Fortinet FCSS_NST_SE-7.6 시험

Question No : 1

Which two statements about conserve mode are true? (Choose two.)

• A.FortiGate enters conserve mode when the system memory reaches the configured extreme threshold.
• B.FortiGate starts taking the configured action for new sessions requiring content inspection when the system memory reaches the configured red threshold.
• C.FortiGate exits conserve mode when the system memory goes below the configured green threshold.
• D.FortiGate starts dropping all new sessions when the system memory reaches the configured red threshold.

답을 확인하기

정답:

Question No : 2

Which statement about protocol options is true?

• A.Protocol options allow administrators to configure a maximum number of sessions for each configured protocol.
• B.Protocol options give administrators a streamlined method to instruct FortiGate to block all sessions corresponding to disabled protocols.
• C.Protocol options allow administrators to configure the Any setting for all enabled protocols, which provides the most efficient use of system resources.
• D.Protocol options allow administrators to configure which Layer 4 port numbers map to upper-layer protocols, such as HTTP, SMTP, FTP, and so on.

답을 확인하기

정답:

Question No : 3

Exhibit.



Refer to the exhibit, which shows two entries that were generated in the FSSO collector agent logs.
What three conclusions can you draw from these log entries? {Choose three.)

• A.Remote registry is not running on the workstation.
• B.The user's status shows as "not verified" in the collector agent.
• C.DNS resolution is unable to resolve the workstation name.
• D.The FortiGate firmware version is not compatible with that of the collector agent.
• E.A firewall is blocking traffic to port 139 and 445.

답을 확인하기

정답:

Question No : 4

Refer to the exhibit, which shows the output of get router info ospf neighbor.



What can you conclude from the command output?

• A.The network type connecting the local Fortigate and OSPF neighbor 0.0.0.10 is point-to-point.
• B.All neighbors are in area 0.0.0.0.
• C.The local FortiGate is the BD
• D.The local FortiGate is not a DROther.

답을 확인하기

정답:

Question No : 5

Exhibit.



Refer to the exhibit, which shows the output of a session.
Which two statements are true? (Choose Iwo.)

• A.The TCP session has been successfully established.
• B.The session was initiated from an authenticated user.
• C.The session is being inspected using flow inspection.
• D.The session is being offloaded.

답을 확인하기

정답:

Question No : 6

What are two reasons you might see iprope_in_check() check failed, drop when using the debug flow? (Choose two.)

• A.Packet was dropped because of policy route misconfiguration.
• B.Packet was dropped because of traffic shaping.
• C.Trusted host list misconfiguration.
• D.VIP or IP pool misconfiguration.

답을 확인하기

정답:

Question No : 7

Refer to the exhibit, which shows partial outputs from two routing debug commands.



Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?

• A.Set snat-route-change to enable.
• B.Set the priority of the static default route using port2 to 1.
• C.Set preserve-session-route to enable.
• D.Set the priority of the static default route using port1 to 10.

답을 확인하기

정답:

Question No : 8

Exhibit.



Refer to the exhibit, which shows the output of diagnose automation test.
What can you observe from the output? (Choose two.)

• A.The automation stitch test is not being logged.
• B.The automation stitch test failed but the HA failover was successful.
• C.An HA failover occurred.
• D.The test was unsuccessful.

답을 확인하기

정답:

Question No : 9

Refer to the exhibit, which contains the output of diagnose vpn tunnel list.



Which command will capture ESP traffic for the VPN named DialUp_0?

• A.diagnose sniffer packet any 'ip proto 50'
• B.diagnose sniffer packet any 'host 10.0.10.10'
• C.diagnose sniffer packet any 'esp and host 10.200.3.2'
• D.diagnose sniffer packet any 'port 4500'

답을 확인하기

정답:

Question No : 10

Which two statements about Security Fabric communications are true? (Choose two.)

• A.FortiTelemetry and Neighbor Discovery both operate using TC
• B.The default port for Neighbor Discovery can be modified.
• C.FortiTelemetry must be manually enabled on the FortiGate interface.
• D.By default, the downstream FortiGate establishes a connection with the upstream FortiGate using TCP port 8013.

답을 확인하기

정답:
Explanation:
FortiTelemetry is a critical part of Security Fabric communications and requires explicit configuration for each participating FortiGate interface. The administrative access setting "fabric" (corresponding to FortiTelemetry) must be manually enabled per interface on both upstream and downstream devices. This is performed in the GUI under Administrative Access or via the CLI using the command set allowaccess fabric for the relevant network interface. Without this step, FortiTelemetry communications will not occur on that interface.
Additionally, the default communication between downstream and upstream FortiGate units in the Security Fabric is over TCP port 8013. This port is well-documented as the standard for Security Fabric and FortiTelemetry connections, and must be open and permitted across the network path for connectivity and status enforcement between units. The downstream FortiGate initiates the connection to the upstream via this port unless otherwise configured. This has also been documented as a PCI-relevant port, showing its default usage.
Other options:
Neighbor Discovery in FortiOS uses IPv6 ND protocol, not TCP.
FortiTelemetry port (8013) can be modified, but the interface Administrative Access for the Security Fabric must be manually enabled; Neighbor Discovery port modification is not documented as a supported change for FortiGate.
Reference: FortiGate/FortiOS Administration Guide: Enabling FortiTelemetry (fabric) on interfaces Fortinet Technical Tip: FortiTelemetry uses TCP port 8013 by default PCI compliance documentation on port 8013 usage for Security Fabric Fortinet Security Fabric setup procedures and interface options

Question No : 11

Refer to the exhibit.



