Fortinet FCSS_NST_SE-7.6 - Fortinet NSE 6 - Network Security 7.6 Support Engineer Exam
Page: 2 / 8
Total 38 questions
Question #6 (Topic: Exam A)
Refer to the exhibit.
The output from using the command diagnose debug application samld -1 to diagnose a SAML connection is shown.
Diagnose output
Based on this output, which two conclusions can you draw? (Choose two.)
The output from using the command diagnose debug application samld -1 to diagnose a SAML connection is shown.
Diagnose output
Based on this output, which two conclusions can you draw? (Choose two.)
A. The SP IP address is 10.1.10.2.
B. The IdP IP address is 10.1.10.2.
C. The IdP IP address is 10.1.10.254.
D. The SP IP address is 10.1.10.254.
Answer: BD
Question #7 (Topic: Exam A)
Refer to the exhibit.
Routing table
The routing table information is shown.
Assuming a default configuration, which three statements about the RPF check on FortiGate are correct? (Choose three.)
Routing table
The routing table information is shown.
Assuming a default configuration, which three statements about the RPF check on FortiGate are correct? (Choose three.)
A. User B: Fail. There is no route to 95.56.234.24 using wan2 in the routing table.
B. User A: Pass. The default static route through wan1 passes the RPF check regardless of the source IP address.
C. User C: Pass. FortiGate will forward all incoming packets from User C using the default static route.
D. User C: Fail. There is no route to 10.0.4.63 using port1 in the routing table.
E. User B: Pass. FortiGate will use asymmetric routing using wan1 to reply to traffic for 95.56.234.24.
Answer: ABD
Question #8 (Topic: Exam A)
Refer to the exhibit.
The sniffer log on two FortiGate devices are shown.
Based on the information in the log, which two factors explain the output on FortiGate FGT-02?
The sniffer log on two FortiGate devices are shown.
Based on the information in the log, which two factors explain the output on FortiGate FGT-02?
A. The administrator configured the wrong remote peer IP address on FGT-01.
B. The administrator set the wrong sniffer filter on FGT-02.
C. The administrator has not yet configured the VPN tunnel on FGT-02.
D. A third-party device is blocking protocol 50.
Answer: CD
Question #9 (Topic: Exam A)
Refer to the exhibit.
High Availability configuration status
Which two statements about the output are true considering NGFW-1 and NGFW-2 have been up for a week? (Choose two.)
High Availability configuration status
Which two statements about the output are true considering NGFW-1 and NGFW-2 have been up for a week? (Choose two.)
A. If a configuration change is made to the secondary FortiGate, the Configuration Status will not change.
B. If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.
C. If FGVM...649 is rebooted, FGVM...650 will become the primary FortiGate and retain that role, even after FGVM...649 rejoins the cluster.
D. If port7 becomes disconnected on the secondary FortiGate, both FortiGate devices will elect themselves as primary.
Answer: AB
Question #10 (Topic: Exam A)
In a Security Fabric environment, which three actions must you take to ensure successful communication among the nodes? (Choose three.)
A. You must authorize the downstream FortiGate on the root FortiGate.
B. You must configure FortiGate in transparent mode.
C. You must enable FortiTelemetry on the receiving interface of the upstream FortiGate.
D. You must ensure that the port for Neighbor Discovery has been changed.
E. You must ensure that TCP port 8013 is not blocked along the way.
Answer: ACE
