Practice Free FCSS_NST_SE-7.6 Exam Online Questions
Question #1
Refer to the exhibit.
Assuming a default configuration, which three statements are true? (Choose three.)
- A . Strict RPF is enabled by default.
- B . User B: Fail. There is no route to 95.56.234.24 using wan2 in the routing table.
- C . User A: Pass. The default static route through wan1 passes the RPF check regardless of the source IP address.
- D . User B: Pass. FortiGate will use asymmetric routing using wan1 to reply to traffic for 95.56.234.24.
- E . User C: Fail. There is no route to 10.0.4.63 using port1 in the touting table.
Correct Answer: B, D, E
Question #2
Exhibit.
Refer to the exhibit, which shows the output of diagnose automation test.
What can you observe from the output? (Choose two.)
- A . The automation stitch test is not being logged.
- B . The automation stitch test failed but the HA failover was successful.
- C . An HA failover occurred.
- D . The test was unsuccessful.
Correct Answer: A, D
Question #3
Which three common FortiGate-to-collector-agent connectivity issues can you identify using the FSSO real-time debug? (Choose three.)
- A . Log is full on the collector agent.
- B . Inability to reach IP address of the collector agent.
- C . Refused connection. Potential mismatch of TCP port.
- D . Mismatched pre-shared password.
- E . Incompatible collector agent software version.
Correct Answer: BCD
Question #4
Which statement about protocol options is true?
- A . Protocol options allow administrators to configure a maximum number of sessions for each configured protocol.
- B . Protocol options give administrators a streamlined method to instruct FortiGate to block all sessions corresponding to disabled protocols.
- C . Protocol options allow administrators to configure the Any setting for all enabled protocols, which provides the most efficient use of system resources.
- D . Protocol options allow administrators to configure which Layer 4 port numbers map to upper-layer protocols, such as HTTP, SMTP, FTP, and so on.
Correct Answer: D
Question #5
Refer to the exhibit, which shows a session entry.
Which statement about this session is true?
- A . Return traffic to the initiator is sent to 10.1.0.1.
- B . Return traffic to the initiator is sent lo 10.200.1.254.
- C . It is an ICMP session from 10.1.10.10 to 10.200.1.1.
- D . It is an ICMP session from 10.1.10.1 to 10.200.5.1.
Correct Answer: D
Question #6
Which statement about parallel path processing is correct (PPP)?
- A . PPP chooses from a group of parallel options lo identity the optimal path tor processing a packet.
- B . Only FortiGate hardware configurations affect the path that a packet takes.
- C . PPP does not apply to packets that are part of an already established session.
- D . Software configuration has no impact on PPP.
Correct Answer: A
Question #7
Refer to the exhibit, which shows the output of the command get router info ospf neighbor.
To what extent does FortiGate operate when looking at its OSPF neighbors? (Choose two.)
- A . The local FortiGate has at least one interface that participates in a broadcast network.
- B . The local FortiGate has at least one interface that participates in a point-to-point network.
- C . The local FortiGate is the DR.
- D . Neighbor 0.0.0.18 is the designated router (DR).
Correct Answer: AB
AB
Explanation:
The command on this slide shows a summary of the statuses of all the OSPF neighbors. For each neighbor, it displays the adjacency state and if it is a DR, a BDR, or neither (DROther) Pagina 362
Enterprise_Firewall_7.2_Study. – Point-to-point networks contain only two peers, one at each end of
a point-to-point link – Broadcast networks (multi-access) support more than two attached routers. They also support sending messages to multiple recipients (broadcasting). Pagina 365 Enterprise_Firewall_7.2_Study. In any multi-access network there is one DR and one BDR. Pagina 439 Network_Security_Support_Engineer_7.4_Study FULL/- This represents a point-to-point network
AB
Explanation:
The command on this slide shows a summary of the statuses of all the OSPF neighbors. For each neighbor, it displays the adjacency state and if it is a DR, a BDR, or neither (DROther) Pagina 362
Enterprise_Firewall_7.2_Study. – Point-to-point networks contain only two peers, one at each end of
a point-to-point link – Broadcast networks (multi-access) support more than two attached routers. They also support sending messages to multiple recipients (broadcasting). Pagina 365 Enterprise_Firewall_7.2_Study. In any multi-access network there is one DR and one BDR. Pagina 439 Network_Security_Support_Engineer_7.4_Study FULL/- This represents a point-to-point network
Question #8
In IKEv2, which exchange establishes the first CHILD_SA?
- A . IKE_SA_INIT
- B . INFORMATIONAL
- C . CREATE_CHILD_SA
- D . IKE_Auth
Correct Answer: C
Question #9
Which two statements about an auxiliary session ate true? (Choose two.)
- A . With the auxiliary session selling disabled, only auxiliary sessions are offloaded.
- B . With the auxiliary session setting enabled. ECMP traffic is accelerated to the NP6 processor.
- C . With the auxiliary session setting enabled. Iwo sessions are created in case of routing change.
- D . With the auxiliary session setting disabled, for each traffic path. FortiGate uses the same auxiliary session.
Correct Answer: B, C
Question #10
Which exchange lakes care of DoS protection in IKEv2?
- A . Create_CHILD_SA
- B . IKE_Auth
- C . IKE_Req_INIT
- D . IKE_SA_NIT
Correct Answer: C
1 2