Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dumps65

Fortinet FCSS_NST_SE-7.4 Dumps

FCSS - Network Security 7.4 Support Engineer Questions and Answers

Question 1

Exhibit.

as

Refer to the exhibit, which shows a FortiGate configuration.

An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however the web filter is not inspecting any traffic that is passing through the policy.

What must the administrator do to fix the issue?

Options:

A.

Disable webfilter-force-off.

B.

Increase webfilter-timeout.

C.

Enable fortiguard-anycast.

D.

Change protocol to TCP.

Question 2

Which statement aboutprotocol options is true?

Options:

A.

Protocol options allow administrators to configure a maximum number of sessions for each configured protocol.

B.

Protocol options give administrators a streamlined method to instruct FortiGate to block all sessions corresponding to disabled protocols.

C.

Protocol options allow administrators to configure the Any setting for all enabled protocols, which provides the most efficient use of system resources.

D.

Protocol options allow administrators to configure which Layer 4 port numbers map to upper-layer protocols, such as HTTP, SMTP, FTP, and so on.

Question 3

Exhibit.

as

Refer to the exhibit, which shows a partial web fillet profile configuration.

Which action does FortiGate lake if a user attempts to access dropbox. com, which is categorized as File Sharing and Storage?

Options:

A.

FortiGate allows the connection, based on the URL Filter configuration.

B.

FortiGate blocks the connection as an invalid URL.

C.

FortiGate exempts the connection, based on the Web Content Filter configuration.

D.

FortiGate blocks the connection, based on the FortiGuard category based filter configuration.

Question 4

Refer to the exhibits.

as

An administrator Is expecting to receive advertised route 8.8.8.8/32 from FGT-A. On FGT-B, they confirm that the route is being advertised and received, however, the route is not being injected into the routing table. What is the most likely cause of this issue?

Options:

A.

A batter route to the 8.8.8.8/32 network exists in the routing table.

B.

FGT-B is configured with a prefix list denying the 8.8.8.8/32 network to be injected into the routing table.

C.

The administrator has misconfigured redistribution of routes on FGT-A.

D.

FGT-8 is configured with a distribution list denying the 8.8.8.8/32 network to be injected into the routing table.

Question 5

Refer to the exhibit, which contains the output ofdiagnose vpn tunnellist.

as

Which command will capture ESP traffic for the VPN named DialUp_0?

Options:

A.

diagnose sniffer packet any 'ip proto 50'

B.

diagnose sniffer packet any 'host 10.0.10.10'

C.

diagnose sniffer packet any 'esp and host 10.200.3.2'

D.

diagnose sniffer packet any 'port 4500'

Question 6

Refer to the exhibit, which shows a truncated output of a real-time LDAP debug.

as

What two conclusions can you draw from the output? (Choose two.)

Options:

A.

The name of the configured LDAP server is Lab.

B.

The user is authenticating using CN=John Smith.

C.

FortiOS is able to locate the user in step 3 (Bind Request) of the LDAP authentication process.

D.

FortiOS is performing the second step (Search Request) in the LDAP authentication process.

Question 7

Refer to the exhibit, which shows the output o! the BGP database.

as

Which two statements are correct? (Choose two.)

Options:

A.

The advertised prefix of 10.20.30.0'24 was configured using the network command.

B.

The first four prefixes are being advertised using a legacy route advertisement.

C.

The advertised prefix of 10.20.30.0'24 is being advertised through the redistribution of another routing protocol.

D.

The output shows all prefixes advertised by all neighbors as well as the local router.

Question 8

Exhibit.

as

Refer to the exhibit, which shows two entries that were generated in theFSSO collectoragent logs.

What three conclusions can you draw from these log entries? {Choose three.)

Options:

A.

Remote registry is not running on the workstation.

B.

The user's status shows as "not verified" in the collector agent.

C.

DNS resolution is unable to resolve the workstation name.

D.

The FortiGate firmware version is not compatible with that of the collector agent.

E.

A firewall is blocking traffic to port 139 and 445.

Question 9

Exhibit 1.

as

Exhibit 2.

as

Refer to the exhibits, which show the configuration on FortiGate and partial internet session information from a user on the internal network.

An administrator would like to lest session failover between the two service provider connections.

Which two changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two.)

Options:

A.

Change the priority of the port! static route to 11.

B.

Change the priority of the port2 static route to 5.

C.

Configure unsetsnat-route-change to return it to the default setting.

D.

Configure setsnat-route-change enable.

Question 10

Refer to theexhibit,which shows the output of getrouter info ospf neighbor.

as

What can you conclude from the command output?

Options:

A.

The network type connecting the local Fortigate and OSPF neighbor 0.0.0.10 is point-to-point.

B.

All neighbors are in area 0.0.0.0.

C.

The local FortiGate is the BDR.

D.

The local FortiGate is not a DROther.

Question 11

Refer to the exhibit, which shows the output of a policy route table entry.

as

Which type of policy route does the output show?

Options:

A.

An ISDB route

B.

A regular policy route

C.

A regular policy route, which is associated with an active static route in the FIB

D.

AnSD-WAN rule

Question 12

Which two statements about an auxiliary session ate true? (Choose two.)

Options:

A.

With the auxiliary session selling disabled, only auxiliary sessions are offloaded.

B.

With the auxiliary session setting enabled. ECMP traffic is accelerated to the NP6 processor.

C.

With the auxiliary session setting enabled. Iwo sessions are created in case of routing change.

D.

With the auxiliary session setting disabled, for each traffic path. FortiGate uses the same auxiliary session.

Page: 1 / 4
Total 40 questions