Fortinet FCSS_NST_SE-7.4 - FCSS - Network Security 7.4 Support Engineer Exam
Page: 2 / 14
Total 66 questions
Question #6 (Topic: Exam A)
Refer to the exhibit, which shows one way communication of the downstream FortiGate with the upstream FortiGate within a Security Fabric.
What three actions must you take to ensure successful communication? (Choose three.)
What three actions must you take to ensure successful communication? (Choose three.)
A. You must authorize the downstream FortiGate on the root FortiGate.
B. FortiGate must not be in NAT mode.
C. Ensure TCP port 8013 is not blocked along the way.
D. You must enable Security Fabric/Fortitelemetry on the receiving interface of the upstream FortiGate.
E. Ensure the port for Neighbor Discovery has been changed.
Answer: ACD
Question #7 (Topic: Exam A)
Refer to the exhibit, which shows the partial output of FortiOS kernel slabs.
Which statement is true?
Which statement is true?
A. The total slab size of the sctp_session slab is 0 kB and is associated with the user space.
B. The total slab size of the ip_session slab is 3600 kB and is associated with the user space.
C. The total slab size of the ip6_session slab is 1300 kB and is associated with the kernel.
D. The total slab size of the tcp_session slab is 7500 kB and is associated with the kernel.
Answer: D
Question #8 (Topic: Exam A)
Refer to the exhibit, which a network topology and a partial routing table.
FortiGate has already been configured with a firewall policy that allows all ICMP traffic to flow from port1 to port3.
Which changes must the administrator perform to ensure the server at 10.4.0.1/24 receives the echo reply from the laptop at 10.1.0.1/24?
FortiGate has already been configured with a firewall policy that allows all ICMP traffic to flow from port1 to port3.
Which changes must the administrator perform to ensure the server at 10.4.0.1/24 receives the echo reply from the laptop at 10.1.0.1/24?
A. Enable asymmetric routing under config system settings.
B. Change the configuration from strict RPF check mode to feasible RPF check mode.
C. A firewall policy that allows all ICMP traffic from port3 to port1.
D. Modify the default gateway on the laptop from 10.1.0.2 to 10.2.0.2.
Answer: C
Question #9 (Topic: Exam A)
What are two functions of automation stitches? (Choose two.)
A. You can configure automation stitches on any FortiGate device in a Security Fabric environment.
B. You can configure automation stitches to execute actions sequentially by taking parameters from previous actions as input for the current action.
C. You can set an automation stitch configured to execute actions in parallel to insert a specific delay between actions.
D. You can create automation stitches to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.
Answer: BC
Question #10 (Topic: Exam A)
Refer to the exhibit, which contains the partial configuration of an IPsec VPN configuration.
After reviewing the configuration, what can you conclude about the IPsec VPN Phase 1 setup?
After reviewing the configuration, what can you conclude about the IPsec VPN Phase 1 setup?
A. The VPN is configured using IKEv2.
B. Dead Peer Detection is disabled.
C. The VPN is configured with DHCP over IPsec.
D. The tunnel is configured as a route-based VPN.
Answer: D
