Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

FCSS_NST_SE-7.6 Fortinet NSE 6 - Network Security 7.6 Support Engineer Questions and Answers

Questions 4

What is an accurate description of LDAP authentication using the regular bind type?

Options:

A.

The regular bind requires the client to send the full distinguished name (ON).

B.

The regular bind type is the easiest bind type to configure on ForbOS.

C.

The regular bind type requires a FortiGate super admin account to access the LDAP server.

D.

It is not often used as a bind type

Buy Now
Questions 5

Refer to the exhibit, which shows the omitted output of a session table entry.

Which two statements are true? (Choose two.)

Options:

A.

The traffic has been tagged for VLAN 0000.

B.

NP7 is handling offloading of this session.

C.

The traffic matches Policy ID 1.

D.

The session has been offloaded.

Buy Now
Questions 6

Refer to the exhibit, which shows the output of a debug command.

Which two statements about the output are true? (Choose two.)

Options:

A.

The interlace is part of the OSPF backbone area.

B.

There are a total of five OSPF routers attached to the vorz4 network segment

C.

One of the neighbors has a router ID of 0.0.0.4.

D.

In the network connected to port4, two OSPF routers are down.

Buy Now
Questions 7

Refer to the exhibit.

An IPsec VPN tunnel using IKEv2 was brought up successfully, but when the tunnel rekey takes place the tunnel goes down.

The debug command for IKE was enabled and, in the exhibit, you can review the partial output of the debug IKE while attempting to bring the tunnel up.

What is causing. The tunnel to be down?

Options:

A.

A Diffie-Hellman mismatch

B.

Blocked traffic on UDP port 500

C.

A mismatch m the Phase 1 negotiations

D.

A mismatch in the Phase 2 negotiations

Buy Now
Questions 8

Which three common FortiGate-to-collector-agent connectivity issues can you identify using the FSSO real-time debug? (Choose three.)

Options:

A.

The SSL certificate used for FSSO over SSL has expired.

B.

The connection was refused. There may be a mismatch of the TCP port.

C.

FortiGate cannot reach the IP address of the collector agent.

D.

The pro-shared key does not match

E.

The group filters do not match.

Buy Now
Questions 9

Refer to the exhibit, which shows the modified output of the routing kernel.

Which statement is true?

Options:

A.

The egress interface associated with static route 8.8.8.8/32 is administratively up.

B.

The default static route through 10.200.1.254 is not in the forwarding information base.

C.

The default static route through port2 is in the forwarding information base.

D.

The BGP route to 10.0.4.0/24 is not in the forwarding information base.

Buy Now
Questions 10

Refer to the exhibit, which shows the partial output of a real-time OSPF debug.

Why are the two FortiGate devices unable to form an adjacency?

Options:

A.

The Hello packet is being sent from an OSPF router with ID 0.0.0.112.

B.

The two FortiGate devices attempting adjacency are in area 0.0.0.0.

C.

One FortiGate device is configured to require authentication, while the other is not.

D.

The passwords on the FortiGate devices do not match.

Buy Now
Questions 11

Refer to the exhibit, which shows the port1 interface configuration on FortiGate and partial session information for ICMP traffic.

What happens to the session information if a routing change occurs that affects this session?

Options:

A.

Only the interface and gateway information for dev=7 will be removed.

B.

The session information will not change unless the current route has been removed from the routing table.

C.

The session will be flagged as dirty but no route lookups will be performed.

D.

Sessions involving port7 or port19 will not have their routing information flushed.

Buy Now
Questions 12

Refer to the exhibit, which shows one way communication of the downstream FortiGate with the upstream FortiGate within a Security Fabric.

What three actions must you take to ensure successful communication? (Choose three.)

Options:

A.

You must authorize the downstream FortiGate on the root FortiGate.

B.

FortiGate must not be in NAT mode.

C.

Ensure TCP port 8013 is not blocked along the way.

D.

You must enable Security Fabric/Fortitelemetry on the receiving interface of the upstream FortiGate.

E.

Ensure the port for Neighbor Discovery has been changed.

Buy Now
Questions 13

In the SAML negotiation process, which section does the Identity Provider (IdP) provide the SAML attributes utilized in the authentication process to the Service Provider (SP)?

Options:

A.

SP Login dump

B.

