Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

FCSS_NST_SE-7.6 Fortinet NSE 6 - Network Security 7.6 Support Engineer Free Practice Exam Questions (2026 Updated)

Prepare effectively for your Fortinet FCSS_NST_SE-7.6 Fortinet NSE 6 - Network Security 7.6 Support Engineer certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2026, ensuring you have the most current resources to build confidence and succeed on your first attempt.

Page: 1 / 2
Total 134 questions

Refer to the exhibit.

If the default settings are m place, what can you conclude about the conserve mode shown in the exhibit?

A.

FortiGate is currently allowing new sessions that require flow-based content inspection and blocking sessions that require proxy-based content inspection

B.

FortiGate is currently allowing new sessions and will continue to allow sessions if memory increases another 6%.

C.

FortiGate is currently allowing now sessions that require flow-based or proxy-based content inspection, but is not performing inspection on those sessions.

D.

FortiGate is currently blocking all new sessions regardless of the content inspection requirements or configuration settings because of high memory use.

Refer to the exhibit, which shows the modified output of the routing kernel.

Which statement is true?

A.

The egress interface associated with static route 8.8.8.8/32 is administratively up.

B.

The default static route through 10.200.1.254 is not in the forwarding information base.

C.

The default static route through port2 is in the forwarding information base.

D.

The BGP route to 10.0.4.0/24 is not in the forwarding information base.

Exhibit.

Refer to the exhibit, which shows a partial web fillet profile configuration.

Which action does FortiGate lake if a user attempts to access www. dropbox. com, which is categorized as File Sharing and Storage?

A.

FortiGate allows the connection, based on the URL Filter configuration.

B.

FortiGate blocks the connection as an invalid URL.

C.

FortiGate exempts the connection, based on the Web Content Filter configuration.

D.

FortiGate blocks the connection, based on the FortiGuard category based filter configuration.

Refer to the exhibit, which shows the partial output of FortiOS kernel slabs.

Which statement is true?

A.

The total slab size of the sctp_session slab is 0 kB and is associated with the user space.

B.

The total slab size of the ip_session slab is 3600 kB and is associated with the user space.

C.

The total slab size of the ip6_session slab is 1300 kB and is associated with the kernel.

D.

The total slab size of the tcp_session slab is 7500 kB and is associated with the kernel.

Which statement about parallel path processing is correct (PPP)?

A.

PPP chooses from a group of parallel options lo identity the optimal path tor processing a packet.

B.

Only FortiGate hardware configurations affect the path that a packet takes.

C.

PPP does not apply to packets that are part of an already established session.

D.

Software configuration has no impact on PPP.

Refer to the exhibit, which shows the output of a BGP debug command.

What can you conclude about the router in this scenario?

A.

The router 100.64.3.1 needs to update the local AS number in its BGP configuration in order to bring up the 8GP session with the local router.

B.

An inbound route-map on local router is blocking the prefixes from neighbor 100.64.3.1.

C.

All of the neighbors displayed are part of a single BGP configuration on the local router with the neighbor-range set to a value of 4.

D.

The BGP session with peer 10.127.0.75 is up.

An administrator wants to capture encrypted phase 2 traffic between two FotiGate devices using the built-in sniffer.

If the administrator knows that there Is no NAT device located between both FortiGate devices, which command should the administrator run?

A.

diagnose sniffer packet any ' udp port 500 '

B.

diagnose sniffer packet any ' lp proto 50 '

C.

diagnose sniffer packet any ' udp port 4500 '

D.

diagnose sniffer packet any ' ah '

During which phase of IKEv2 does the Diffie-Helman key exchange take place?

A.

IKE_Req_INIT

B.

Create_CHILD_SA

C.

IKE_Auth

D.

IKE_SA_INIT

Refer to the exhibits, which contain the partial configurations of two VPNs on FortiGate.

An administrator has configured two VPNs for two different user groups. Users who are in the Users-2 group are not able to connect to the VPN. After running a diagnostics command, the administrator discovers that FortiGate is not matching the user-2 VPN for members of the Users-2 group.

Which two changes must the administrator make to fix the issue? (Choose two.)

A.

Change to aggressive mode on both VPNs.

B.

Enable XAuth on both VPNs.

C.

Use different pre-shared keys on both VPNs.

D.

Set up specific peer IDs on both VPNs.

What can cause an IKEv2 tunnel to go down after it was initially brought up successfully?

A.

Mismatched traffic selectors (phase 2 / “quick-mode selectors”) were detected during the CREATE_CHILD_SA exchange.

B.

A mismatched proposal was detected during the IKE_AUTH exchange.

C.

