Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

FCSS_NST_SE-7.6 FCSS - Network Security 7.6 Support Engineer Questions and Answers

Questions 4

Refer to the exhibit, which shows a partial web filter profile configuration.

The URL www.dropbox.com is categorized as File Sharing and Storage.

Which action does FortiGate take if a user attempts to access www.dropbox.com?

Options:

A.

FortiGate blocks the connection as an invalid URL.

B.

Based on the URL Filter configuration, FortiGate allows the connection.

C.

FortiGate blocks the connection, based on the FortiGuard category-based filter configuration.

D.

Based on the Web Content filter configuration, access to www.dropbox.com would be exempted.

Buy Now
Questions 5

Refer to the exhibits, which contain the partial configurations of two VPNs on FortiGate.

An administrator has configured two VPNs for two different user groups. Users who are in the Users-2 group are not able to connect to the VPN. After running a diagnostics command, the administrator discovers that FortiGate is not matching the user-2 VPN for members of the Users-2 group.

Which two changes must the administrator make to fix the issue? (Choose two.)

Options:

A.

Change to aggressive mode on both VPNs.

B.

Enable XAuth on both VPNs.

C.

Use different pre-shared keys on both VPNs.

D.

Set up specific peer IDs on both VPNs.

Buy Now
Questions 6

Refer to the exhibit, which shows the output of the command get router info bgp neighbors 100.64.2.254 advertised-routes.

What can you conclude from the output?

Options:

A.

The BGP state of the two BGP participants is OpenConfirm.

B.

The router ID of the neighbor is 100.64.2.254.

C.

The BGP neighbor is advertising the 10.20.30.40/24 network to the local router.

D.

The local router is advertising the 10.20.30.40/24 network to its BGP neighbor.

Buy Now
Questions 7

Refer to the exhibit, which shows the partial output of a real-time OSPF debug.

Why are the two FortiGate devices unable to form an adjacency?

Options:

A.

The Hello packet is being sent from an OSPF router with ID 0.0.0.112.

B.

The two FortiGate devices attempting adjacency are in area 0.0.0.0.

C.

One FortiGate device is configured to require authentication, while the other is not.

D.

The passwords on the FortiGate devices do not match.

Buy Now
Questions 8

Refer to the exhibit, which shows the modified output of the routing kernel.

Which statement is true?

Options:

A.

The egress interface associated with static route 8.8.8.8/32 is administratively up.

B.

The default static route through 10.200.1.254 is not in the forwarding information base.

C.

The default static route through port2 is in the forwarding information base.

D.

The BGP route to 10.0.4.0/24 is not in the forwarding information base.

Buy Now
Questions 9

Refer to the exhibit, which shows a partial output from the get router info routing-table database command.

The administrator wants to configure a default static route for port3 and assign a distance of 50 and a priority of 0.

What will happen to the port1 and port2 default static routes after the port3 default static route is created?

Options:

A.

The port2 default static route will be injected into the forwarding information base (FIB).

B.

The port1 default static route will be injected into the FIB.

C.

Neither of the routes shown in the output will be injected into the FIB.

D.

Both default static routes shown in the output will be injected into the FIB.

Buy Now
Questions 10

Refer to the exhibit.

An IPsec VPN tunnel is dropping, as shown by the debug output.

Analyzing the debug output, what could be causing the tunnel to go down?

Options:

A.

Phase 2 drops but Phase 1 is up.

B.

Dead Peer Detection is not receiving its acknowledge packet.

C.

The tunnel drops during rekey negotiation.

D.

The tunnel drops after the timer expires.

Buy Now
Questions 11

Refer to the exhibit, which shows the output of get router info bgp summary.

Which two statements are true? (Choose two.)

Options:

A.

The local ForliGate has received one prefix from BGP neighbor 100.64.1.254.

B.

The TCP connection with BGP neighbor 100.64.2.254 was successful.

C.

The local FortiGate has received 18 packets from a BGP neighbor.

D.

The local FortiGate is still calculating the prefixes received from BGP neighbor 100.64.2.264

Buy Now
Questions 12

Refer to the exhibit, which a network topology and a partial routing table.

FortiGate has already been configured with a firewall policy that allows all ICMP traffic to flow from port1 to port3.

