01. Refer to the exhibits, which contain the partial configurations of two VPNs on FortiGate.
You have configured two VPNs for two different user groups. Users who are in the Users-2 group are not able to connect to the VPN. After running a diagnostics command, you discover that FortiGate is not matching the user-2 VPN for members of the Users-2 group.
Which two changes must the administrator make to fix the issue?
(Choose two.)
a) Use different pre-shared keys on both VPNs.
b) Set up specific peer IDs on both VPNs.
c) Change to aggressive mode on both VPNs.
d) Enable XAuth on both VPNs.
02. View the exhibit:
Which two statements about this session are correct?
(Choose two.)
a) This session terminates or originates on FortiGate.
b) This is a TCP session that was blocked by firewall policy ID 0.
c) It is a UDP session that has seen traffic flow both ways.
d) It is a TCP session in SYN_SENT state.
03. Which two events can trigger an HA failover?
(Choose two.)
a) A configuration sync failure
b) The physical disconnection of a monitored interface
c) A session sync failure
d) The failure of a solid-state drive
04. Which layer of the FortiOS architecture does an application process or daemon run on?
a) Kernel
b) Configuration layer
c) User space
d) Hardware
05. View the exhibit:
Given the output showing a real-time debug, which statement describes why the update is failing?
a) FortiGate is unable to resolve the required FQDN (service.fortiguard.net) for antivirus and IPS updates.
b) FortiGate is unable to establish a TCP connection with FDS.
c) The administrator should use the execute update-wf command instead.
d) The update should be using port 53 or port 8888, instead of port 443.
06. Which two configuration changes can you apply to optimize memory use on FortiGate?
(Choose two.)
a) Increase the maximum file size for AV inspection.
b) Decrease the session TTL.
c) Increase TCP session timers.
d) Use flow-based inspection.
e) Reduce the FortiGuard cache TTL.
07. Examine these partial outputs from two routing debug commands:
# get router info routing-table database
S 0.0.0.0/0 [20/0] via 100.64.2.254, port2, [10/0]
S *> 0.0.0.0/0 [10/0] via 100.64.1.254, port1
# get router info routing-table all
S* 0.0.0.0/0 [10/0] via 100.64.1.254, port1
Why is the default route that uses port2 not in the output of the second command?
a) It has a higher distance than the default route using port1.
b) Only one default route can be present in an active routing table.
c) It has a higher priority than the default route using port1.
d) It is disabled in the FortiGate configuration.
08. Which three steps does FortiGate execute using the pull method to get antivirus and IPS updates?
(Choose three.)
a) FortiGate starts sending rating queries to one of the servers in the list.
b) FortiGate gets a list of server IP addresses that it can contact.
c) FortiGate contacts a DNS server to resolve the FortiGuard domain name.
d) FortiGate registers its public IP address in FortiGuard.
e) FortiGate periodically queries for pending updates.
09. When investigating FortiGuard connectivity issues, which action is a valid troubleshooting step?
a) Verify management VDOM internet access.
b) Verify that DNS requests are being proxied if auto-update tunneling is enabled.
c) Use the FortiGuard real-time debug command to verify rating requests.
d) Configure a virtual IP to forward port 443 to the FortiGate external IP.
10. For IKEv2, which combination of payloads can INFORMATIONAL exchanges contain?
a) Initiator, Responder, and Wait
b) Start, Wait, and Delete
c) Create, Remove, and Wait
d) Notify, Delete, and Configuration
Before you write the Fortinet Network Security Support Engineer (FCSS_NST_SE-7.6) certification exam, you may have certain doubts in your mind regarding the pattern of the test, the types of questions asked in it, the difficulty level of the questions and time required to complete the questions. These Fortinet Certified Solution Specialist - Secure Networking (Network Security Support Engineer) sample questions and demo exam help you in removing these doubts and prepare you to take the test.
