
The I/O cache, which has 641364 kB of memory allocated to it.
The value indicated next to the inactive heading represents the currently unused cache page.
Exhibit.
Refer to the exhibit, which shows the output of get system ha status.
NGFW-1 and NGFW-2 have been up for a week.
Which two statements about the output are true? (Choose two)
If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.
If port 7 becomes disconnected on the secondary, both FortiGate devices will elect itself as primary.
If FGVM...649 is rebooted. FGVM...650 will become the primary and retain that role, even after FGVM...649 rejoins the cluster.
If no action is taken, the primary FortiGate will leave the cluster because of the current sync status.
Exhibit.
Refer to the exhibit, which shows a partial web fillet profile configuration.
Which action does FortiGate lake if a user attempts to access www. dropbox. com, which is categorized as File Sharing and Storage?
FortiGate allows the connection, based on the URL Filter configuration.
FortiGate blocks the connection as an invalid URL.
FortiGate exempts the connection, based on the Web Content Filter configuration.
FortiGate blocks the connection, based on the FortiGuard category based filter configuration.
Refer to the exhibit, which shows the omitted output of a session table entry.
Which two statements are true? (Choose two)
The traffic has been tagged for VLAN 0000.
NP7 is handling offloading of this session.
The traffic matches Policy ID 1.
The session has been offloaded.
Refer to the exhibit.
Assuming a default configuration, which three statements are true? (Choose three)
Strict RPF is enabled by default.
User B: Fail. There is no route to 95.56.234.24 using wan2 in the routing table.
User A: Pass. The default static route through wan1 passes the RPF check regardless of the source IP address.
User B: Pass. FortiGate will use asymmetric routing using wan1 to reply to traffic for 95.56.234.24.
User C: Fail. There is no route to 10.0.4.63 using port1 in the touting table.
Which two statements about Security Fabric communications are true? (Choose two)
FortiTelemetry and Neighbor Discovery both operate using TCP.
The default port for Neighbor Discovery can be modified.
FortiTelemetry must be manually enabled on the FortiGate interface.
By default, the downstream FortiGate establishes a connection with the upstream FortiGate using TCP port 8013.
Refer to the exhibit, which contains the output of diagnose vpn tunnel list.
Which command will capture ESP traffic for the VPN named DialUp_0?
diagnose sniffer packet any 'ip proto 50'
diagnose sniffer packet any 'host 10.0.10.10'
diagnose sniffer packet any 'esp and host 10.200.3.2'
diagnose sniffer packet any 'port 4500'
Which two statements are true regarding heartbeat messages sent from an FSSO collector agent to FortiGate? (Choose two)
The heartbeat messages can be seen using the command diagnose debug authd fsso list.
The heartbeat messages can be seen in the collector agent logs.
The heartbeat messages can be seen on FortiGate using the real-lime FSSO debug.
The heartbeat messages must be manually enabled on FortiGate.
Refer to the exhibit, which shows a truncated output of a real-time LDAP debug.
What two conclusions can you draw from the output? (Choose two)
The name of the configured LDAP server is Lab.
The user is authenticating using CN=John Smith.
FortiOS is able to locate the user in step 3 (Bind Request) of the LDAP authentication process.
FortiOS is performing the second step (Search Request) in the LDAP authentication process.
Question