Summer Sale 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

ExamsBrite Dumps

Fortinet NSE 6 - Network Security 7.6 Support Engineer Question and Answers

Fortinet NSE 6 - Network Security 7.6 Support Engineer

Last Update Jul 14, 2026
Total Questions : 134

We are offering FREE FCSS_NST_SE-7.6 Fortinet exam questions. All you do is to just go and sign up. Give your details, prepare FCSS_NST_SE-7.6 free exam questions and then go for complete pool of Fortinet NSE 6 - Network Security 7.6 Support Engineer test questions that will help you more.

FCSS_NST_SE-7.6 pdf

FCSS_NST_SE-7.6 PDF

$36.75  $104.99
FCSS_NST_SE-7.6 Engine

FCSS_NST_SE-7.6 Testing Engine

$43.75  $124.99
FCSS_NST_SE-7.6 PDF + Engine

FCSS_NST_SE-7.6 PDF + Testing Engine

$57.75  $164.99
Questions 1

Refer to the exhibits.

An administrator is attempting to advertise the network configured on port3. However, FGT-A is not receiving the prefix.

Which two actions can the administrator take to fix this problem? (Choose two.)

Options:

A.  

Modify the prefix using the network command from 172.16.0.0/16 to 172.16.54.0/24.

B.  

Manually add the BGP route on FGT-A.

C.  

Restart BGP using a soft reset to force both peers to exchange their complete BGP routing tables.

D.  

Use the set network-import-check disable command.

Discussion 0
Questions 2

Which exchange lakes care of DoS protection in IKEv2?

Options:

A.  

Create_CHILD_SA

B.  

IKE_Auth

C.  

IKE_Req_INIT

D.  

IKE_SA_NIT

Discussion 0
Questions 3

Refer to the exhibit.

Partial output of diagnose sys session stat command is shown.

An administrator has noticed unusual behavior from FortiGate. It appears that sessions are randomly removed. Which two reasons could explain this? (Choose two.)

Options:

A.  

FortiGate is deleting sessions because the kernel cannot allocate more memory pages

B.  

FortiGate is dropping all TCP sessions with incomplete three-way handshakes.

C.  

FortiGate is not accepting sessions because the device has been down 10 out of 120 seconds.

D.  

FortiGate is flushing sessions because of high memory usage.

Discussion 0
Questions 4

Which statement about protocol options is true?

Options:

A.  

Protocol options allow administrators to configure a maximum number of sessions for each configured protocol.

B.  

Protocol options give administrators a streamlined method to instruct FortiGate to block all sessions corresponding to disabled protocols.

C.  

Protocol options allow administrators to configure the Any setting for all enabled protocols, which provides the most efficient use of system resources.

D.  

Protocol options allow administrators to configure which Layer 4 port numbers map to upper-layer protocols, such as HTTP, SMTP, FTP, and so on.

Discussion 0
Questions 5

Refer to the exhibit.

An IPsec VPN tunnel using IKEv2 was brought up successfully, but when the tunnel rekey takes place the tunnel goes down.

The debug command for IKE was enabled and, in the exhibit, you can review the partial output of the debug IKE while attempting to bring the tunnel up.

What is causing. The tunnel to be down?

Options:

A.  

A Diffie-Hellman mismatch

B.  

Blocked traffic on UDP port 500

C.  

A mismatch m the Phase 1 negotiations

D.  

A mismatch in the Phase 2 negotiations

Discussion 0
Questions 6

Exhibit.

Refer to the exhibit, which shows two entries that were generated in the FSSO collector agent logs.eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee

What three conclusions can you draw from these log entries? {Choose three.)

Options:

A.  

Remote registry is not running on the workstation.

B.  

The user ' s status shows as " not verified " in the collector agent.

C.  

DNS resolution is unable to resolve the workstation name.

D.  

The FortiGate firmware version is not compatible with that of the collector agent.

E.  

