New Year Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

FCP_FGT_AD-7.4 FCP - FortiGate 7.4 Administrator Questions and Answers

Questions 4

Refer to the exhibit.

FCP_FGT_AD-7.4 Question 4

Which statement about this firewall policy list is true?

Options:

A.

The Implicit group can include more than one deny firewall policy.

B.

The firewall policies are listed by ID sequence view.

C.

The firewall policies are listed by ingress and egress interfaces pairing view.

D.

LAN to WAN. WAN to LAN. and Implicit are sequence grouping view lists.

Buy Now
Questions 5

Which two attributes are required on a certificate so it can be used as a CA certificate on SSL inspection? (Choose two.)

Options:

A.

The issuer must be a public CA

B.

The CA extension must be set to TRUE

C.

The Authority Key Identifier must be of type SSL

D.

The keyUsage extension must be set to

Buy Now
Questions 6

An employee needs to connect to the office through a high-latency internet connection.

Which SSL VPN setting should the administrator adjust to prevent SSL VPN negotiation failure?

Options:

A.

SSL VPN idle-timeout

B.

SSL VPN login-timeout

C.

SSL VPN dtls-hello-timeout

D.

SSL VPN session-ttl

Buy Now
Questions 7

A FortiGate firewall policy is configured with active authentication however, the user cannot authenticate when accessing a website.

Which protocol must FortiGate allow even though the user cannot authenticate?

Options:

A.

ICMP

B.

DNS

C.

DHCP

D.

LDAP

Buy Now
Questions 8

Which three statements about SD-WAN zones are true? (Choose three.)

Options:

A.

An SD-WAN zone can contain physical and logical interfaces

B.

You can use an SD-WAN zone in static route definitions

C.

You can define up to three SD-WAN zones per FortiGate device

D.

An SD-WAN zone must contains at least two members

E.

An SD-WAN zone is a logical grouping of members

Buy Now
Questions 9

Which statement is a characteristic of automation stitches?

Options:

A.

They can be run only on devices in the Security Fabric.

B.

They can be created only on downstream devices in the fabric.

C.

They can have one or more triggers.

D.

They can run multiple actions at the same time.

Buy Now
Questions 10

An administrator manages a FortiGate model that supports NTurbo.

How does NTurbo enhance performance for flow-based inspection?

Options:

A.

NTurbo offloads traffic to the content processor.

B.

NTurbo creates two inspection sessions on the FortiGate device.

C.

NTurbo buffers the whole file and then sends it to the antivirus engine.

D.

NTurbo creates a special data path to redirect traffic between the IPS engine its ingress and egress interfaces.

Buy Now
Questions 11

Which two statements about equal-cost multi-path (ECMP) configuration on FortiGate are true? (Choose two.)

Options:

A.

If SD-WAN is enabled, you control the load balancing algorithm with the parameter load-balance-mode.

B.

If SD-WAN is disabled, you can configure the parameter v4-ecmp-mode to volume-based.

C.

If SD-WAN is enabled, you can configure routes with unequal distance and priority values to be part of ECMP

D.

If SD-WAN is disabled, you configure the load balancing algorithm in config system settings.

Buy Now
Questions 12

Refer to the exhibit.

FCP_FGT_AD-7.4 Question 12

In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output shown in the exhibit.

What should the administrator do next, to troubleshoot the problem?

Options:

A.

Execute a debug flow.

B.

Capture the traffic using an external sniffer connected to part1.

C.

Execute another sniffer on FortiGate, this time with the filter "hose 10.o.1.10".

D.

Run a sniffer on the web server.

Buy Now
Questions 13

Which statement about the deployment of the Security Fabric in a multi-VDOM environment is true?

Options:

A.

Downstream devices can connect to the upstream device from any of their VDOMs

B.

Each VDOM in the environment can be part of a different Security Fabric

C.

VDOMs without ports with connected devices are not displayed in the topology

D.

Security rating reports can be run individually for each configured VDOM

Buy Now
Questions 14

What are two features of collector agent advanced mode? (Choose two.)

