Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Fortinet FCSS_NST_SE-7.4 - FCSS - Network Security 7.4 Support Engineer

Fortinet FCSS_NST_SE-7.4 Premium Access     Download Demo    
Page: 2 / 2
Total 66 questions

Refer to the exhibit, which shows the port1 interface configuration on FortiGate and partial session information for ICMP traffic.

What happens to the session information if a routing change occurs that affects this session?

A.

Only the interface and gateway information for dev=7 will be removed.

B.

The session information will not change unless the current route has been removed from the routing table.

C.

The session will be flagged as dirty but no route lookups will be performed.

D.

Sessions involving port7 or port19 will not have their routing information flushed.

Which two statements about Security Fabric communications are true? (Choose two.)

A.

FortiTelemetry and Neighbor Discovery both operate using TCP.

B.

The default port for Neighbor Discovery can be modified.

C.

FortiTelemetry must be manually enabled on the FortiGate interface.

D.

By default, the downstream FortiGate establishes a connection with the upstream FortiGate using TCP port 8013.

Refer to the exhibit.

Which three pieces of information does the diagnose sys top command provide? (Choose three.)

A.

The miglogd daemon is running on CPU core ID 0.

B.

The diagnose sys top command has been running for 18 minutes.

C.

The miglogd daemon would be on top of the list, if the administrator pressed m on the keyboard.

D.

The cmdbsvr process is occupying 2.4% of the total user memory space.

E.

If the neweli daemon continues to be in the R state, it will need to be manually restarted.

Refer to the exhibit, which shows the partial output of FortiOS kernel slabs.

Which statement is true?

A.

The total slab size of the sctp_session slab is 0 kB and is associated with the user space.

B.

The total slab size of the ip_session slab is 3600 kB and is associated with the user space.

C.

The total slab size of the ip6_session slab is 1300 kB and is associated with the kernel.

D.

The total slab size of the tcp_session slab is 7500 kB and is associated with the kernel.

Exhibit.

Refer to the exhibit, which contains partial output from an IKE real-time debug.

Which two statements about this debug output are correct? (Choose two.)

A.

Perfect Forward Secrecy (PFS) is enabled in the configuration.

B.

The local gateway IP address is 10.0.0.1.

C.

It shows a phase 2 negotiation.

D.

The initiator provided remote as its IPsec peer ID.

Refer to the exhibit, which shows a session entry.

Which statement about this session is true?

A.

Return traffic to the initiator is sent to 10.1.0.1.

B.

Return traffic to the initiator is sent lo 10.200.1.254.

C.

It is an ICMP session from 10.1.10.10 to 10.200.1.1.

D.

It is an ICMP session from 10.1.10.1 to 10.200.5.1.

Refer to the exhibit, which contains partial output from an IKE real-time debug.

The administrator does not have access to the remote gateway.

Based on the debug output, which configuration change the administrator make to the local gateway to resolve the phase 1 negotiation error?

A.

In the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.

B.

In the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.

C.

In the phase 1 network configuration, set the IKE version to 2.

D.

In the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.

The local OSPF router is unable to establish adjacency with a peer.

Which two things should the administrator do to troubleshoot the issue? (Choose two.)

A.

Check whether TCP port 179 is blocked.

B.

Check if there is an active static route to the peer.

C.

Check whether both peers have an IP address within the same subnet.

D.

Check if IP protocol 89 is blocked.

In which two slates is a given session categorized as ephemeral? (Choose two.)

A.

A UDP session with only one packet received

B.

A UOP session with packets sent and received

C.

A TCP session waiting for the SYN ACK

D.

A TCP session waiting for FIN ACK