Fortinet FCSS_NST_SE-7.6 Exam - Topic 1 Question 12 Discussion

The correct answer is D.

The exhibit shows:

session_count=591

clash=162

memory_tension_drop=0

TCP sessions:

166 in NONE state

1 in ESTABLISHED state

3 in SYN_SENT state

2 in TIME_WAIT state

The study guide explains the TCP protocol states and states explicitly:

''When a session is closed by both the sender and receiver, FortiGate keeps that session in the session table for a few seconds, to allow for any out-of-order packets that might arrive after the FIN/ACK packet. This is the state value 5.''

In diagnose sys session stat, the exhibit shows 2 in TIME_WAIT state. Since TIME_WAIT = state value 5, those are the sessions being kept briefly for possible out-of-order packets. That makes D correct.

Why the other options are wrong:

A is wrong because session_count=591 is the total number of sessions, while the TCP sessions shown add up to only 172 (166 + 1 + 3 + 2). So not all sessions in the table are TCP sessions.

B is wrong because the study guide says the number of sessions deleted because of low free memory is shown by memory_tension_drop, and in the exhibit it is 0, not 162.

C is wrong because the study guide defines ephemeral/open TCP sessions as those not fully established, but the exhibit does not say all 166 in NONE state are specifically ''waiting to complete the three-way handshake.'' The clearest directly supported statement from the displayed states is the 2 TIME_WAIT sessions retained for out-of-order packets.

So the verified answer is: D.