Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Pass the Fortinet Certified Solution Specialist FCSS_NST_SE-7.6 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam FCSS_NST_SE-7.6 Premium Access

View all detail and faqs for the FCSS_NST_SE-7.6 exam

Go to Exam

715 Students Passed

95% Average Score

98% Same Questions

Viewing page 3 out of 4 pages

Viewing questions 21-30 out of questions

Questions # 21:

Refer to the exhibit, which shows one way communication of the downstream FortiGate with the upstream FortiGate within a Security Fabric.

Question # 21

What three actions must you take to ensure successful communication? (Choose three.)

Options:

You must authorize the downstream FortiGate on the root FortiGate.

FortiGate must not be in NAT mode.

Ensure TCP port 8013 is not blocked along the way.

You must enable Security Fabric/Fortitelemetry on the receiving interface of the upstream FortiGate.

Ensure the port for Neighbor Discovery has been changed.

Questions # 22:

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate.

Which action will FortiGate take when using the default settings for SSL certificate inspection?

Options:

FortiGate uses the SNI from the user's web browser.

FortiGate closes the connection because this represents an invalid SSL/TLS configuration.

FortiGate uses the first entry listed in the SAN field in the server certificate.

FortiGate uses the CN information from the Subject field in the server certificate.

Questions # 23:

Refer to the exhibit, which shows the output of a BGP debug command.

Question # 23

What can you conclude about the router in this scenario?

Options:

The router 100.64.3.1 needs to update the local AS number in its BGP configuration in order to bring up the 8GP session with the local router.

An inbound route-map on local router is blocking the prefixes from neighbor 100.64.3.1.

All of the neighbors displayed are part of a single BGP configuration on the local router with the neighbor-range set to a value of 4.

The BGP session with peer 10.127.0.75 is up.

Questions # 24:

Refer to the exhibit showing a debug output.

Question # 24

An administrator deployed FSSO in DC Agent Mode but FSSO is failing on FortiGate. Pinging FortiGate from where the collector agent is deployed is successful.

The administrator then produces the debug output shown in the exhibit.

What could be causing this error message?

Options:

The TCP port 445 is blocked between FortiGate and collector agent.

The collector agent preshared password is mismatched.

The FortiGate cannot resolve the active directory server name.

The FortiGate and the collector agent are using different TCP ports.

Questions # 25:

Refer to the exhibit, which contains partial output from an IKE real-time debug.

Question # 25

The administrator does not have access to the remote gateway.

Based on the debug output, which configuration change the administrator make to the local gateway to resolve the phase 1 negotiation error?

Options:

In the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.

In the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.

In the phase 1 network configuration, set the IKE version to 2.

In the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.

Questions # 26:

Refer to the exhibit, which shows the partial output of a real-time OSPF debug.

Question # 26

Why are the two FortiGate devices unable to form an adjacency?

Options:

The Hello packet is being sent from an OSPF router with ID 0.0.0.112.

The two FortiGate devices attempting adjacency are in area 0.0.0.0.

One FortiGate device is configured to require authentication, while the other is not.

The passwords on the FortiGate devices do not match.

Questions # 27:

Refer to the exhibits, which contain the partial configurations of two VPNs on FortiGate.

Question # 27

An administrator has configured two VPNs for two different user groups. Users who are in the Users-2 group are not able to connect to the VPN. After running a diagnostics command, the administrator discovers that FortiGate is not matching the user-2 VPN for members of the Users-2 group.

Which two changes must the administrator make to fix the issue? (Choose two.)

Options:

Change to aggressive mode on both VPNs.

Enable XAuth on both VPNs.

Use different pre-shared keys on both VPNs.

Set up specific peer IDs on both VPNs.

Questions # 28:

Exhibit.

Question # 28

Refer to the exhibit, which shows the output of a session. Which two statements are true? (Choose Iwo.)

Options:

The TCP session has been successfully established.

The session was initiated from an authenticated user.

The session is being inspected using flow inspection.

The session is being offloaded.

Questions # 29:

Which statement about IKEv2 is true?

Options:

Both IKEv1 and IKEv2 share the feature of asymmetric authentication.

IKEv1 and IKEv2 have enough of the header format in common that both versions can run over the same UDP port.

IKEv1 and IKEv2 use same TCP port but run on different UDP ports.

IKEv1 and IKEv2 share the concept of phase1 and phase2.

Questions # 30:

Which statement about protocol options is true?

Options:

Protocol options allow administrators to configure a maximum number of sessions for each configured protocol.

Protocol options give administrators a streamlined method to instruct FortiGate to block all sessions corresponding to disabled protocols.

Protocol options allow administrators to configure the Any setting for all enabled protocols, which provides the most efficient use of system resources.

Protocol options allow administrators to configure which Layer 4 port numbers map to upper-layer protocols, such as HTTP, SMTP, FTP, and so on.