Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

FCSS_NST_SE-7.6 Fortinet NSE 6 - Network Security 7.6 Support Engineer Questions and Answers

Questions 4

What is the correct order of the IKEv2 request-and-response protocol?

Options:

A.

Create_Child_SA, IKEAUTH, IKESAJNIT

B.

Create_Child_SA, IKE_SA_INIT. IKE_AUTH

C.

IKE SA INIT, IKE AUTH. Create Child SA OIKE AUTH.

D.

IKE_AUTH_IKE_SA_INIT, Create_Child_SA

Buy Now
Questions 5

Refer to the exhibit, which shows a partial web filter profile configuration.

The URL www.dropbox.com is categorized as File Sharing and Storage.

Which action does FortiGate take if a user attempts to access www.dropbox.com?

Options:

A.

FortiGate blocks the connection as an invalid URL.

B.

Based on the URL Filter configuration, FortiGate allows the connection.

C.

FortiGate blocks the connection, based on the FortiGuard category-based filter configuration.

D.

Based on the Web Content filter configuration, access to www.dropbox.com would be exempted.

Buy Now
Questions 6

Refer to the exhibit.

The output of a BGP debug command is shown.

Why has the local router at 172.16.23.58 been unable to establish adjacency with its only neighbor?

Options:

A.

The neighbor router has become unreachable, which is evident by the low ratio of messages received to messages sent.

B.

The local router has not received an OPEN message from the neighbor.

C.

The local router has not received a SYN/ACK packet from the neighbor.

D.

There is no active route to the BGP neighbor.

Buy Now
Questions 7

Refer to the exhibit.

Which three pieces of information does the diagnose sys top command provide? (Choose three.)

Options:

A.

The miglogd daemon is running on CPU core ID 0.

B.

The diagnose sys top command has been running for 18 minutes.

C.

The miglogd daemon would be on top of the list, if the administrator pressed m on the keyboard.

D.

The cmdbsvr process is occupying 2.4% of the total user memory space.

E.

If the neweli daemon continues to be in the R state, it will need to be manually restarted.

Buy Now
Questions 8

In a Security Fabric environment which three actions must you take to ensure successful communication among the nodes? (Choose three.)

Options:

A.

You must ensure that TCP port 8013 is not blocked along the way.

B.

You must ensure that the port for Neighbor Discovery has been changed.

C.

You must configure FortiGate in transparent mode.

D.

You must authorize the downstream FortiGate on the root FortiGate.

E.

You must enable FortiTelemetry on the receiving interlace of the upstream FortiGate.

Buy Now
Questions 9

Refer to the exhibit.

The output of a BGO debug command is shown.

What is the most likely reason that the local FortiGate is not receiving any prefixes from its neighbors?

Options:

A.

The local router is waiting for the keepalive message from the router 10.125.0.60.

B.

None of the three neighbors has successfully established the TCP three-way handshake with the local router.

C.

The router 100.64.3.1 is waiting for the OPEN message from the local router.

D.

The RIB-OUT configuration for router 10.127.0.75 prevents any route advertisement to the local router.

Buy Now
Questions 10

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?

Options:

A.

Set snat-route-change to enable.

B.

Set the priority of the static default route using port2 to 1.

C.

Set preserve-session-route to enable.

D.

Set the priority of the static default route using port1 to 10.

Buy Now
Questions 11

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate. Which two actions will FortiGate take when using the default settings for SSL certificate inspection? (Choose two answers)

Options:

A.

FortiGate uses the SNI from the user ' s web browser.

B.

FortiGate does not decrypt the traffic if the traffic is blocked by the web filter profile.

C.

FortiGate uses the CN information from the Subject field in the server certificate.

D.

FortiGate does not decrypt the traffic if the traffic is allowed by the web filter profile.

Buy Now
Questions 12

Which two statements about an auxiliary session ate true? (Choose two.)

Options:

A.

With the auxiliary session selling disabled, only auxiliary sessions are offloaded.

B.

With the auxiliary session setting enabled. ECMP traffic is accelerated to the NP6 processor.

C.

With the auxiliary session setting enabled. Iwo sessions are created in case of routing change.

D.

With the auxiliary session setting disabled, for each traffic path. FortiGate uses the same auxiliary session.

Buy Now
Questions 13

What are two reasons you might see iprope_in_check() check failed, drop when using the debug flow? (Choose two.)

Options:

A.