Which changes must the administrator perform to ensure the server at 10.4.0.1/24 receives the echo reply from the laptop at 10.1.0.1/24?

Options:

A.

Enable asymmetric routing under config system settings.

B.

Change the configuration from strict RPF check mode to feasible RPF check mode.

C.

A firewall policy that allows all ICMP traffic from port3 to port1.

D.

Modify the default gateway on the laptop from 10.1.0.2 to 10.2.0.2.

Buy Now
Questions 13

Refer to the exhibit, which shows the output of a BGP debug command.

What can you conclude about the router in this scenario?

Options:

A.

The router 100.64.3.1 needs to update the local AS number in its BGP configuration in order to bring up the 8GP session with the local router.

B.

An inbound route-map on local router is blocking the prefixes from neighbor 100.64.3.1.

C.

All of the neighbors displayed are part of a single BGP configuration on the local router with the neighbor-range set to a value of 4.

D.

The BGP session with peer 10.127.0.75 is up.

Buy Now
Questions 14

Refer to the exhibit, which contains the output of diagnose vpn tunnel list.

Which command will capture ESP traffic for the VPN named DialUp_0?

Options:

A.

diagnose sniffer packet any 'ip proto 50'

B.

diagnose sniffer packet any 'host 10.0.10.10'

C.

diagnose sniffer packet any 'esp and host 10.200.3.2'

D.

diagnose sniffer packet any 'port 4500'

Buy Now
Questions 15

Which three common FortiGate-to-collector-agent connectivity issues can you identify using the FSSO real-time debug? (Choose three.)

Options:

A.

Log is full on the collector agent.

B.

Inability to reach IP address of the collector agent.

C.

Refused connection. Potential mismatch of TCP port.

D.

Mismatched pre-shared password.

E.

Incompatible collector agent software version.

Buy Now
Questions 16

Refer to the exhibit, which shows the output of get router info ospf neighbor.

What can you conclude from the command output?

Options:

A.

The network type connecting the local Fortigate and OSPF neighbor 0.0.0.10 is point-to-point.

B.

All neighbors are in area 0.0.0.0.

C.

The local FortiGate is the BDR.

D.

The local FortiGate is not a DROther.

Buy Now
Questions 17

Exhibit 1.

Exhibit 2.

Refer to the exhibits, which show the configuration on FortiGate and partial internet session information from a user on the internal network.

An administrator would like to lest session failover between the two service provider connections.

Which two changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two.)

Options:

A.

Change the priority of the port! static route to 11.

B.

Change the priority of the port2 static route to 5.

C.

Configure unset snat-route-change to return it to the default setting.

D.

Configure set snat-route-change enable.

Buy Now
Questions 18

What are two reasons you might see iprope_in_check() check failed, drop when using the debug flow? (Choose two.)

Options:

A.

Packet was dropped because of policy route misconfiguration.

B.

Packet was dropped because of traffic shaping.

C.

Trusted host list misconfiguration.

D.

VIP or IP pool misconfiguration.

Buy Now
Questions 19

Refer to the exhibit.

Assuming a default configuration, which three statements are true? (Choose three.)

Options:

A.

Strict RPF is enabled by default.

B.

User B: Fail. There is no route to 95.56.234.24 using wan2 in the routing table.

C.

User A: Pass. The default static route through wan1 passes the RPF check regardless of the source IP address.

D.

User B: Pass. FortiGate will use asymmetric routing using wan1 to reply to traffic for 95.56.234.24.

E.

User C: Fail. There is no route to 10.0.4.63 using port1 in the touting table.

Buy Now

Fortinet Certified Solution Specialist |

Exam Code: FCSS_NST_SE-7.6
Exam Name: FCSS - Network Security 7.6 Support Engineer
Last Update: Aug 31, 2025
Questions: 66
FCSS_NST_SE-7.6 pdf

FCSS_NST_SE-7.6 PDF

$25.5  $84.99
 Add to Cart
FCSS_NST_SE-7.6 Engine

FCSS_NST_SE-7.6 Testing Engine

$30  $99.99
 Add to Cart
FCSS_NST_SE-7.6 PDF + Engine

FCSS_NST_SE-7.6 PDF + Testing Engine

$40.5  $134.99
 Add to Cart