Fortinet FCSS_NST_SE-7.4 Übungsprüfungen
Zuletzt aktualisiert am 05.05.2025- Prüfungscode: FCSS_NST_SE-7.4
- Prüfungsname: FCSS - Network Security 7.4 Support Engineer
- Zertifizierungsanbieter: Fortinet
- Zuletzt aktualisiert am: 05.05.2025
Exhibit.
Refer to the exhibit, which shows the output of get system ha status.
NGFW-1 and NGFW-2 have been up for a week.
Which two statements about the output are true? (Choose two.)
- A . If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.
- B . If port 7 becomes disconnected on the secondary, both FortiGate devices will elect itself as primary.
- C . If FGVM…649 is rebooted. FGVM…650 will become the primary and retain that role, even after FGVM…649 rejoins the cluster.
- D . If no action is taken, the primary FortiGate will leave the cluster because of the current sync status.
Which two statements about an auxiliary session ate true? (Choose two.)
- A . With the auxiliary session selling disabled, only auxiliary sessions are offloaded.
- B . With the auxiliary session setting enabled. ECMP traffic is accelerated to the NP6 processor.
- C . With the auxiliary session setting enabled. Iwo sessions are created in case of routing change.
- D . With the auxiliary session setting disabled, for each traffic path. FortiGate uses the same auxiliary session.
Which two statements are true regarding heartbeat messages sent from an FSSO collector agent to FortiGate? (Choose two.)
- A . The heartbeat messages can be seen using the command diagnose debug authd fsso list.
- B . The heartbeat messages can be seen in the collector agent logs.
- C . The heartbeat messages can be seen on FortiGate using the real-lime FSSO debug.
- D . The heartbeat messages must be manually enabled on FortiGate.
In IKEv2, which exchange establishes the first CHILD_SA?
- A . IKE_SA_INIT
- B . INFORMATIONAL
- C . CREATE_CHILD_SA
- D . IKE_Auth
Exhibit.
Refer to the exhibit, which contains a screenshot of some phase 1 settings.
The VPN is not up. To diagnose the issue, the administrator enters the following CLI commands on an SSH session on FortiGate:
However, the IKE real-time debug does not show any output.
Why?
- A . The administrator must also run the command diagnose debug enable.
- B . The debug shows only error messages. If there is no output, then the phase 1 and phase 2 configurations match.
- C . The log-filter setting is incorrect. The VPN traffic does not match this filter.
- D . Replace diagnose debug application ike -1 with diagnose debug application ipsec -1.
Refer to the exhibit, which shows the output o! the BGP database.
Which two statements are correct? (Choose two.)
- A . The advertised prefix of 10.20.30.0’24 was configured using the network command.
- B . The first four prefixes are being advertised using a legacy route advertisement.
- C . The advertised prefix of 10.20.30.0’24 is being advertised through the redistribution of another routing protocol.
- D . The output shows all prefixes advertised by all neighbors as well as the local router.