Authentication Response

C.

Authentication Request

D.

Assertion dump

Buy Now
Questions 14

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?

Options:

A.

Set snat-route-change to enable.

B.

Set the priority of the static default route using port2 to 1.

C.

Set preserve-session-route to enable.

D.

Set the priority of the static default route using port1 to 10.

Buy Now
Questions 15

Refer to the exhibits.

FGT-1 is an area border router (ABR) that has interfaces in OSPF areas 0.0.0.0 and 0.0.0.5. FGT-3 acts as an autonomous system border router (ASBR), importing static routes into OSPF. FGT-2 is an internal router with all its interfaces belonging to area 0.0.0.5. FGT-1 is receiving all advertised routes from FGT-2, however, FGT-3 is not receiving any of the advertised routes from FGT-1. What is the most likely reason for this? (Choose one answer)

Options:

A.

Area 0.0.0.5 is configured not to propagate type 5 LSAs.

B.

FGT-2 is configured with a distribution list to block all advertised routes from FGT-3.

C.

FGT-3 and FGT-2 have not formed an OSPF adjacency yet.

D.

IP protocol 89 is blocked between FGT-1 and FGT-3.

Buy Now
Questions 16

Refer to the exhibit.

The exhibit shows the output from using the command diagnose debug application samld -1 to diagnose a SAML connection.

Based on this output, what can you conclude?

Options:

A.

Active Directory is used for authentication.

B.

The authentication request is for an SSL VPN connection.

C.

The IdP IP address is 10.1.10.254.

D.

The IdP IP address is 10.1.10.2.

Buy Now
Questions 17

Refer to the exhibit, which shows a session entry.

Which statement about this session is true?

Options:

A.

Return traffic to the initiator is sent to 10.1.0.1.

B.

Return traffic to the initiator is sent lo 10.200.1.254.

C.

It is an ICMP session from 10.1.10.10 to 10.200.1.1.

D.

It is an ICMP session from 10.1.10.1 to 10.200.5.1.

Buy Now
Questions 18

Refer to the exhibit, which a network topology and a partial routing table.

FortiGate has already been configured with a firewall policy that allows all ICMP traffic to flow from port1 to port3.

Which changes must the administrator perform to ensure the server at 10.4.0.1/24 receives the echo reply from the laptop at 10.1.0.1/24?

Options:

A.

Enable asymmetric routing under config system settings.

B.

Change the configuration from strict RPF check mode to feasible RPF check mode.

C.

A firewall policy that allows all ICMP traffic from port3 to port1.

D.

Modify the default gateway on the laptop from 10.1.0.2 to 10.2.0.2.

Buy Now
Questions 19

Exhibit.

Refer to the exhibit, which shows the output of diagnose automation test.

What can you observe from the output? (Choose two.)

Options:

A.

The automation stitch test is not being logged.

B.

The automation stitch test failed but the HA failover was successful.

C.

An HA failover occurred.

D.

The test was unsuccessful.

Buy Now
Questions 20

Which statement about parallel path processing is correct (PPP)?

Options:

A.

PPP chooses from a group of parallel options lo identity the optimal path tor processing a packet.

B.

Only FortiGate hardware configurations affect the path that a packet takes.

C.

PPP does not apply to packets that are part of an already established session.

D.

Software configuration has no impact on PPP.

Buy Now
Questions 21

Refer to the exhibit.

A network topology and a partial routing table are shown.

FortiGate has already been configured with a firewall policy that allows all ICMP traffic to flow from port1 to port3.

Which two changes can the administrator perform to ensure the server at 10.4.0.1/24 receives the ICMP echo reply from the laptop at 10.1.0.1/24? (Choose two.)

Options:

A.

Enable asymmetric routing under config system settings.

B.

Change the FortiGate configuration from strict RPF check mode to feasible RPF check mode.

C.

Modify the default gateway on the laptop from 10.1.0.2 to 10.1.0.254.

D.

Add a default static route on FortiGate to forward all traffic to port3.

Buy Now
Questions 22

Refer to the exhibit.

The output of the command diagnose vpn tunnel list is shown.

Reviewing the debug command, what is the current status of the traffic flowing through the tunnel?

Options:

A.

The outbound IPsec SA was copied to the NPU.

B.

NP6 is handling the offloading.

