Practice Free FCSS_NST_SE-7.4 Exam Online Questions
Which two statements are true regarding heartbeat messages sent from an FSSO collector agent to FortiGate? (Choose two.)
- A . The heartbeat messages can be seen using the command diagnose debug authd fsso list.
- B . The heartbeat messages can be seen in the collector agent logs.
- C . The heartbeat messages can be seen on FortiGate using the real-lime FSSO debug.
- D . The heartbeat messages must be manually enabled on FortiGate.
Refer to the exhibit, which shows the output of get router info bgp summary.
Which two statements are true? (Choose two.)
- A . The local ForliGate has received one prefix from BGP neighbor 100.64.1.254.
- B . The TCP connection with BGP neighbor 100.64.2.254 was successful.
- C . The local FortiGate has received 18 packets from a BGP neighbor.
- D . The local FortiGate is still calculating the prefixes received from BGP neighbor 100.64.2.264
Refer to the exhibit, which shows the output of a policy route table entry.
Which type of policy route does the output show?
- A . An ISDB route
- B . A regular policy route
- C . A regular policy route, which is associated with an active static route in the FIB
- D . An SD-WAN rule
Exhibit.
Refer to the exhibit, which shows the output of get system ha status.
NGFW-1 and NGFW-2 have been up for a week.
Which two statements about the output are true? (Choose two.)
- A . If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.
- B . If port 7 becomes disconnected on the secondary, both FortiGate devices will elect itself as primary.
- C . If FGVM…649 is rebooted. FGVM…650 will become the primary and retain that role, even after FGVM…649 rejoins the cluster.
- D . If no action is taken, the primary FortiGate will leave the cluster because of the current sync status.
In the SAML negotiation process, which section does the Identity Provider (IdP) provide the SAML attributes utilized in the authentication process to the Service Provider (SP)?
- A . SP Login dump
- B . Authentication Response
- C . Authentication Request
- D . Assertion dump
Which statement about IKEv2 is true?
- A . Both IKEv1 and IKEv2 share the feature of asymmetric authentication.
- B . IKEv1 and IKEv2 have enough of the header format in common that both versions can run over the same UDP port.
- C . IKEv1 and IKEv2 use same TCP port but run on different UDP ports.
- D . IKEv1 and IKEv2 share the concept of phase1 and phase2.
Refer to the exhibits.
An administrator is attempting to advertise the network configured on port3. However, FGT-A is not receiving the prefix.
Which two actions can the administrator take to fix this problem? (Choose two.)
- A . Modify the prefix using the network command from 172.16.0.0/16 to 172.16.54.0/24.
- B . Manually add the BGP route on FGT-A.
- C . Restart BGP using a soft reset to force both peers to exchange their complete BGP routing tables.
- D . Use the set network-import-check disable command.
Exhibit 1.
Exhibit 2.
Refer to the exhibits, which show the configuration on FortiGate and partial internet session information from a user on the internal network.
An administrator would like to lest session failover between the two service provider connections.
Which two changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two.)
- A . Change the priority of the port! static route to 11.
- B . Change the priority of the port2 static route to 5.
- C . Configure unset snat-route-change to return it to the default setting.
- D . Configure set snat-route-change enable.
Refer to the exhibit, which shows a partial output from the get router info routing-table database command.
The administrator wants to configure a default static route for port3 and assign a distance of 50 and a priority of 0.
What will happen to the port1 and port2 default static routes after the port3 default static route is created?
- A . The port2 default static route will be injected into the forwarding information base (FIB).
- B . The port1 default static route will be injected into the FIB.
- C . Neither of the routes shown in the output will be injected into the FIB.
- D . Both default static routes shown in the output will be injected into the FIB.
Refer to the exhibit, which shows the omitted output of a session table entry.
Which two statements are true? (Choose two.)
- A . The traffic has been tagged for VLAN 0000.
- B . NP7 is handling offloading of this session.
- C . The traffic matches Policy ID 1.
- D . The session has been offloaded.