A mismatched pre-shared key was detected during the IKE_AUTH exchange.

D.

A mismatched Diffie-Hellman group was detected during the IKE_SA_INIT exchange.

Exhibit.

Refer to the exhibit, which shows a FortiGate configuration.

An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however the web filter is not inspecting any traffic that is passing through the policy.

What must the administrator do to fix the issue?

A.

Disable webfilter-force-off.

B.

Increase webfilter-timeout.

C.

Enable fortiguard-anycast.

D.

Change protocol to TCP.

The output of a policy route table entry is shown.

Which type of policy route does the output show?

A.

A regular policy route, which is not associated with an active static route in the FIB

B.

An ISDB route

C.

An SD-WAN rule

D.

A regular policy route, which is associated with an active static route in the FIB

Refer to the exhibit.

Assuming a default configuration, which three statements are true? (Choose three.)

A.

Strict RPF is enabled by default.

B.

User B: Fail. There is no route to 95.56.234.24 .

C.

User A: Pass. The default static route through wan1 passes the RPF check regardless of the source IP address.

D.

User B: Pass. FortiGate will use asymmetric routing using wan1 to reply to traffic for 95.56.234.24.

E.

User C: Fail. There is no route to 10.0.4.63 using port1 in the touting table.

Refer to the exhibit.

Which two observations can you make about the web filter traffic captured using the flow tool? (Choose two.)

A.

The session is offloaded to the NPU.

B.

The firewall policy is configured with proxy-based inspection mode.

C.

The web filter profile is configured with proxy-based inspection mode.

D.

The HTTPS port is mapped to 443 in the SSL/SSH Inspection Profile

Refer to the exhibits.

An OSPF peer is advertising route 172.16.52.0/24. The local FortiGate is configured with an inbound distribution list that allows the 172.16.0.0/16 network to be injected into its routing table. However, the 1 ' 2.16.52.0/24 subnet cannot be seen in the FIB.

Which two stops can the administrator of the local FortiGate take to ensure that the advertised 172.16. 52.0/24 subnet will be injected into the routing table? (Choose two.)

A.

Add another entry to the prefix list to specifically allow the 172.16.52.0/24 network.

B.

Change the ge value to 17.

C.

Change the R- value lo 16.

D.

Modify the default prefix-list behavior from implicit deny to implicit allow.

Consider the scenario where the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate.

Which action will FortiGate take when using the default settings for SSL certificate inspection?

A.

FortiGate uses the SNI from the user ' s web browser.

B.

FortiGate closes the connection because this represents an invalid SSL/TLS configuration.

C.

FortiGate uses the first entry listed in the SAN field in the server certificate.

D.

FortiGate uses the CN information from the Subject field in the server certificate.

Refer to the exhibit, which shows the output of a real-time debug. Which statement about this output is true? (Choose one answer)

A.

The server hostname was extracted from the SNI in the client request, or from the CN in the server certificate.

B.

FortiGate found the requested URL in its local cache.

C.

This web request was inspected using the ftgd-allow web filter profile.

D.

The requested URL belongs to category ID 255.

Which statement about IKEv2 is true?

A.

Both IKEv1 and IKEv2 share the feature of asymmetric authentication.

B.

IKEv1 and IKEv2 have enough of the header format in common that both versions can run over the same UDP port.

C.

IKEv1 and IKEv2 use the same TCP port but run on different UDP ports.

D.

IKEv1 and IKEv2 share the concept of phase1 and phase2.

Refer to the exhibit.

An IPsec VPN tunnel using IKEv2 was brought up successfully, but when the tunnel rekey takes place the tunnel goes down.

The debug command for IKE was enabled and, in the exhibit, you can review the partial output of the debug IKE while attempting to bring the tunnel up.

What is causing. The tunnel to be down?

A.

A Diffie-Hellman mismatch

B.

Blocked traffic on UDP port 500

C.

A mismatch m the Phase 1 negotiations

D.

A mismatch in the Phase 2 negotiations

Refer to the exhibit.

FortiGate is showing continuous high CPU usage During a maintenance window, the CLI command diagnose sys top displays the output shown in the exhibit. The CLI command diagnose twat application ipsmonitor 5 was run. but the CPU usage by daemon ipsengine did not drop Which immediate action can you take to reduce the CPU usage effectively?

A.

Reduce the number of IPS signatures enabled on the active IPS profiles

B.

Execute diagnose test application ipsMonitor 2inatead.

C.

Disable IPS on all firewall policies.

D.

Bypass all IPS engines

Page: 1 / 2
Total 134 questions
Copyright © 2014-2026 Solution2Pass. All Rights Reserved