Fortinet fcss nst se 7 4 practice test
FCSS - Network Security 7.4 Support Engineer
Question 1
Consider the scenario where the server name indication (SNI) does not match either the common
name (CN) or any of the subject alternative names (SAN) in the server certificate.
Which action will FortiGate take when using the default settings for SSL certificate inspection?
- A. FortiGate uses the SNI from the user's web browser.
- B. FortiGate closes the connection because this represents an invalid SSL/TLS configuration.
- C. FortiGate uses the first entry listed in the SAN field in the server certificate.
- D. FortiGate uses the CN information from the Subject field in the server certificate.
Answer:
D
Question 2
Exhibit.
Refer to the exhibit, which contains partial output from an IKE real-time debug.
Which two statements about this debug output are correct? (Choose two.)
- A. Perfect Forward Secrecy (PFS) is enabled in the configuration.
- B. The local gateway IP address is 10.0.0.1.
- C. It shows a phase 2 negotiation.
- D. The initiator provided remote as its IPsec peer ID.
Answer:
C, D
Question 3
Exhibit.
Refer to the exhibit, which shows the output of a diagnose command.
What can you conclude about the debug output in this scenario?
- A. The first server provided to FortiGate when it performed a DNS query looking for a list of rating servers, was 121.111.236.179.
- B. There is a natural correlation between the value in the FortiGuard-requests field and the value in the Weight field.
- C. FortiGate used 64.26.151.37 as the initial server to validate its contract.
- D. Servers with a negative TZ value are less preferred for rating requests.
Answer:
B
Question 4
Refer to the exhibit, which shows the output of a policy route table entry.
Which type of policy route does the output show?
- A. An ISDB route
- B. A regular policy route
- C. A regular policy route, which is associated with an active static route in the FIB
- D. An SD-WAN rule
Answer:
A
Question 5
Exhibit.
Refer to the exhibit, which shows a FortiGate configuration.
An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured
a web filter profile and applied it to a policy; however the web filter is not inspecting any traffic that
is passing through the policy.
What must the administrator do to fix the issue?
- A. Disable webfilter-force-off.
- B. Increase webfilter-timeout.
- C. Enable fortiguard-anycast.
- D. Change protocol to TCP.
Answer:
A
Question 6
Which statement about IKEv2 is true?
- A. Both IKEv1 and IKEv2 share the feature of asymmetric authentication.
- B. IKEv1 and IKEv2 have enough of the header format in common that both versions can run over the same UDP port.
- C. IKEv1 and IKEv2 use same TCP port but run on different UDP ports.
- D. IKEv1 and IKEv2 share the concept of phase1 and phase2.
Answer:
B
Question 7
Exhibit 1.
Exhibit 2.
Refer to the exhibits, which show the configuration on FortiGate and partial internet session
information from a user on the internal network.
An administrator would like to lest session failover between the two service provider connections.
Which two changes must the administrator make to force this existing session to immediately start
using the other interface? (Choose two.)
- A. Change the priority of the port! static route to 11.
- B. Change the priority of the port2 static route to 5.
- C. Configure unset snat-route-change to return it to the default setting.
- D. Configure set snat-route-change enable.
Answer:
A, D
Question 8
Refer to the exhibit, which shows the output of a debug command.
Which two statements about the output are true? (Choose two.)
- A. The interlace is part of the OSPF backbone area.
- B. There are a total of five OSPF routers attached to the vorz4 network segment
- C. One of the neighbors has a router ID of 0.0.0.4.
- D. In the network connected to port4, two OSPF routers are down.
Answer:
A, D
Question 9
Refer to the exhibit.
Which three pieces of information does the diagnose sys top command provide? (Choose three.)
- A. The miglogd daemon is running on CPU core ID 0.
- B. The diagnose sys top command has been running for 18 minutes.
- C. The miglogd daemon would be on top of the list, if the administrator pressed m on the keyboard.
- D. The cmdbsvr process is occupying 2.4% of the total user memory space.
- E. If the neweli daemon continues to be in the R state, it will need to be manually restarted.
Answer:
ACD
Question 10
Refer to the exhibit, which shows the output o! the BGP database.
Which two statements are correct? (Choose two.)
- A. The advertised prefix of 10.20.30.0'24 was configured using the network command.
- B. The first four prefixes are being advertised using a legacy route advertisement.
- C. The advertised prefix of 10.20.30.0'24 is being advertised through the redistribution of another routing protocol.
- D. The output shows all prefixes advertised by all neighbors as well as the local router.
Answer:
A, D
Question 11
In which two slates is a given session categorized as ephemeral? (Choose two.)
- A. A UDP session with only one packet received
- B. A UOP session with packets sent and received
- C. A TCP session waiting for the SYN ACK
- D. A TCP session waiting for FIN ACK
Answer:
A, C
Question 12
Refer to the exhibit, which shows the output of get router info bgp summary.
Which two statements are true? (Choose two.)
- A. The local ForliGate has received one prefix from BGP neighbor 100.64.1.254.
- B. The TCP connection with BGP neighbor 100.64.2.254 was successful.
- C. The local FortiGate has received 18 packets from a BGP neighbor.
- D. The local FortiGate is still calculating the prefixes received from BGP neighbor 100.64.2.264
Answer:
A, C
Question 13
Which exchange lakes care of DoS protection in IKEv2?
- A. Create_CHILD_SA
- B. IKE_Auth
- C. IKE_Req_INIT
- D. IKE_SA_NIT
Answer:
C
Question 14
Refer to the exhibit, which shows a partial output of the fssod daemon real-time debug command.
What two conclusions can you draw Itom the output? (Choose two.)
- A. The workstation with IP 10.124.2.90 will be polled frequently using TCP port 445 to see if the user is still logged on.
- B. The logon event can be seen on the collector agent installed on Windows.
- C. FSSO is using DC agent mode to detect logon events.
- D. FSSO is using agentless polling mode to detect logon events.
Answer:
A, D
Question 15
An administrator wants to capture encrypted phase 2 traffic between two FotiGate devices using the
built-in sniffer.
If the administrator knows that there Is no NAT device located between both FortiGate devices,
which command should the administrator run?
- A. diagnose sniffer packet any 'udp port 500'
- B. diagnose sniffer packet any 'lp proto 50'
- C. diagnose sniffer packet any 'udp port 4500'
- D. diagnose sniffer packet any 'ah'
Answer:
B