01. Which three steps does FortiGate execute using the pull method to get antivirus and IPS updates?
(Choose three.)
a) FortiGate starts sending rating queries to one of the servers in the list.
b) FortiGate gets a list of server IP addresses that it can contact.
c) FortiGate contacts a DNS server to resolve the FortiGuard domain name.
d) FortiGate registers its public IP address in FortiGuard.
e) FortiGate periodically queries for pending updates.
02. For IKEv2, which combination of payloads can INFORMATIONAL exchanges contain?
a) Initiator, Responder, and Wait
b) Start, Wait, and Delete
c) Create, Remove, and Wait
d) Notify, Delete, and Configuration
03. Which statement best describes the full state when forming an OSPF adjacency between two peers?
a) Communication is bi-directional between the two peers.
b) The LSDBs on both routers are identical.
c) A primary and secondary relationship is negotiated.
d) All LSA types have been received from the peer.
04. View the exhibit:
Given the output showing a real-time debug, which statement describes why the update is failing?
a) The update should be using port 53 or port 8888, instead of port 443.
b) The administrator should use the execute update-wf command instead.
c) FortiGate is unable to establish a TCP connection with FDS.
d) FortiGate is unable to resolve the required FQDN (service.fortiguard.net) for antivirus and IPS updates.
05. Which command do you use to enable a timestamp in a real-time debug?
a) diagnose debug console timestamp enable
b) diagnose application timestamp enable
c) diagnose debug application timestamp enable
d) diagnose timestamp enable
06. In an FSSO environment, a user is listed as active on FortiGate but cannot browse the internet. Which factor do you not need to verify as a potential problem?
a) The connectivity between the collector agent and FortiGate
b) Whether there is a valid firewall policy
c) The user’s group information
d) That the user’s IP address is in the list of active FSSO users
07. Which two configuration commands change the default behavior for proxy-based content-inspected traffic while FortiGate is in conserve mode?
(Choose two.)
a) set fail-open enable
b) set ips fail-open disable
c) set av-failopen off
d) set av-failopen one-shot
08. When investigating FortiGuard connectivity issues, which action is a valid troubleshooting step?
a) Verify management VDOM internet access.
b) Verify that DNS requests are being proxied if auto-update tunneling is enabled.
c) Use the FortiGuard real-time debug command to verify rating requests.
d) Configure a virtual IP to forward port 443 to the FortiGate external IP.
09. Refer to the exhibits, which contain the partial configurations of two VPNs on FortiGate.
You have configured two VPNs for two different user groups. Users who are in the Users-2 group are not able to connect to the VPN. After running a diagnostics command, you discover that FortiGate is not matching the user-2 VPN for members of the Users-2 group.
Which two changes must the administrator make to fix the issue?
(Choose two.)
a) Use different pre-shared keys on both VPNs.
b) Set up specific peer IDs on both VPNs.
c) Change to aggressive mode on both VPNs.
d) Enable XAuth on both VPNs.
10. Which two configuration changes can you apply to optimize memory use on FortiGate?
(Choose two.)
a) Increase the maximum file size for AV inspection.
b) Decrease the session TTL.
c) Increase TCP session timers.
d) Use flow-based inspection.
e) Reduce the FortiGuard cache TTL.
Before you write the Fortinet Network Security Support Engineer (FCSS_NST_SE-7.4) certification exam, you may have certain doubts in your mind regarding the pattern of the test, the types of questions asked in it, the difficulty level of the questions and time required to complete the questions. These Fortinet Certified Solution Specialist - Network Security (Network Security Support Engineer) sample questions and demo exam help you in removing these doubts and prepare you to take the test.
