Ask Question
Fortinet FCSS_NST_SE-7.4 Practice Test - Questions Answers, Page 2
List of questions
Question 11
Refer to the exhibit, which shows a session entry.
Which statement about this session is true?
Return traffic to the initiator is sent to 10.1.0.1.
Return traffic to the initiator is sent lo 10.200.1.254.
It is an ICMP session from 10.1.10.10 to 10.200.1.1.
It is an ICMP session from 10.1.10.1 to 10.200.5.1.
Question 12
Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate.
Which action will FortiGate take when using the default settings for SSL certificate inspection?
FortiGate uses the SNI from the user's web browser.
FortiGate closes the connection because this represents an invalid SSL/TLS configuration.
FortiGate uses the first entry listed in the SAN field in the server certificate.
FortiGate uses the ZN information from the Subject field in the server certificate.
Question 13
Exhibit.
Refer to the exhibit, which contains partial output from an IKE real-time debug.
Which two statements about this debug output are correct? (Choose two)
Perfect Forward Secrecy (PFS) is enabled in the configuration.
The local gateway IP address is 10.0.0.1.
It shows a phase 2 negotiation.
The initiator provided remote as its IPsec peer ID.
Question 14
Exhibit.
Refer to the exhibit, which shows the output of a diagnose command.
What can you conclude about the debug output in this scenario?
The first server provided to FortiGate when it performed a DNS query looking for a list of rating servers, was 121.111.236.179.
There is a natural correlation between the value in the FortiGuard-requests field and the value in the Weight field.
FortiGate used 64.26.151.37 as the initial server to validate its contract.
Servers with a negative TZ value are less preferred for rating requests.
Question 15
Refer to the exhibit, which shows the output of a policy route table entry.
Which type of policy route does the output show?
An ISDB route
A regular policy route
A regular policy route, which is associated with an active static route in the FIB
An SD-WAN rule
Question 16
Exhibit.
Refer to the exhibit, which shows a FortiGate configuration.
An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however the web filter is not inspecting any traffic that is passing through the policy.
What must the administrator do to fix the issue?
Disable webfilter-force-off.
Increase webfilter-timeout.
Enable fortiguard-anycast.
Change protocol to TCP.
Question 17
Which statement about IKEv2 is true?
Both IKEv1 and IKEv2 share the feature of asymmetric authentication.
IKEv1 and IKEv2 have enough of the header format in common that both versions can run over the same UDP port.
IKEv1 and IKEv2 use same TCP port but run on different UDP ports.
IKEv1 and IKEv2 share the concept of phase1 and phase2.
Question 18
Exhibit 1.
Exhibit 2.
Refer to the exhibits, which show the configuration on FortiGate and partial internet session information from a user on the internal network.
An administrator would like to lest session failover between the two service provider connections.
Which two changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two)
Change the priority of the port! static route to 11.
Change the priority of the port2 static route to 5.
Configure unset snat-route-change to return it to the default setting.
Configure set snat-route-change enable.
Question 19
Refer to the exhibit, which shows the output of a debug command.
Which two statements about the output are true? (Choose two)
The interlace is part of the OSPF backbone area.
There are a total of five OSPF routers attached to the vorz4 network segment
One of the neighbors has a router ID of 0.0.0.4.
In the network connected to port4, two OSPF routers are down.
Question 20
Refer to the exhibit.
Which three pieces of information does the diagnose sys top command provide? (Choose three)
The miglogd daemon is running on CPU core ID 0.
The diagnose sys top command has been running for 18 minutes.
The miglogd daemon would be on top of the list, if the administrator pressed m on the keyboard.
The cmdbsvr process is occupying 2.4% of the total user memory space.
If the neweli daemon continues to be in the R state, it will need to be manually restarted.
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question