A firewall is blocking traffic to port 139 and 445.

Discussion 0
Questions 7

Refer to the exhibits.

An OSPF peer is advertising route 172.16.52.0/24. The local FortiGate is configured with an inbound distribution list that allows the 172.16.0.0/16 network to be injected into its routing table. However, the 1 ' 2.16.52.0/24 subnet cannot be seen in the FIB.

Which two stops can the administrator of the local FortiGate take to ensure that the advertised 172.16. 52.0/24 subnet will be injected into the routing table? (Choose two.)

Options:

A.  

Add another entry to the prefix list to specifically allow the 172.16.52.0/24 network.

B.  

Change the ge value to 17.

C.  

Change the R- value lo 16.

D.  

Modify the default prefix-list behavior from implicit deny to implicit allow.

Discussion 0
Questions 8

Refer to the exhibit, which shows a partial output of a real-time LDAP debug.

What two conclusions can you draw from the output? (Choose two.)

Options:

A.  

The user was found in the LDAP tree, whose root is TAC.ottawa.fortinet.com.

B.  

FortiOS performs a bind to the LDAP server using the user ' s credentials.

C.  

FortiOS collects the user group information.

D.  

FortiOS is performing the second step (Search Request) in the LDAP authentication process.

Discussion 0
Questions 9

Refer to the exhibit, which shows the output of diagnose sys session list.

If the HA ID for the primary device is 0, what happens if the primary fails and the secondary becomes the primary?

Options:

A.  

The secondary device has this session synchronized; however, because application control is applied, the session is marked dirty and has to be re-evaluated after failover.

B.  

Traffic for this session continues to be permitted on the new primary device after failover, without requiring the client to restart the session with the server.

C.  

The session will be removed from the session table of the secondary device because of the presence of allowed error packets, which will force the client to restart the session with the server.

D.  

The session state is preserved but the kernel will need to re-evaluate the session because NAT was applied.

Discussion 0
Questions 10

Refer to the exhibit, which shows partial outputs from two routing debug commands.

Which change must an administrator make on FortiGate to route web traffic from internal users to the internet, using ECMP?

Options:

A.  

Set snat-route-change to enable.

B.  

Set the priority of the static default route using port2 to 1.

C.  

Set preserve-session-route to enable.

D.  

Set the priority of the static default route using port1 to 10.

Discussion 0
Questions 11

Refer to the exhibit.

The modified output of live routing kemel is shown

Which two statements about the output are (rue? (Choose two.)

Options:

A.  

The BGP route to 10.0.4.0/24 is not in the forwarding information base.

B.  

The default static route through 10.200.1 254 is in the forwarding information base.

C.  

FortiGate is performing ECMP using both default static routes.

D.  

The local FortiGate is receiving only one LSA from one OSPF neighbor.

Discussion 0
Questions 12

Exhibit.

Refer to the exhibit, which shows a partial output of diagnose hardware aysinfo memory.

Which two statements about the output are true? (Choose two.)

Options:

A.  

There are 98908 kB of memory that will never be used.

B.  

The user space has 708880 kB of physical memory that is not used by the system.

C.  

The I/O cache, which has 641364 kB of memory allocated to it.

D.  

The value indicated next to the inactive heading represents the currently unused cache page.

Discussion 0
Questions 13

Refer to the exhibit, which shows the output of a diagnose command. What can you conclude from the RTT value?

Options:

A.  

Its value represents the time it takes to receive a response after a rating request is sent to a particular server.

B.  

Its value is incremented with each packet lost.

C.  

It determines which FortiGuard server is used for license validation.

D.  

Its initial value is statically set to 10.

Discussion 0
Questions 14

Which Iwo troubleshooting steps should you perform lf you encounter issues with intermittent web filter behavior? (Choose two.)

Options:

A.  

Check that the inspection mode configured for the web filter profile matches that of the firewall policy where it is applied.

B.  

Check that FortiGate is not entering conserve mode.