Packet was dropped because of policy route misconfiguration.

B.

Packet was dropped because of traffic shaping.

C.

Trusted host list misconfiguration.

D.

VIP or IP pool misconfiguration.

Buy Now
Questions 14

Refer to the exhibit.

Which two statements about the output are true, considering NGFW-1 and NGFW-2 have been up for a week? (Choose two.)

Options:

A.

If FGVM...649 is rebooted, FGVM...650 will become the primary FortiGate and retain that role, even after FGVM...649 rejoins the cluster.

B.

If port7 becomes disconnected on the secondary FortiGate, both FortiGate devices will elect themselves as primary.

C.

If a configuration change is made to the secondary FortiGate, the Configuration Status will not change.

D.

If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.

Buy Now
Questions 15

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Why is the port2 default route not in the second command output?

Options:

A.

The port2 interface is disabled in the FortiGate configuration.

B.

The port1 default route has a higher priority value than the default route using port2.

C.

The port1 default route has a lower priority value than the default route using port2.

D.

The port1 default route has a lower distance than the default route using port2.

Buy Now
Questions 16

Refer to the exhibit, which shows the output of diagnose sys session stat.

Which statement about the output shown in the exhibit is correct?

Options:

A.

All the sessions in the session table are TCP sessions.

B.

162 sessions have been deleted because of memory page exhaustion.

C.

There are 166 TCP sessions waiting to complete the three-way handshake.

D.

There are two sessions that have not been removed in case any out-of-order packets arrive.

Buy Now
Questions 17

When FortiGate enters conserve mode because of memory pressure, which action can FortiGate perform to preserve memory?

Options:

A.

FortiGate automatically reboots to clear memory and restore full operation.

B.

FortiGate switches to a less memory-intensive inspection mode, such as flow-based inspection.

C.

FortiGate reduces or stops non-essential processes like logging and antivirus scanning.

D.

FortiGate begins dropping all new sessions to protect resources.

Buy Now
Questions 18

Refer to the exhibit.

If the default settings are m place, what can you conclude about the conserve mode shown in the exhibit?

Options:

A.

FortiGate is currently allowing new sessions that require flow-based content inspection and blocking sessions that require proxy-based content inspection

B.

FortiGate is currently allowing new sessions and will continue to allow sessions if memory increases another 6%.

C.

FortiGate is currently allowing now sessions that require flow-based or proxy-based content inspection, but is not performing inspection on those sessions.

D.

FortiGate is currently blocking all new sessions regardless of the content inspection requirements or configuration settings because of high memory use.

Buy Now
Questions 19

Refer to the exhibit.

The port1 interface configuration on FortiGate and partial session information for ICMP traffic are shown.

Which two things happen to the session information if a routing change occurs that affects this session? (Choose two answers)

Options:

A.

This session will be unaffected by routing changes. The routing changes will apply only to new sessions.

B.

The session will be flagged as dirty but no route lookups will be performed.

C.

The session information will not change unless the current route has been removed from the routing table.

D.

The session information will not change even when the active route has been removed from the routing table.

Buy Now
Questions 20

Refer to the exhibit, which shows one way communication of the downstream FortiGate with the upstream FortiGate within a Security Fabric.

What three actions must you take to ensure successful communication? (Choose three.)

Options:

A.

You must authorize the downstream FortiGate on the root FortiGate.

B.

FortiGate must not be in NAT mode.

C.

Ensure TCP port 8013 is not blocked along the way.

D.

You must enable Security Fabric/Fortitelemetry on the receiving interface of the upstream FortiGate.

E.

Ensure the port for Neighbor Discovery has been changed.

Buy Now
Questions 21

Refer to the exhibit, which shows the modified output of the routing kernel.

Which statement is true?

Options:

A.

The egress interface associated with static route 8.8.8.8/32 is administratively up.

B.

The default static route through 10.200.1.254 is not in the forwarding information base.

C.

The default static route through port2 is in the forwarding information base.

D.

The BGP route to 10.0.4.0/24 is not in the forwarding information base.

Buy Now
Questions 22

Refer to the exhibits, which contain the partial configurations of two VPNs on FortiGate.

An administrator has configured two VPNs for two different user groups. Users who are in the Users-2 group are not able to connect to the VPN. After running a diagnostics command, the administrator discovers that FortiGate is not matching the user-2 VPN for members of the Users-2 group.

Which two changes must the administrator make to fix the issue? (Choose two.)