C.

The inbound and outbound IPsec SAs were copied to the NPU.

D.

The inbound IPsec SA was copied to the NPU.

Buy Now
Questions 23

Exhibit.

Refer to the exhibit, which shows the output of get system ha status.

NGFW-1 and NGFW-2 have been up for a week.

Which two statements about the output are true? (Choose two.)

Options:

A.

If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.

B.

If port 7 becomes disconnected on the secondary, both FortiGate devices will elect itself as primary.

C.

If FGVM...649 is rebooted. FGVM...650 will become the primary and retain that role, even after FGVM...649 rejoins the cluster.

D.

If no action is taken, the primary FortiGate will leave the cluster because of the current sync status.

Buy Now
Questions 24

Refer to the exhibit.

The output of the command diagnose vpn tunnels liar is shown.

Which two statements accurately describe the status of the tunnel? (Choose two.)

Options:

A.

Phase 2 is down

B.

Phase 1 is down.

C.

There is currently no traffic traversing the tunnel

D.

Both Phase 1 and Phase 2 were negotiated successfully.

Buy Now
Questions 25

Refer to the exhibits.

An administrator is attempting to advertise the network configured on port3. However, FGT-A is not receiving the prefix.

Which two actions can the administrator take to fix this problem? (Choose two.)

Options:

A.

Modify the prefix using the network command from 172.16.0.0/16 to 172.16.54.0/24.

B.

Manually add the BGP route on FGT-A.

C.

Restart BGP using a soft reset to force both peers to exchange their complete BGP routing tables.

D.

Use the set network-import-check disable command.

Buy Now
Questions 26

Refer to the exhibit, which shows the output of diagnose sys session stat.

Which statement about the output shown in the exhibit is correct?

Options:

A.

All the sessions in the session table are TCP sessions.

B.

162 sessions have been deleted because of memory page exhaustion.

C.

There are 166 TCP sessions waiting to complete the three-way handshake.

D.

There are two sessions that have not been removed in case any out-of-order packets arrive.

Buy Now
Questions 27

Refer to the exhibit.

An administrator has configured a firewall policy to use proxy-based inspection mode. What could explain the messages observed in the debug flow output?

Options:

A.

At least one protocol port under Protocol Options has been mapped to Any.

B.

SSL deep inspection is not configured.

C.

The FTP protocol has not yet been mapped to port 211 under Protocol Options.

D.

FortiGate does not have enough free memory to perform proxy-based inspections.

Buy Now
Questions 28

Which two protocol states indicate that traffic is bidirectional? (Choose two.)

Options:

A.

proto_state=01 for a TCP session.

B.

proto_state=01 for a UDP session.

C.

proto_state=05 for a TCP session.

D.

proto_state=00 for an ICMP session.

Buy Now
Questions 29

What can cause an IKEv2 tunnel to go down after it was initially brought up successfully?

Options:

A.

A mismatched proposal was detected during the IKE_AUTH exchange.

B.

A mismatched Diffie-Hellman group was detected during the IKE_SA_INIT exchange.

C.

A mismatched pre-shared key was detected during the IKE_AUTH exchange.

D.

Mismatched quick-mode selectors were detected during the CREATE_CHILD_SA exchange.

Buy Now
Questions 30

Refer to the exhibit.

The output from using the command diagnose debug application samld -1 to diagnose a SAML connection is shown. Based on this output, which two conclusions can you draw? (Choose two answers)

Options:

A.

The IdP IP address is 10.1.10.254.

B.

The SP IP address is 10.1.10.254.

C.

The SP IP address is 10.1.10.2.

D.

The IdP IP address is 10.1.10.2.

Buy Now
Questions 31

What are two reasons you might see iprope_in check () check failed, drop when using the debug How? (Choose two.)

Options:

A.

The packet was dropped because it is not allowed by any firewall policy.

B.

The packet was dropped because there is no route to the source.

C.

The packet was dropped because the trusted host list is misconfigured

D.

The packet was dropped because the requested service is not enabled on FortiGate

Buy Now
Questions 32

Refer to the exhibit.

The partial output of FortiOS kernel slabs is shown. Which statement about total slab size is true?

Options:

A.

The total slab size of the ip_session Tlab is 14080 kB and is associated with the user space.

B.

