Fortinet FCSS_NST_SE-7.4 Practice Test - Questions Answers, Page 4
Question list
List of questions
Related questions
Refer to the exhibit, which shows partial outputs from two routing debug commands.
Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?
Set snat-route-change to enable.
Set the priority of the static default route using port2 to 1.
Set preserve-session-route to enable.
Set the priority of the static default route using port1 to 10.
What are two reasons you might see iprope_in_check() check failed, drop when using the debug flow? (Choose two)
Packet was dropped because of policy route misconfiguration.
Packet was dropped because of traffic shaping.
Trusted host list misconfiguration.
VIP or IP pool misconfiguration.
Exhibit.
Refer to the exhibit, which shows the output of a session. Which two statements are true? (Choose Iwo)
The TCP session has been successfully established.
The session was initiated from an authenticated user.
The session is being inspected using flow inspection.
The session is being offloaded.
Refer to the exhibit, which shows the output of get router info ospf neighbor.
What can you conclude from the command output?
The network type connecting the local Fortigate and OSPF neighbor 0.0.0.10 is point-to-point.
All neighbors are in area 0.0.0.0.
The local FortiGate is the BDR.
The local FortiGate is not a DROther.
Exhibit.
Refer to the exhibit, which shows two entries that were generated in the FSSO collector agent logs.
What three conclusions can you draw from these log entries? {Choose three)
Remote registry is not running on the workstation.
The user's status shows as 'not verified' in the collector agent.
DNS resolution is unable to resolve the workstation name.
The FortiGate firmware version is not compatible with that of the collector agent.
A firewall is blocking traffic to port 139 and 445.
Which statement about protocol options is true?
Protocol options allow administrators to configure a maximum number of sessions for each configured protocol.
Protocol options give administrators a streamlined method to instruct FortiGate to block all sessions corresponding to disabled protocols.
Protocol options allow administrators to configure the Any setting for all enabled protocols, which provides the most efficient use of system resources.
Protocol options allow administrators to configure which Layer 4 port numbers map to upper-layer protocols, such as HTTP, SMTP, FTP, and so on.
Which two statements about conserve mode are true? (Choose two)
FortiGate enters conserve mode when the system memory reaches the configured extreme threshold.
FortiGate starts taking the configured action for new sessions requiring content inspection when the system memory reaches the configured red threshold.
FortiGate exits conserve mode when the system memory goes below the configured green threshold.
FortiGate starts dropping all new sessions when the system memory reaches the configured red threshold.
Which statement about parallel path processing is correct (PPP)?
PPP chooses from a group of parallel options lo identity the optimal path tor processing a packet.
Only FortiGate hardware configurations affect the path that a packet takes.
PPP does not apply to packets that are part of an already established session.
Software configuration has no impact on PPP.
In IKEv2, which exchange establishes the first CHILD_SA?
IKE_SA_INIT
INFORMATIONAL
CREATE_CHILD_SA
IKE_Auth
Which authentication option can you not configure under config user radius on FortiOS?
mschap
pap
mschap2
eap
Question