Fortinet FCSS NST SE 7 4 Exam Questions

Questions for the FCSS NST SE 7 4 were updated on : Nov 23 ,2025

Page 1 out of 5. Viewing questions 1-15 out of 66

Question 1

Refer to the exhibit, which shows the port1 interface configuration on FortiGate and partial session
information for ICMP traffic.

What happens to the session information if a routing change occurs that affects this session?

  • A. Only the interface and gateway information for dev=7 will be removed.
  • B. The session information will not change unless the current route has been removed from the routing table.
  • C. The session will be flagged as dirty but no route lookups will be performed.
  • D. Sessions involving port7 or port19 will not have their routing information flushed.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Refer to the exhibit, which shows the modified output of the routing kernel.

Which statement is true?

  • A. The egress interface associated with static route 8.8.8.8/32 is administratively up.
  • B. The default static route through 10.200.1.254 is not in the forwarding information base.
  • C. The default static route through port2 is in the forwarding information base.
  • D. The BGP route to 10.0.4.0/24 is not in the forwarding information base.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Refer to the exhibit.
The exhibit shows the output from using the command diagnose debug application samld -1 to
diagnose a SAML connection.

Based on this output, what can you conclude?

  • A. Active Directory is used for authentication.
  • B. The authentication request is for an SSL VPN connection.
  • C. The IdP IP address is 10.1.10.254.
  • D. The IdP IP address is 10.1.10.2.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Refer to the exhibit, which shows the output of the command get router info bgp neighbors
100.64.2.254 advertised-routes.

What can you conclude from the output?

  • A. The BGP state of the two BGP participants is OpenConfirm.
  • B. The router ID of the neighbor is 100.64.2.254.
  • C. The BGP neighbor is advertising the 10.20.30.40/24 network to the local router.
  • D. The local router is advertising the 10.20.30.40/24 network to its BGP neighbor.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Refer to the exhibit, which shows the partial output of a real-time OSPF debug.

Why are the two FortiGate devices unable to form an adjacency?

  • A. The Hello packet is being sent from an OSPF router with ID 0.0.0.112.
  • B. The two FortiGate devices attempting adjacency are in area 0.0.0.0.
  • C. One FortiGate device is configured to require authentication, while the other is not.
  • D. The passwords on the FortiGate devices do not match.
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Refer to the exhibit, which shows one way communication of the downstream FortiGate with the
upstream FortiGate within a Security Fabric.

What three actions must you take to ensure successful communication? (Choose three.)

  • A. You must authorize the downstream FortiGate on the root FortiGate.
  • B. FortiGate must not be in NAT mode.
  • C. Ensure TCP port 8013 is not blocked along the way.
  • D. You must enable Security Fabric/Fortitelemetry on the receiving interface of the upstream FortiGate.
  • E. Ensure the port for Neighbor Discovery has been changed.
Answer:

ACD

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 7

Refer to the exhibit, which shows the partial output of FortiOS kernel slabs.

Which statement is true?

  • A. The total slab size of the sctp_session slab is 0 kB and is associated with the user space.
  • B. The total slab size of the ip_session slab is 3600 kB and is associated with the user space.
  • C. The total slab size of the ip6_session slab is 1300 kB and is associated with the kernel.
  • D. The total slab size of the tcp_session slab is 7500 kB and is associated with the kernel.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Refer to the exhibit, which a network topology and a partial routing table.

FortiGate has already been configured with a firewall policy that allows all ICMP traffic to flow from
port1 to port3.
Which changes must the administrator perform to ensure the server at 10.4.0.1/24 receives the echo
reply from the laptop at 10.1.0.1/24?

  • A. Enable asymmetric routing under config system settings.
  • B. Change the configuration from strict RPF check mode to feasible RPF check mode.
  • C. A firewall policy that allows all ICMP traffic from port3 to port1.
  • D. Modify the default gateway on the laptop from 10.1.0.2 to 10.2.0.2.
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

What are two functions of automation stitches? (Choose two.)

  • A. You can configure automation stitches on any FortiGate device in a Security Fabric environment.
  • B. You can configure automation stitches to execute actions sequentially by taking parameters from previous actions as input for the current action.
  • C. You can set an automation stitch configured to execute actions in parallel to insert a specific delay between actions.
  • D. You can create automation stitches to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.
Answer:

BD

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Refer to the exhibit, which shows the output of diagnose sys session list.

If the HA ID for the primary device is 0, what happens if the primary fails and the secondary becomes
the primary?

  • A. The secondary device has this session synchronized; however, because application control is applied, the session is marked dirty and has to be re-evaluated after failover.
  • B. Traffic for this session continues to be permitted on the new primary device after failover, without requiring the client to restart the session with the server.
  • C. The session will be removed from the session table of the secondary device because of the presence of allowed error packets, which will force the client to restart the session with the server.
  • D. The session state is preserved but the kernel will need to re-evaluate the session because NAT was applied.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Refer to the exhibits.

An administrator is attempting to advertise the network configured on port3. However, FGT-A is not
receiving the prefix.
Which two actions can the administrator take to fix this problem? (Choose two.)

  • A. Modify the prefix using the network command from 172.16.0.0/16 to 172.16.54.0/24.
  • B. Manually add the BGP route on FGT-A.
  • C. Restart BGP using a soft reset to force both peers to exchange their complete BGP routing tables.
  • D. Use the set network-import-check disable command.
Answer:

AD

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

Refer to the exhibit showing a debug output.

An administrator deployed FSSO in DC Agent Mode but FSSO is failing on FortiGate. Pinging FortiGate
from where the collector agent is deployed is successful.
The administrator then produces the debug output shown in the exhibit.
What could be causing this error message?

  • A. The TCP port 445 is blocked between FortiGate and collector agent.
  • B. The collector agent preshared password is mismatched.
  • C. The FortiGate cannot resolve the active directory server name.
  • D. The FortiGate and the collector agent are using different TCP ports.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Refer to the exhibit, which shows the partial output of a diagnose command.

Which two conclusions can you draw from the output shown in the exhibit? (Choose two.)

  • A. FortiGate will drop the expected traffic if it does not arrive within 23 seconds.
  • B. Clearing the master session has no impact on the expectation session.
  • C. This is a pinhole session to allow traffic for a TCP protocol that dynamically assigns TCP ports.
  • D. The session is checked against firewall policy ID 25.
Answer:

AC

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

Refer to the exhibit, which shows a partial output of a real-time LDAP debug.

What two conclusions can you draw from the output? (Choose two.)

  • A. The user was found in the LDAP tree, whose root is TAC.ottawa.fortinet.com.
  • B. FortiOS performs a bind to the LDAP server using the user's credentials.
  • C. FortiOS collects the user group information.
  • D. FortiOS is performing the second step (Search Request) in the LDAP authentication process.
Answer:

AD

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Refer to the exhibit, which shows a partial output of the real-time LDAP debug.

What two actions can the administrator take to resolve this issue? (Choose two.)

  • A. Ensure the user logs in using 'John Smith' not 'jsmith'.
  • B. Ensure the user is providing the correct user credentials.
  • C. Ensure the user is a member of at least one AD group to ensure step 4 of the LDAP authentication process is successful.
  • D. Ensure the account is active.
Answer:

BD

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2