FCSS_NST_SE-7.4 FCSS – Network Security 7.4 Support Engineer Exam

Exam series: FCSS_NST_SE-7.4
Number of questions: 40
Exam time: 75 minutes
Language: English
Product version: FortiOS 7.4
Status: Available
Exam details: exam description

Network Security Support Engineer

Certification
This exam is part of the Fortinet Certified Solution Specialist – Network Security certification track. This certification validates your ability to administer, monitor, and troubleshoot Fortinet network security solutions.
Visit the Cybersecurity Certification page for information about certification requirements.

Examkingdom Fortinet FCSS_NST_SE-7.4 Exam pdf

Best Fortinet FCSS_NST_SE-7.4 Downloads, Fortinet FCSS_NST_SE-7.4 Dumps at Certkingdom.com

Exam
The FCSS – Network Security 7.4 Support Engineer exam evaluates your knowledge of, and expertise with, Fortinet solutions in enterprise security infrastructure environments.
The exam tests important knowledge and skills required to diagnose and troubleshoot enterprise firewall solutions in FortiOS 7.4.
Once you pass the exam, you will receive the following exam badge:

Audience
The FCSS – Network Security 7.4 Support Engineer exam is intended for network and security professionals who are responsible
for the administration and support of an enterprise security infrastructure composed of many FortiGate devices.

Exam Description
Exam Details
Exam name FCSS – Network Security 7.4 Support Engineer
Exam series FCSS_NST_SE-7.4
Time allowed 75 minutes
Exam questions 40 multiple-choice questions
Scoring Pass or fail. A score report is available from your
Language English
Product version FortiOS 7.4

Exam Topics
Successful candidates have applied knowledge and skills in the following areas and tasks:

* System Troubleshooting
* Troubleshoot FortiGate-to-FortiGate Security Fabric issues
* Troubleshoot automation stitches
* Troubleshoot resource problems using built-in tools
* Troubleshoot connectivity problems using built-in tools
* Troubleshoot different operation modes for FGCP HA clusters
* Authentication
* Troubleshoot local and remote authentication
* Troubleshoot Fortinet Single Sign-On (FSSO) issues
* Security Profiles
* Troubleshoot FortiGuard issues
* Troubleshoot web filtering issues
* Troubleshoot the intrusion prevention system (IPS)
* Routing
* Troubleshoot routing packets using static routes
* Troubleshoot OSPF to route the enterprise traffic
* Troubleshoot BGP to route the enterprise traffic
* VPN
* Troubleshoot IPsec IKE version 1 and 2 issues

Training Resources
The following resources are recommended for attaining the knowledge and skills that are covered on the exam. The recommended training is available as a foundation for exam preparation. In addition to training, you are strongly encouraged to
have hands-on experience with the exam topics and objectives.

* FCSS – Network Security 7.4 Support Engineer course and hands-on labs
* FCSS – Enterprise Firewall 7.2 course and hands-on labs
* FCP – FortiGate 7.4 Administrator course and hands-on labs
* FortiOS 7.4—Administration Guide
* FortiOS 7.4—New Features Guide
* FortiOS 7.4—CLI Reference

Experience
* 3 years of experience with networking
* 3 years of experience with network security
* Minimum of 1 year of hands-on experience with FortiGate

Examination Policies and Procedures
The Fortinet Training Institute recommends that you review the exam policies and procedures before you register for the exam.
Access important information on the Fortinet Training Institute Policies page, and find answers to common questions on the FAQ page. Questions?
If you have more questions about the NSE Certification Program, contact us through the Fortinet Training Institute Helpdesk

---

Sample Question and Answers

QUESTION 1
Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate.
Which action will FortiGate take when using the default settings for SSL certificate inspection?

A. FortiGate uses the SNI from the user’s web browser.
B. FortiGate closes the connection because this represents an invalid SSL/TLS configuration.
C. FortiGate uses the first entry listed in the SAN field in the server certificate.
D. FortiGate uses the ZN information from the Subject field in the server certificate.

Answer: C

QUESTION 2
Exhibit.
Refer to the exhibit, which contains partial output from an IKE real-time debug.
Which two statements about this debug output are correct? (Choose two.)

A. Perfect Forward Secrecy (PFS) is enabled in the configuration.
B. The local gateway IP address is 10.0.0.1.
C. It shows a phase 2 negotiation.
D. The initiator provided remote as its IPsec peer ID.

Answer: C, D

QUESTION 3
Exhibit.
Refer to the exhibit, which shows the output of a diagnose command.
What can you conclude about the debug output in this scenario?

A. The first server provided to FortiGate when it performed a DNS query looking for a list of rating servers, was 121.111.236.179.
B. There is a natural correlation between the value in the FortiGuard-requests field and the value in the Weight field.
C. FortiGate used 64.26.151.37 as the initial server to validate its contract.
D. Servers with a negative TZ value are less preferred for rating requests.

Answer: B

QUESTION 4
Refer to the exhibit, which shows the output of a policy route table entry.
Which type of policy route does the output show?

A. An ISDB route
B. A regular policy route
C. A regular policy route, which is associated with an active static route in the FIB
D. An SD-WAN rule

Answer: A

QUESTION 5
Exhibit.
Refer to the exhibit, which shows a FortiGate configuration.
An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured
a web filter profile and applied it to a policy; however the web filter is not inspecting any traffic that is passing through the policy.
What must the administrator do to fix the issue?

A. Disable webfilter-force-off.
B. Increase webfilter-timeout.
C. Enable fortiguard-anycast.
D. Change protocol to TCP.

Answer: A

QUESTION 6
Which statement about IKEv2 is true?

A. Both IKEv1 and IKEv2 share the feature of asymmetric authentication.
B. IKEv1 and IKEv2 have enough of the header format in common that both versions can run over the same UDP port.
C. IKEv1 and IKEv2 use same TCP port but run on different UDP ports.
D. IKEv1 and IKEv2 share the concept of phase1 and phase2.

Answer: B