Options:

A.

Change to aggressive mode on both VPNs.

B.

Enable XAuth on both VPNs.

C.

Use different pre-shared keys on both VPNs.

D.

Set up specific peer IDs on both VPNs.

Buy Now
Questions 23

Which two statements about Security Fabric communications are true? (Choose two.)

Options:

A.

By default, the downstream FortiGate establishes a connection with the upstream FortiGate using TCP port 8013.

B.

FortiTelemetry must be manually enabled on the FortiGate interface.

C.

The default ports for FortiTelemetry and Neighbor Discovery can be modified.

D.

Security Fabric communication is enabled by default among all Fortinet devices.

Buy Now
Questions 24

Refer to the exhibit, which shows a partial output of the real-time LDAP debug.

What two actions can the administrator take to resolve this issue? (Choose two.)

Options:

A.

Ensure the user logs in using ' John Smith ' not ' jsmith ' .

B.

Ensure the user is providing the correct user credentials.

C.

Ensure the user is a member of at least one AD group to ensure step 4 of the LDAP authentication process is successful.

D.

Ensure the account is active.

Buy Now
Questions 25

Refer to the exhibit.

A partial output from an IKE real-time debug is shown

The administrator does not have access to (he remote gateway

Based on the debug output, which two conclusions can you draw? (Choose two.)

Options:

A.

The remote peer is the initiating peer.

B.

This is a phase1 negotiation.

C.

There is a Diffie-Hellman group mismatch.

D.

This is a phase2 negotiation

Buy Now
Questions 26

Refer to the exhibit, which shows the output of get router info bgp summary.

Which two statements are true? (Choose two.)

Options:

A.

The local ForliGate has received one prefix from BGP neighbor 100.64.1.254.

B.

The TCP connection with BGP neighbor 100.64.2.254 was successful.

C.

The local FortiGate has received 18 packets from a BGP neighbor.

D.

The local FortiGate is still calculating the prefixes received from BGP neighbor 100.64.2.264

Buy Now
Questions 27

While troubleshooting a FortiGate web filter issue, users report that they cannot access any websites, even though those sites are not explicitly blocked by any web filter profiles that are applied to firewall policies.

What are the three most likely reasons for this behavior? (Choose three answers)

Options:

A.

The web filter cache has been cleared causing all websites to take longer to be rated.

B.

The SSL/TLS deep inspection was configured but the browsers do not have the FortiGate certificate installed.

C.

The webfilter-force-off setting has been enabled under config system fortiguard.

D.

The DNS server is unreachable, preventing URL resolution.

E.

The FortiGuard Web Filtering license has expired, causing FortiGate to apply the default block action.

Buy Now
Questions 28

Refer to the exhibit.

The output from a collector agent log is shown. The collector agent is showing the status of a workstation as Not Verified . What are two common causes for this message? (Choose two.)

Options:

A.

The workstation has come out of hibernate mode.

B.

The workstation remote registry service is not running.

C.

Traffic to ports 139 and 445 is blocked.

D.

DNS cannot resolve the workstation name.

Buy Now
Questions 29

Refer to the exhibit, which contains partial output from an IKE real-time debug.

The administrator does not have access to the remote gateway.

Based on the debug output, which configuration change the administrator make to the local gateway to resolve the phase 1 negotiation error?

Options:

A.

In the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms.

B.

In the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms.

C.

In the phase 1 network configuration, set the IKE version to 2.

D.

In the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms.

Buy Now
Questions 30

What are two functions of automation stitches? (Choose two.)

Options:

A.

You can configure automation stitches on any FortiGate device in a Security Fabric environment.

B.

You can configure automation stitches to execute actions sequentially by taking parameters from previous actions as input for the current action.

C.

You can set an automation stitch configured to execute actions in parallel to insert a specific delay between actions.

D.

You can create automation stitches to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.

Buy Now
Questions 31

Refer to the exhibit.

Partial output of the get vpn ipsec tunnel details command is shown. Based on the output, which two statements are correct? (Choose two.)

Options:

A.

The npu_flag for this tunnel is 02.

B.

Different SPI values are a result of auto-negotiation being disabled for phase2 selectors.

C.

The npu_flag for this tunnel is 03.

D.

Anti-replay is enabled.

Buy Now
Questions 32

Refer to the exhibit.

