1. Home
  2. Fortinet
  3. Fortinet Certified Solution Specialist
  4. FCSS_NST_SE-7.4
  5. FCSS - Network Security 7.4 Support Engineer Questions and Answers

Pass the Fortinet Fortinet Certified Solution Specialist FCSS_NST_SE-7.4 Questions and answers with CertsForce

 Fortinet Exams      Go to Exam Detail      Get Premium Access
Viewing page 2 out of 2 pages
Viewing questions 11-20 out of questions
Questions # 11:

Refer to the exhibit, which contains partial output from an IKE real-time debug.

Question # 11

The administrator does not have access to the remote gateway.

Based on the debug output, which configuration change the administrator make to the local gateway to resolve the phase 1 negotiation error?

Options:
A.

In the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.

B.

In the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.

C.

In the phase 1 network configuration, set the IKE version to 2.

D.

In the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.

Expert Solution
Questions # 12:

Exhibit.

Question # 12

Refer to the exhibit, which shows two entries that were generated in the FSSO collector agent logs.

What three conclusions can you draw from these log entries? {Choose three.)

Options:
A.

Remote registry is not running on the workstation.

B.

The user's status shows as "not verified" in the collector agent.

C.

DNS resolution is unable to resolve the workstation name.

D.

The FortiGate firmware version is not compatible with that of the collector agent.

E.

A firewall is blocking traffic to port 139 and 445.

Expert Solution
Questions # 13:

Refer to the exhibit, which shows the partial output of command diagnose debug rating.

Question # 13

In this exhibit, which FDS server will the FortiGate algorithm choose?

Options:
A.

66.117.56.37

B.

208.91.112.194

C.

209.22.147.36

D.

64.26.151.37

Expert Solution
Questions # 14:

During which phase of IKEv2 does the Diffie-Helman key exchange take place?

Options:
A.

IKE_Req_INIT

B.

Create_CHILD_SA

C.

IKE_Auth

D.

IKE_SA_INIT

Expert Solution
Questions # 15:

Refer to the exhibit, which contains the output of diagnose vpn tunnel list.

Question # 15

Which command will capture ESP traffic for the VPN named DialUp_0?

Options:
A.

diagnose sniffer packet any 'ip proto 50'

B.

diagnose sniffer packet any 'host 10.0.10.10'

C.

diagnose sniffer packet any 'esp and host 10.200.3.2'

D.

diagnose sniffer packet any 'port 4500'

Expert Solution
Questions # 16:

Exhibit.

Question # 16

Refer to the exhibit, which shows the output of a diagnose command.

What can you conclude about the debug output in this scenario?

Options:
A.

The first server provided to FortiGate when it performed a DNS query looking for a list of rating servers, was 121.111.236.179.

B.

There is a natural correlation between the value in the FortiGuard-requests field and the value in the Weight field.

C.

FortiGate used 64.26.151.37 as the initial server to validate its contract.

D.

Servers with a negative TZ value are less preferred for rating requests.

Expert Solution
Questions # 17:

Exhibit.

Question # 17

Refer to the exhibit, which shows a FortiGate configuration.

An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however the web filter is not inspecting any traffic that is passing through the policy.

What must the administrator do to fix the issue?

Options:
A.

Disable webfilter-force-off.

B.

Increase webfilter-timeout.

C.

Enable fortiguard-anycast.

D.

Change protocol to TCP.

Expert Solution
Questions # 18:

Refer to the exhibit, which shows the modified output of the routing kernel.

Question # 18

Which statement is true?

Options:
A.

The egress interface associated with static route 8.8.8.8/32 is administratively up.

B.

The default static route through 10.200.1.254 is not in the forwarding information base.

C.

The default static route through port2 is in the forwarding information base.

D.

The BGP route to 10.0.4.0/24 is not in the forwarding information base.

Expert Solution
Questions # 19:

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate.

Which action will FortiGate take when using the default settings for SSL certificate inspection?

Options:
A.

FortiGate uses the SNI from the user's web browser.

B.

FortiGate closes the connection because this represents an invalid SSL/TLS configuration.

C.

FortiGate uses the first entry listed in the SAN field in the server certificate.

D.

FortiGate uses theCN information from the Subject field in the server certificate.

Expert Solution
Viewing page 2 out of 2 pages
Viewing questions 11-20 out of questions