C.  

Check that the correct port is mapped to HTTP in the Protocol Options

D.  

Check that the communication between FortiGate and FortiGuard is stable

Discussion 0
Questions 15

Refer to the exhibit, which shows the output of a real-time debug. Which statement about this output is true? (Choose one answer)

Options:

A.  

The server hostname was extracted from the SNI in the client request, or from the CN in the server certificate.

B.  

FortiGate found the requested URL in its local cache.

C.  

This web request was inspected using the ftgd-allow web filter profile.

D.  

The requested URL belongs to category ID 255.

Discussion 0
Questions 16

What can cause an IKEv2 tunnel to go down after it was initially brought up successfully?

Options:

A.  

A mismatched proposal was detected during the IKE_AUTH exchange.

B.  

A mismatched Diffie-Hellman group was detected during the IKE_SA_INIT exchange.

C.  

A mismatched pre-shared key was detected during the IKE_AUTH exchange.

D.  

Mismatched quick-mode selectors were detected during the CREATE_CHILD_SA exchange.

Discussion 0
Questions 17

Refer to the exhibit.

The output of a BGO debug command is shown.

What is the most likely reason that the local FortiGate is not receiving any prefixes from its neighbors?

Options:

A.  

The local router is waiting for the keepalive message from the router 10.125.0.60.

B.  

None of the three neighbors has successfully established the TCP three-way handshake with the local router.

C.  

The router 100.64.3.1 is waiting for the OPEN message from the local router.

D.  

The RIB-OUT configuration for router 10.127.0.75 prevents any route advertisement to the local router.

Discussion 0
Questions 18

Which three common FortiGate-to-collector-agent connectivity issues can you identify using the FSSO real-time debug? (Choose three.)

Options:

A.  

Log is full on the collector agent.

B.  

Inability to reach IP address of the collector agent.

C.  

Refused connection. Potential mismatch of TCP port.

D.  

Mismatched pre-shared password.

E.  

Incompatible collector agent software version.

Discussion 0
Questions 19

In a Security Fabric environment which three actions must you take to ensure successful communication among the nodes? (Choose three.)

Options:

A.  

You must ensure that TCP port 8013 is not blocked along the way.

B.  

You must ensure that the port for Neighbor Discovery has been changed.

C.  

You must configure FortiGate in transparent mode.

D.  

You must authorize the downstream FortiGate on the root FortiGate.

E.  

You must enable FortiTelemetry on the receiving interlace of the upstream FortiGate.

Discussion 0
Questions 20

Refer to the exhibit, which shows the modified output of the routing kernel.

Which statement is true?

Options:

A.  

The egress interface associated with static route 8.8.8.8/32 is administratively up.

B.  

The default static route through 10.200.1.254 is not in the forwarding information base.

C.  

The default static route through port2 is in the forwarding information base.

D.  

The BGP route to 10.0.4.0/24 is not in the forwarding information base.

Discussion 0
Questions 21

An administrator wants to capture encrypted phase 2 traffic between two FotiGate devices using the built-in sniffer.

If the administrator knows that there Is no NAT device located between both FortiGate devices, which command should the administrator run?

Options:

A.  

diagnose sniffer packet any ' udp port 500 '

B.  

diagnose sniffer packet any ' lp proto 50 '

C.  

diagnose sniffer packet any ' udp port 4500 '

D.  

diagnose sniffer packet any ' ah '

Discussion 0
Questions 22

Refer to the exhibit, which shows the port1 interface configuration on FortiGate and partial session information for ICMP traffic.

What happens to the session information if a routing change occurs that affects this session?

Options:

A.  

Only the interface and gateway information for dev=7 will be removed.

B.  

The session information will not change unless the current route has been removed from the routing table.

C.  

The session will be flagged as dirty but no route lookups will be performed.

D.  

Sessions involving port7 or port19 will not have their routing information flushed.

