Fortinet Exam NSE7_NST-7.2 Topic 4 Question 18 Discussion

Actual exam question for Fortinet's NSE7_NST-7.2 exam

Question #: 18
Topic #: 4

Refer to the exhibit, which shows the output of diagnose sys session stat. Which statement about the output shown in the exhibit is correct?

AAII the sessions in the session table are TCP sessions.

B162 sessions have been deleted because of memory page exhaustion.

CThere are 166 TCP sessions waiting to complete the three-way handshake.

DThere are two sessions that have not been removed in case of any out-of-order packets that arrive.

Show Suggested Answer

Suggested Answer: C

Understanding protocol states:

proto_state=00: Indicates no traffic or a closed session.

proto_state=01: Typically indicates one-way ICMP traffic or a partially established TCP session.

proto_state=10: Indicates an established TCP session, where the session has completed the three-way handshake and both sides can send and receive data.

proto_state=11: Often indicates a fully established and active bidirectional session.

Explanation of correct answer:

proto_state=10 is the correct indication for an established TCP session as it signifies that the session is fully established and active.

Fortinet Network Security 7.2 Support Engineer Documentation

Fortinet Firewall Protocol State Documentation

by Weldon at Dec 08, 2024, 10:41 AM

Limited Time Offer

25%

Off

Get Premium NSE7_NST-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Glory

27 days ago

Hmm, I'm leaning towards D as well. The other options just don't seem to align with the information in the exhibit.

upvoted 0 times

Hoa

17 days ago

I think D is the correct option.

upvoted 0 times

...

2 months ago

Option D sounds like the correct answer. The output shows that there are two sessions that have not been removed in case of any out-of-order packets that arrive.

upvoted 0 times