An IPsec VPN tunnel using IKEv2 was brought up successfully, but when the tunnel rekey takes place the tunnel goes down.

The debug command for IKE was enabled and, in the exhibit, you can review the partial output of the debug IKE while attempting to bring the tunnel up.

What is causing. The tunnel to be down?

Options:

A.

A Diffie-Hellman mismatch

B.

Blocked traffic on UDP port 500

C.

A mismatch m the Phase 1 negotiations

D.

A mismatch in the Phase 2 negotiations

Buy Now
Questions 33

Which three common FortiGate-to-collector-agent connectivity issues can you identify using the FSSO real-time debug? (Choose three.)

Options:

A.

The SSL certificate used for FSSO over SSL has expired.

B.

The connection was refused. There may be a mismatch of the TCP port.

C.

FortiGate cannot reach the IP address of the collector agent.

D.

The pro-shared key does not match

E.

The group filters do not match.

Buy Now
Questions 34

Refer to the exhibit, which shows the partial output of command diagnose debug rating.

In this exhibit, which FDS server will the FortiGate algorithm choose?

Options:

A.

66.117.56.37

B.

208.91.112.194

C.

209.22.147.36

D.

64.26.151.37

Buy Now
Questions 35

Refer to the exhibit.

The sniffer log on two FortiGate devices are shown. Based on the information in the log, which two factors explain the output on FortiGate FGT-02? (Choose two answers)

Options:

A.

A third-party device is blocking protocol 50.

B.

The administrator has not yet configured the VPN tunnel on FGT-02.

C.

The administrator configured the wrong remote peer IP address on FGT-01.

D.

The administrator set the wrong sniffer filter on FGT-02.

Buy Now
Questions 36

What are two reasons that an OSPF router does not have any type 5 tank-state advertisements (LSAs) In its link-stale database (LSD6)? (Choose two.)

Options:

A.

There is no autonomous system border router (ASBR) in the network,

B.

The peer of the local router is using a prefix-list-out. configuration to prevent all type 5 LSAs to be advertised.

C.

The local router is located in a stub area

D.

IP protocol 89 is blocked between the local router and its peer.

Buy Now
Questions 37

What is the diagnose test application ipsmonitor 5 command used for? (Choose one answer)

Options:

A.

To disable the IPS engine

B.

To provide information regarding IPS sessions

C.

To restart all IPS engines and monitors

D.

To enable IPS bypass mode

Buy Now
Questions 38

Which two statements about conserve mode are true? (Choose two.)

Options:

A.

FortiGate enters conserve mode when the system memory reaches the configured extreme threshold.

B.

FortiGate starts taking the configured action for new sessions requiring content inspection when the system memory reaches the configured red threshold.

C.

FortiGate exits conserve mode when the system memory goes below the configured green threshold.

D.

FortiGate starts dropping all new sessions when the system memory reaches the configured red threshold.

Buy Now
Questions 39

Refer to the exhibit.

The output of the command diagnose vpn tunnels liar is shown.

Which two statements accurately describe the status of the tunnel? (Choose two.)

Options:

A.

Phase 2 is down

B.

Phase 1 is down.

C.

There is currently no traffic traversing the tunnel

D.

Both Phase 1 and Phase 2 were negotiated successfully.

Buy Now
Questions 40

Exhibit.

Refer to the exhibit, which contains a screenshot of some phase 1 settings.

The VPN is not up. To diagnose the issue, the administrator enters the following CLI commands on an SSH session on FortiGate:

However, the IKE real-time debug does not show any output. Why?

Options:

A.

The administrator must also run the command diagnose debug enable.

B.

The debug shows only error messages. If there is no output, then the phase 1 and phase 2 configurations match.

C.

The log-filter setting is incorrect. The VPN traffic does not match this filter.

D.

Replace diagnose debug application ike -1 with diagnose debug application ipsec -1.

Buy Now
Exam Code: FCSS_NST_SE-7.6
Exam Name: Fortinet NSE 6 - Network Security 7.6 Support Engineer
Last Update: Jul 1, 2026
Questions: 131
FCSS_NST_SE-7.6 pdf

FCSS_NST_SE-7.6 PDF

$25.5  $84.99
FCSS_NST_SE-7.6 Engine

FCSS_NST_SE-7.6 Testing Engine

$30  $99.99
FCSS_NST_SE-7.6 PDF + Engine

FCSS_NST_SE-7.6 PDF + Testing Engine

$40.5  $134.99