FCSS_NST_SE-7.6 FCSS - Network Security 7.6 Support Engineer Questions and Answers

Ensure the user logs in using 'John Smith' not 'jsmith'.

Ensure the user is providing the correct user credentials.

Ensure the user is a member of at least one AD group to ensure step 4 of the LDAP authentication process is successful.

Ensure the account is active.

You can configure automation stitches on any FortiGate device in a Security Fabric environment.

You can configure automation stitches to execute actions sequentially by taking parameters from previous actions as input for the current action.

You can set an automation stitch configured to execute actions in parallel to insert a specific delay between actions.

You can create automation stitches to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.

Check whether TCP port 179 is blocked.

Check if there is an active static route to the peer.

Check whether both peers have an IP address within the same subnet.

Check if IP protocol 89 is blocked.

An ISDB route

A regular policy route

A regular policy route, which is associated with an active static route in the FIB

An SD-WAN rule

A batter route to the 8.8.8.8/32 network exists in the routing table.

FGT-B is configured with a prefix list denying the 8.8.8.8/32 network to be injected into the routing table.

The administrator has misconfigured redistribution of routes on FGT-A.

FGT-8 is configured with a distribution list denying the 8.8.8.8/32 network to be injected into the routing table.

A UDP session with only one packet received

A UOP session with packets sent and received

A TCP session waiting for the SYN ACK

A TCP session waiting for FIN ACK

The user was found in the LDAP tree, whose root is TAC.ottawa.fortinet.com.

FortiOS performs a bind to the LDAP server using the user's credentials.

FortiOS collects the user group information.

FortiOS is performing the second step (Search Request) in the LDAP authentication process.

Log is full on the collector agent.

Inability to reach IP address of the collector agent.

Refused connection. Potential mismatch of TCP port.

Mismatched pre-shared password.

Incompatible collector agent software version.

Disable webfilter-force-off.

Increase webfilter-timeout.

Enable fortiguard-anycast.

Change protocol to TCP.

The automation stitch test is not being logged.

The automation stitch test failed but the HA failover was successful.

An HA failover occurred.

The test was unsuccessful.

The name of the configured LDAP server is Lab.

The user is authenticating using CN=John Smith.

FortiOS is able to locate the user in step 3 (Bind Request) of the LDAP authentication process.

FortiOS is performing the second step (Search Request) in the LDAP authentication process.

If a configuration change is made to the primary FortiGate at this time, the secondary will initiate a synchronization reset.

If port 7 becomes disconnected on the secondary, both FortiGate devices will elect itself as primary.

If FGVM...649 is rebooted. FGVM...650 will become the primary and retain that role, even after FGVM...649 rejoins the cluster.

If no action is taken, the primary FortiGate will leave the cluster because of the current sync status.

The router 100.64.3.1 needs to update the local AS number in its BGP configuration in order to bring up the 8GP session with the local router.

An inbound route-map on local router is blocking the prefixes from neighbor 100.64.3.1.

All of the neighbors displayed are part of a single BGP configuration on the local router with the neighbor-range set to a value of 4.

The BGP session with peer 10.127.0.75 is up.

Change to aggressive mode on both VPNs.

Enable XAuth on both VPNs.

Use different pre-shared keys on both VPNs.

Set up specific peer IDs on both VPNs.

The interlace is part of the OSPF backbone area.

There are a total of five OSPF routers attached to the vorz4 network segment

One of the neighbors has a router ID of 0.0.0.4.

In the network connected to port4, two OSPF routers are down.

Both IKEv1 and IKEv2 share the feature of asymmetric authentication.

IKEv1 and IKEv2 have enough of the header format in common that both versions can run over the same UDP port.

IKEv1 and IKEv2 use same TCP port but run on different UDP ports.

IKEv1 and IKEv2 share the concept of phase1 and phase2.