● FCSS - Network Security 7.4 Support Engineer Exam Materials

The Actual questions for FCSS - Network Security 7.4 Support Engineer Exam Materials (FCSS_NST_SE-7.4) - Updated Weekly
Question #1
Comment Image Comment Image

Refer to the exhibit, which shows a session entry.

Which statement about this TCP session is true? (Choose one answer)

  • A. Return traffic to the initiator is sent to 10.1.0.254
  • B. Return traffic to the initiator is sent to 10.9.31.117
  • C. It is a TCP session from 10.9.31.11 to 200.8.57.5
  • D. It is a TCP session from 10.9.31.117 to 10.1.0.3

Question #2
Comment Image Comment Image

Which three common FortiGate-to-collector-agent connectivity issues can you identify using the FSSO real-time debug? (Choose three answers)

  • A. Log is full on the collector agent.
  • B. Inability to reach IP address of the collector agent.
  • C. Refused connection. Potential mismatch of TCP port.
  • D. Mismatched pre-shared password.
  • E. Incompatible collector agent software version.

Question #3
Comment Image Comment Image

Refer to the exhibit, which shows the output of get system ha status. NGFW-1 and NGFW-2 have been up for a week.
Which two statements about the output are true? (Choose two answers)

  • A. If FGVM...649 is rebooted, FGVM...650 will become the primary and retain that role, even after FGVM...649 rejoins the cluster.
  • B. If no action is taken, the primary FortiGate will leave the cluster due to the current sync status.
  • C. If port7 becomes disconnected on the secondary, both FortiGate devices will elect itself the primary.
  • D. If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.

Question #4
Comment Image Comment Image

Refer to the exhibit

Antivirus is unable to detect an infected file downloaded through HTTPS. Part of the configuration used for antivirus inspection is shown in the exhibit.

Which configuration changes can be performed to inspect HTTPS? (Choose one answer)

  • A. Set a different antivirus database
  • B. Enable SSL deep inspection
  • C. Increase the maximum number of subdirectories and nested archives
  • D. Disable the emulator setting

Question #5
Comment Image Comment Image

What are two reasons that an OSPF router does not have any type 5 link-state advertisements (LSAs) in its link-state database (LSDB)? (Choose two answers)

  • A. IP protocol 89 is blocked between the local router and its peer
  • B. There is no autonomous system border router (ASBR) in the network
  • C. The peer of the local router is using a prefix-list-out configuration to prevent all type 5 LSAs to be advertised
  • D. The local router is located in a stub area

Question #6
Comment Image Comment Image

Refer to the exhibits, which show the configuration on FortiGate and partial internet session information from a user on the internal network.

An administrator would like to test session failover between the two service provider connections.

What changes must the administrator make to force this existing session to immediately start using the other interface? (Choose two answers)

  • A. Configure set snat-route-change enable.
  • B. Change the priority of the port2 static route to 5.
  • C. Change the priority of the port1 static route to 11.
  • D. unset snat-route-change to return it to the default setting.

Question #7
Comment Image Comment Image

What are two reasons you might see iprope_in_check() check failed, drop when using the debug flow? (Choose two answers)

  • A. VIP or IP pool misconfiguration
  • B. Trusted host list misconfiguration
  • C. Packet was dropped because of policy route misconfiguration
  • D. Packet was dropped because of traffic shaping

Question #8
Comment Image Comment Image

Refer to the exhibit, which shows the output of diagnose automation test.

What can you observe from the output? (Choose two answers)

  • A. An HA failover occurred.
  • B. The test was unsuccessful.
  • C. The automation stitch test failed but the HA failover was successful.
  • D. The automation stitch test is not being logged.

Question #9
Comment Image Comment Image

Refer to the exhibit.

Assuming a default configuration, which three statements are true? (Choose three answers)

  • A. User C: Pass. Proxy ARP configured on FortiGate will allow proper routing for the 10.0.4.0 subnet
  • B. User B: Fail. There is no route to 95.56.234.24 using wan2 in the routing table.
  • C. User A: Pass. The default static route through wan1 passes the RPF check regardless of the source IP address.
  • D. User B: Pass. FortiGate will use asymmetric routing using wan1 to reply to traffic for 95.56.234.24
  • E. User C: Fail. There is no route to 10.0.4.63 using port1 in the routing table.

Question #10
Comment Image Comment Image

Refer to the exhibit, which shows the output of a diagnose command.

The administrator did not override the FortiGuard FQDN or IP address in the FortiGate configuration.

Which IP address did FortiGate get when resolving the service.fortiguard.net name? (Choose one answer)

  • A. 208.91.112.194
  • B. 209.22.147.36
  • C. 64.26.151.37
  • D. 121.111.236.179