The total slab size of the tcp_session slab is 7500 kB and is associated with the kernel.

C.

The total slab size of the ip6_session slab is 1472 kB and is associated with the kernel.

D.

The total slab size of the UDPv6 slab is 14080 kB and is associated with the user space.

Buy Now
Questions 33

Exhibit.

Refer to the exhibit, which shows a FortiGate configuration.

An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however the web filter is not inspecting any traffic that is passing through the policy.

What must the administrator do to fix the issue?

Options:

A.

Disable webfilter-force-off.

B.

Increase webfilter-timeout.

C.

Enable fortiguard-anycast.

D.

Change protocol to TCP.

Buy Now
Questions 34

Which two statements about conserve mode are true? (Choose two.)

Options:

A.

FortiGate enters conserve mode when the system memory reaches the configured extreme threshold.

B.

FortiGate starts taking the configured action for new sessions requiring content inspection when the system memory reaches the configured red threshold.

C.

FortiGate exits conserve mode when the system memory goes below the configured green threshold.

D.

FortiGate starts dropping all new sessions when the system memory reaches the configured red threshold.

Buy Now
Questions 35

Refer to the exhibit.

The output of a BGP debug command is shown.

Why has the local router at 172.16.23.58 been unable to establish adjacency with its only neighbor?

Options:

A.

The neighbor router has become unreachable, which is evident by the low ratio of messages received to messages sent.

B.

The local router has not received an OPEN message from the neighbor.

C.

The local router has not received a SYN/ACK packet from the neighbor.

D.

There is no active route to the BGP neighbor.

Buy Now
Questions 36

Refer to the exhibit.

A partial output from an IKE real-time debug is shown

The administrator does not have access to (he remote gateway

Based on the debug output, which two conclusions can you draw? (Choose two.)

Options:

A.

The remote peer is the initiating peer.

B.

This is a phase1 negotiation.

C.

There is a Diffie-Hellman group mismatch.

D.

This is a phase2 negotiation

Buy Now
Questions 37

Refer to the exhibit.

The modified output of live routing kemel is shown

Which two statements about the output are (rue? (Choose two.)

Options:

A.

The BGP route to 10.0.4.0/24 is not in the forwarding information base.

B.

The default static route through 10.200.1 254 is in the forwarding information base.

C.

FortiGate is performing ECMP using both default static routes.

D.

The local FortiGate is receiving only one LSA from one OSPF neighbor.

Buy Now
Questions 38

What are two functions of automation stitches? (Choose two.)

Options:

A.

You can configure automation stitches to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.

B.

You can configure automation stitches to modify packet headers and payloads if specific traffic triggers an anomaly IPS event.

C.

You can configure automation stitches to insert a delay between actions if the automation stitches are set to execute actions in parallel.

D.

You can configure automation stitches to take parameters from previous actions as input for the next action if the automation stitches are set to execute actions in sequence.

Buy Now
Questions 39

Refer to the exhibit, which shows the output of get router info ospf neighbor.

What can you conclude from the command output?

Options:

A.

The network type connecting the local Fortigate and OSPF neighbor 0.0.0.10 is point-to-point.

B.

All neighbors are in area 0.0.0.0.

C.

The local FortiGate is the BDR.

D.

The local FortiGate is not a DROther.

Buy Now
Questions 40

Which statement about IKEv2 is true?

Options:

A.

Both IKEv1 and IKEv2 share the feature of asymmetric authentication.

B.

IKEv1 and IKEv2 have enough of the header format in common that both versions can run over the same UDP port.

C.

IKEv1 and IKEv2 use the same TCP port but run on different UDP ports.

D.

IKEv1 and IKEv2 share the concept of phase1 and phase2.

Buy Now
Exam Code: FCSS_NST_SE-7.6
Exam Name: Fortinet NSE 6 - Network Security 7.6 Support Engineer
Last Update: Jul 10, 2026
Questions: 131
FCSS_NST_SE-7.6 pdf

FCSS_NST_SE-7.6 PDF

$25.5  $84.99
FCSS_NST_SE-7.6 Engine

FCSS_NST_SE-7.6 Testing Engine

$30  $99.99
FCSS_NST_SE-7.6 PDF + Engine

FCSS_NST_SE-7.6 PDF + Testing Engine

$40.5  $134.99