Assuming a default configuration, which three statements are true? (Choose three.)

• A.Strict RPF is enabled by default.
• B.User B: Fail. There is no route to 95.56.234.24 using wan2 in the routing table.
• C.User A: Pass. The default static route through wan1 passes the RPF check regardless of the source IP address.
• D.User B: Pass. FortiGate will use asymmetric routing using wan1 to reply to traffic for 95.56.234.24.
• E.User C: Fail. There is no route to 10.0.4.63 using port1 in the touting table.

답을 확인하기

정답:
Explanation:
Reference: Fortinet Technical Note: RPF Default Configuration and Routing Table Matching
FortiGate Administration Guide: Routing and Asymmetric Routing Controls
Community Knowledgebase: Route Lookups and RPF Enforcement on FortiOS

Question No : 12

Refer to the exhibit, which shows the omitted output of a session table entry.



Which two statements are true? (Choose two.)

• A.The traffic has been tagged for VLAN 0000.
• B.NP7 is handling offloading of this session.
• C.The traffic matches Policy ID 1.
• D.The session has been offloaded.

답을 확인하기

정답:
Explanation:
In the provided session table output, the following details justify the answers:
Policy ID Match: The line policy_id=1 directly confirms that this session was matched by Firewall Policy ID 1. According to Fortinet’s session table documentation, the policy_id field always references the policy that allowed this session, so this is a clear indicator.
Session Offloading: The presence of the strings npu_state, ips_offload, and notably the NPU info section such as offload=8/8, ips_offload=1/1 shows that this session has been offloaded to the Network Processor Unit (NPU). Fortinet technical documentation states that "offload" values greater than zero in both directions (and an NPU info section) affirm that NPU hardware processing (fast path) is handling this traffic, thus the session is not being handled in software only.
Other options:
VLAN Tagging (vlan=0x0000/0x0000): This means no VLAN tag is assigned to this session.
NP7: The actual NPU model handling the session isn’t exposed in this snippetCthe offload parameters shown are generic and not specific to NP7 hardware, so it cannot be concluded from the session data.
Reference: Fortinet Technical Tip: FortiGate Session Table and NPU Offloading
FortiOS Diagnostics Guide: Policy ID, Offload, and VLAN Session Table Fields

Question No : 13

Exhibit.



Refer to the exhibit, which shows a partial web fillet profile configuration.
Which action does FortiGate lake if a user attempts to access www. dropbox. com, which is categorized as File Sharing and Storage?

• A.FortiGate allows the connection, based on the URL Filter configuration.
• B.FortiGate blocks the connection as an invalid UR
• C.FortiGate exempts the connection, based on the Web Content Filter configuration.
• D.FortiGate blocks the connection, based on the FortiGuard category based filter configuration.

답을 확인하기

정답:
Explanation:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-Static-URL-filter-actions-explained/ta-p/206632

Question No : 14

Exhibit.



Refer to the exhibit, which shows the output of get system ha status.
NGFW-1 and NGFW-2 have been up for a week.
Which two statements about the output are true? (Choose two.)

• A.If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.
• B.If port 7 becomes disconnected on the secondary, both FortiGate devices will elect itself as primary.
• C.If FGV
• D...649 is rebooted. FGV
• E...650 will become the primary and retain that role, even after FGV
• F...649 rejoins the cluster.
• G.If no action is taken, the primary FortiGate will leave the cluster because of the current sync status.

답을 확인하기

정답:
Explanation:
FortiGate HA Troubleshooting and Synchronization Guides
Fortinet Admin Guide: HA Primary Role Retention, Cluster Break-up Due to Out-of-Sync Status

Question No : 15

Exhibit.



Refer to the exhibit, which shows a partial output of diagnose hardware aysinfo memory.
Which two statements about the output are true? (Choose two.)

• A.There are 98908 kB of memory that will never be used.
• B.The user space has 708880 kB of physical memory that is not used by the system.
• C.The I/O cache, which has 641364 kB of memory allocated to it.
• D.The value indicated next to the inactive heading represents the currently unused cache page.

답을 확인하기

정답:
Explanation:
The partial output from diagnose hardware sysinfo memory provides details on system RAM allocation. According to Fortinet's technical documentation for memory troubleshooting and Linux memory management (which FortiOS is based on):
MemFree is the portion of physical memory not currently allocated to any running process or kernel function. Thus, 708880 kB is available and can be immediately used by user-space programs or system operations.
Inactive refers to pages in the memory cache that were previously in use for I/O or file system buffering but are now not actively referenced. These pages are retained in memory for quick access if needed again, but can be reclaimed for other memory operations if demand increases. The value 98908 kB here represents currently unused cache pages (inactive pages), ready for repurposing or deletion if the system requires more RAM.
Cached represents the total amount of system memory allocated to cache, which includes both active and inactive cache pages. It does not, by itself, represent I/O cache exclusively, nor does "inactive" mean memory “will never be used” as the kernel can re-purpose inactive pages on demand.
Reference: Fortinet Technical Tip: Explaining the 'diagnose hard sysinfo memory' command FortiOS System Administration Guide: Linux Memory Reporting, Cached and Inactive Statistics