Discussion 0
Questions 23

Refer to the exhibit.

The routing table information is shown.

Assuming a default configuration, which three statements about the RPF check on FortiGate are

correct? (Choose three.)

Options:

A.  

User C: Fail. There is no route to 10.0.4.63 using port1 in the routing table.

B.  

User B: Pass. FortiGate will use asymmetric routing using want to reply to traffic for 95.56.234.24.

C.  

User C: Pass. FortiGate will forward all incoming packets from User C using the default static route.

D.  

User B: Fail. There is no route to 95.56.234.24 using wan2 in the routing table.

E.  

User A: Pass. The default static route through want passes the RPF check regardless of the source IP address.

Discussion 0
Questions 24

Which authentication option can you not configure under config user radius on FortiOS?

Options:

A.  

mschap

B.  

pap

C.  

mschap2

D.  

eap

Discussion 0
Questions 25

In IKEv2, which exchange establishes the first CHILD_SA?

Options:

A.  

IKE_SA_INIT

B.  

INFORMATIONAL

C.  

CREATE_CHILD_SA

D.  

IKE_AUTH

Discussion 0
Questions 26

Refer to the exhibits,

which show the configuration on FortiGate and partial session information for internet traffic from a user on the internal network. If the priority on route ID 2 were changed from 10 to 0, what would happen to traffic matching that user session? (Choose one answer)

Options:

A.  

The session would be deleted, and the client would need to start a new session.

B.  

The session would remain in the session table, but its traffic would now egress from both port1 and port2.

C.  

The session would remain in the session table, and its traffic would egress from port2.

D.  

The session would remain in the session table, and its traffic would egress from port1.

Discussion 0
Questions 27

What are two functions of automation stitches? (Choose two.)

Options:

A.  

You can configure automation stitches to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.

B.  

You can configure automation stitches to modify packet headers and payloads if specific traffic triggers an anomaly IPS event.

C.  

You can configure automation stitches to insert a delay between actions if the automation stitches are set to execute actions in parallel.

D.  

You can configure automation stitches to take parameters from previous actions as input for the next action if the automation stitches are set to execute actions in sequence.

Discussion 0
Questions 28

Which of the following regarding protocol states is true? (Choose one answer)

Options:

A.  

proto_state=00 indicates that UDP traffic flows in both directions.

B.  

proto_state=01 indicates an established TCP session.

C.  

proto_state=10 indicates an established TCP session.

D.  

proto_state=01 indicates one-way ICMP traffic.

Discussion 0
Questions 29

The local OSPF router is unable to establish adjacency with a peer.

Which two things should the administrator do to troubleshoot the issue? (Choose two.)

Options:

A.  

Check if both peers have an IP address within the same subnet.

B.  

Check if IP protocol 89 is blocked.

C.  

Check if TCP port 179 is blocked.

D.  

Check if there is an active static route to the peer.

Discussion 0
Questions 30

Refer to the exhibit.

The output of the command diagnose vpn tunnel list is shown.

Reviewing the debug command, what is the current status of the traffic flowing through the tunnel?

Options:

A.  

The outbound IPsec SA was copied to the NPU.

B.  

NP6 is handling the offloading.

C.  

The inbound and outbound IPsec SAs were copied to the NPU.

D.  

The inbound IPsec SA was copied to the NPU.

Discussion 0
Questions 31

Refer to the exhibit.

Which Iwo statements about FortiGate behavior relating to this session are correct? (Choose two.)

Options:

A.  

FortiGate is performing a security profile inspection using the CPU.

B.  

FortiGate redirected the client to trio captive portal to authenticate so that a correct policy match could be made

C.  

FortiGate either initiated the session or the session terminates at FortiGate.

D.  

FortiGate forwarded this session without any inspection.

Discussion 0
Questions 32

Which two statements about Security Fabric communications are true? (Choose two.)

Options:

A.  

FortiTelemetry and Neighbor Discovery both operate using TCP.

