NSE7_NST-7 2 Network Security 7 2 Support Engineer Dumps Questions

Prévia do material em texto

NSE7_NST-7.2
Real Dumps
https://www.certspots.com/exam/nse7_nst-7-2/
1. Which two conditions would prevent a static route from being 
added to the routing table? (Choose two.)
A. The next-hop IP address is unreachable.
B. The interface specified in the route configuration is down
C. The route has a lower priority value than another route to the same 
destination.
D. There is another other route to the same destination, with a lower 
distance.
Answer: A, B
Fortinet NSE7_NST-7.2 Real Dumps
2. Which three conditions are required for two FortiGate devices to 
form an OSPF adjacency? (Choose three.)
A. OSPF link costs match.
B. OSPF interface priority settings are unique
C. OSPF interface network types match
D. Authentication settings match.
E. OSPF router IDs are unique.
Answer: C, D, E
Fortinet NSE7_NST-7.2 Real Dumps
3. What is the diagnose test application ipsmonitor 5 command used 
for?
A. To disable the IPS engine
B. To provide information regarding IPS sessions
C. To restart all IPS engines and monitors
D. To enable IPS bypass mode
Answer: C
Fortinet NSE7_NST-7.2 Real Dumps
4. Which three common FortiGate-to-collector-agent connectivity 
issues can you identify using the FSSO real-time debug? (Choose 
three.)
A. Refused connection. Potential mismatch of TCP port.
B. Mismatched pre-shared password.
C. Inability to reach IP address of the collector agent.
D. Log is full on the collector agent.
E. Incompatible collector agent software version.
Answer: A, B, C
Fortinet NSE7_NST-7.2 Real Dumps
5. Consider the scenario where the server name indication (SNI) does not 
match either the common name (CN) or any of the subject alternative names 
(SAN) in the server certificate.
Which action will FortiGate take when using the default settings for SSL 
certificate inspection?
A. FortiGate closes the connection because this represents an invalid SSL/TLS 
configuration
B. FortiGate uses the 31 information from the Subject field in the server 
certificate.
C. FortiGate uses the first entry listed in the SAN field in the server certificate.
D. FortiGate uses the SNI from the user's web browser.
Answer: A
Fortinet NSE7_NST-7.2 Real Dumps
6. Which two statements about application-layer test commands ate 
true? (Choose two.)
A. Some of them display statistics and configuration information about 
a feature or process.
B. Some of them display real-time application debugs.
C. Some of them display only output, after you run the diagnose 
debug console enable command.
D. Some of them can be used to restart an application.
Answer: A, B
Fortinet NSE7_NST-7.2 Real Dumps
7. Which two statements about conserve mode are true? (Choose two.)
A. FortiGate starts dropping all new sessions when the system memory 
reaches the configured red threshold.
B. FortiGate starts taking the configured action for new sessions 
requiring content inspection when the system memory reaches the 
configured red threshold.
C. FortiGate enters conserve mode when the system memory reaches 
the configured extreme threshold.
D. FortiGate exits conserve mode when the system memory goes 
below the configured green threshold
Answer: A, D
Fortinet NSE7_NST-7.2 Real Dumps
8. What are two functions of automation stitches? (Choose two.)
A. You can configure automation stitches on any FortiGate device in a 
Security Fabric environment.
B. You can create automation stitches to run diagnostic commands 
and attach the results to an email message when CPU or memory 
usage exceeds specified thresholds.
C. An automation stitch configured to execute actions sequentially can 
take parameters from previous actions as input for the current action.
D. You can set an automation stitch configured to execute actions in 
parallel to insert a specific delay between actions.
Answer: B, C
Fortinet NSE7_NST-7.2 Real Dumps
9. Which of the following regarding protocol states is true?
A. proto_state=00 indicates that UDP traffic flows in both directions.
B. proto_state-01 indicates an established TCP session.
C. proto_state=10 indicates an established TCP session.
D. proto state=01 indicates one-way ICMP traffic.
Answer: C
Fortinet NSE7_NST-7.2 Real Dumps
10. Which statement is correct regarding LDAP authentication using 
the regular bind type?
A. The regular bind type goes through four steps to successfully 
authenticate a user.
B. The regular bind type cannot be used if users are authenticated 
using sAMAccountName.
C. The regular bind type is the easiest bind type to configure on 
FortiOS.
D. The regular bind type requires a FortiGate super_admin account.
Answer: A
Fortinet NSE7_NST-7.2 Real Dumps