FCSS_NST_SE-7.6 Fortinet Exam Questions and Free Practice Test

Question 7

Exhibit.
FCSS_NST_SE-7.6 dumps exhibit
Refer to the exhibit, which contains partial output from an IKE real-time debug. Which two statements about this debug output are correct? (Choose two.)

A. Perfect Forward Secrecy (PFS) is enabled in the configuration.

B. The local gateway IP address is 10.0.0.1.

C. It shows a phase 2 negotiation.

D. The initiator provided remote as its IPsec peer ID.

Correct Answer:CD

Question 8

Which statement about IKEv2 is true?

A. Both IKEv1 and IKEv2 share the feature of asymmetric authentication.

B. IKEv1 and IKEv2 have enough of the header format in common that both versions can run over the same UDP port.

C. IKEv1 and IKEv2 use same TCP port but run on different UDP ports.

D. IKEv1 and IKEv2 share the concept of phase1 and phase2.

Correct Answer:B

Question 9

Which two statements about Security Fabric communications are true? (Choose two.)
FCSS_NST_SE-7.6 dumps exhibit A. FortiTelemetry and Neighbor Discovery both operate using TCP.
B. The default port for Neighbor Discovery can be modified.
C. FortiTelemetry must be manually enabled on the FortiGate interface.
D. By default, the downstream FortiGate establishes a connection with the upstream FortiGate using TCP port 8013.

Correct Answer:CD
FortiTelemetry is a critical part of Security Fabric communications and requires explicit configuration for each participating FortiGate interface. The administrative access setting 'fabric' (corresponding to FortiTelemetry) must be manually enabled per interface on both upstream and downstream devices. This is performed in the GUI under Administrative Access or via the CLI using the commandset allowaccess fabricfor the relevant network interface. Without this step, FortiTelemetry communications will not occur on that interface.
Additionally, the default communication between downstream and upstream FortiGate units in the Security Fabric is over TCP port 8013. This port is well-documented as the standard for Security Fabric and FortiTelemetry connections, and must be open and permitted across the network path for connectivity and status enforcement between units. The downstream FortiGate initiates the connection to the upstream via this port unless otherwise configured. This has also been documented as a PCI-relevant port, showing its default usage.
Other options:
Neighbor Discovery in FortiOS uses IPv6 ND protocol, not TCP.
FortiTelemetry port (8013) can be modified, but the interface Administrative Access for the Security Fabric must be manually enabled; Neighbor Discovery port modification is not documented as a supported change for FortiGate.
FortiGate/FortiOS Administration Guide: Enabling FortiTelemetry (fabric) on interfaces
Fortinet Technical Tip: FortiTelemetry uses TCP port 8013 by default
PCI compliance documentation on port 8013 usage for Security Fabric
Fortinet Security Fabric setup procedures and interface options

Question 10

Exhibit 1.
FCSS_NST_SE-7.6 dumps exhibit
Exhibit 2.

Refer to the exhibits, which show the configuration on FortiGate and partial internet session information from a user on the internal network.
An administrator would like to lest session failover between the two service provider connections.
Which two changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two.)

A. Change the priority of the port! static route to 11.

B. Change the priority of the port2 static route to 5.

C. Configure unset snat-route-change to return it to the default setting.

D. Configure set snat-route-change enable.

Correct Answer:AD

Question 11

Refer to the exhibit, which shows the output o! the BGP database.
FCSS_NST_SE-7.6 dumps exhibit
Which two statements are correct? (Choose two.)

A. The advertised prefix of 10.20.30.0'24 was configured using the network command.

B. The first four prefixes are being advertised using a legacy route advertisement.

C. The advertised prefix of 10.20.30.0'24 is being advertised through the redistribution of another routing protocol.

D. The output shows all prefixes advertised by all neighbors as well as the local router.

Correct Answer:AD

Question 12

Exhibit.
FCSS_NST_SE-7.6 dumps exhibit
Refer to the exhibit, which shows a partial web fillet profile configuration.
Which action does FortiGate lake if a user attempts to access www. dropbox. com, which is categorized as File Sharing and Storage?

A. FortiGate allows the connection, based on the URL Filter configuration.

B. FortiGate blocks the connection as an invalid URL.

C. FortiGate exempts the connection, based on the Web Content Filter configuration.

D. FortiGate blocks the connection, based on the FortiGuard category based filter configuration.

Correct Answer:D

START FCSS_NST_SE-7.6 EXAM