B.  

The default port for Neighbor Discovery can be modified.

C.  

FortiTelemetry must be manually enabled on the FortiGate interface.

D.  

By default, the downstream FortiGate establishes a connection with the upstream FortiGate using TCP port 8013.

Discussion 0
Questions 33

Refer to the exhibit, which shows the output of get router info ospf neighbor.

What can you conclude from the command output?

Options:

A.  

The network type connecting the local Fortigate and OSPF neighbor 0.0.0.10 is point-to-point.

B.  

All neighbors are in area 0.0.0.0.

C.  

The local FortiGate is the BDR.

D.  

The local FortiGate is not a DROther.

Discussion 0
Questions 34

What is the diagnose test application ipsmonitor 5 command used for? (Choose one answer)

Options:

A.  

To disable the IPS engine

B.  

To provide information regarding IPS sessions

C.  

To restart all IPS engines and monitors

D.  

To enable IPS bypass mode

Discussion 0
Questions 35

Refer to the exhibit, which shows the output of get router info bgp summary.

Which two statements are true? (Choose two.)

Options:

A.  

The local ForliGate has received one prefix from BGP neighbor 100.64.1.254.

B.  

The TCP connection with BGP neighbor 100.64.2.254 was successful.

C.  

The local FortiGate has received 18 packets from a BGP neighbor.

D.  

The local FortiGate is still calculating the prefixes received from BGP neighbor 100.64.2.264

Discussion 0
Questions 36

Refer to the exhibit.

The output of a BGP debug command is shown.

Why has the local router at 172.16.23.58 been unable to establish adjacency with its only neighbor?

Options:

A.  

The neighbor router has become unreachable, which is evident by the low ratio of messages received to messages sent.

B.  

The local router has not received an OPEN message from the neighbor.

C.  

The local router has not received a SYN/ACK packet from the neighbor.

D.  

There is no active route to the BGP neighbor.

Discussion 0
Questions 37

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate.

Which action will FortiGate take when using the default settings for SSL certificate inspection?

Options:

A.  

FortiGate uses the SNI from the user ' s web browser.

B.  

FortiGate closes the connection because this represents an invalid SSL/TLS configuration.

C.  

FortiGate uses the first entry listed in the SAN field in the server certificate.

D.  

FortiGate uses the CN information from the Subject field in the server certificate.

Discussion 0
Questions 38

Which two statements about Security Fabric communications are true? (Choose two.)

Options:

A.  

By default, the downstream FortiGate establishes a connection with the upstream FortiGate using TCP port 8013.

B.  

FortiTelemetry must be manually enabled on the FortiGate interface.

C.  

The default ports for FortiTelemetry and Neighbor Discovery can be modified.

D.  

Security Fabric communication is enabled by default among all Fortinet devices.

Discussion 0
Questions 39

Which two statements about an auxiliary session ate true? (Choose two.)

Options:

A.  

With the auxiliary session selling disabled, only auxiliary sessions are offloaded.

B.  

With the auxiliary session setting enabled. ECMP traffic is accelerated to the NP6 processor.

C.  

With the auxiliary session setting enabled. Iwo sessions are created in case of routing change.

D.  

With the auxiliary session setting disabled, for each traffic path. FortiGate uses the same auxiliary session.

Discussion 0
Questions 40

Refer to the exhibits, which contain the partial configurations of two VPNs on FortiGate.

An administrator has configured two VPNs for two different user groups. Users who are in the Users-2 group are not able to connect to the VPN. After running a diagnostics command, the administrator discovers that FortiGate is not matching the user-2 VPN for members of the Users-2 group.

Which two changes must the administrator make to fix the issue? (Choose two.)

Options:

A.  

Change to aggressive mode on both VPNs.

B.  

Enable XAuth on both VPNs.

C.  

Use different pre-shared keys on both VPNs.

D.  

Set up specific peer IDs on both VPNs.

Discussion 0