Options:

A.

In advanced mode, FortiGate can be configured as an LDAP client and group filters can be configured on FortiGate.

B.

Advanced mode supports nested or inherited groups.

C.

In advanced mode, security profiles can be applied only to user groups, not individual users.

D.

Advanced mode uses the Windows convention —NetBios: Domain\Username.

Buy Now
Questions 15

Refer to the exhibit.

FCP_FGT_AD-7.4 Question 15

FortiGate is configured for firewall authentication. When attempting to access an external website, the user is not presented with a login prompt.

What is the most likely reason for this situation?

Options:

A.

The Service DNS is required in the firewall policy.

B.

The user is using an incorrect user name.

C.

The Remote-users group is not added to the Destination.

D.

No matching user account exists for this user.

Buy Now
Questions 16

Which three methods are used by the collector agent for AD polling? (Choose three.)

Options:

A.

WinSecLog

B.

WMI

C.

NetAPI

D.

FSSO REST API

E.

FortiGate polling

Buy Now
Questions 17

Which three CLI commands, can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)

Options:

A.

execute ping

B.

execute traceroute

C.

diagnose sys top

D.

get system arp

E.

diagnose sniffer packet any

Buy Now
Questions 18

Which method allows management access to the FortiGate CLI without network connectivity?

Options:

A.

SSH console

B.

CLI console widget

C.

Serial console

D.

Telnet console

Buy Now
Questions 19

How can you disable RPF checking?

Options:

A.

Disable src-check on the interface level settings

B.

Unset fail-alert-interfaces on the interface level settings.

C.

Disable fail-detect on the interface level settings.

D.

Disable strict-src-check under system settings.

Buy Now
Questions 20

Which three statements explain a flow-based antivirus profile? (Choose three.)

Options:

A.

Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection

B.

Flow-based inspection optimizes performance compared to proxy-based inspection

C.

FortiGate buffers the whole file but transmits to the client at the same time.

D.

If a virus is detected, the last packet is delivered to the client.

E.

The IPS engine handles the process as a standalone.

Buy Now
Questions 21

Refer to the exhibit.

FCP_FGT_AD-7.4 Question 21

The exhibit shows the FortiGuard Category Based Filter section of a corporate web filter profile.

An administrator must block access to download.com, which belongs to the Freeware and Software Downloads category. The administrator must also allow other websites in the same category.

What are two solutions for satisfying the requirement? (Choose two.)

Options:

A.

Configure a separate firewall policy with action Deny and an FQDN address object for *. download, com as destination address.

B.

Set the Freeware and Software Downloads category Action to Warning

C.

Configure a web override rating for download, com and select Malicious Websites as the subcategory.

D.

Configure a static URL filter entry for download, com with Type and Action set to Wildcard and Block, respectively.

Buy Now
Questions 22

Refer to the exhibits.

FCP_FGT_AD-7.4 Question 22

FCP_FGT_AD-7.4 Question 22

FCP_FGT_AD-7.4 Question 22

FGT-1 and FGT-2 are updated with HA configuration commands shown in the exhibit.

What would be the expected outcome in the HA cluster?

Options:

A.

FGT-1 will remain the primary because FGT-2 has lower priority.

B.

FGT-2 will take over as the primary because it has the override enable setting and higher priority than FGT-1.

C.

FGT-1 will synchronize the override disable setting with FGT-2.

D.

The HA cluster will become out of sync because the override setting must match on all HA members.

Buy Now
Questions 23

Which statement is correct regarding the use of application control for inspecting web applications?

Options:

A.

Application control can identify child and parent applications, and perform different actions on them

B.

Application control signatures are included in Fortinet Antivirus engine

C.

Application control does not display a replacement message for a blocked web application

D.

Application control does not require SSL Inspection to Identity web applications

Buy Now
Questions 24

Refer to the exhibit, which shows the IPS sensor configuration.

FCP_FGT_AD-7.4 Question 24

If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)

Options:

A.

The sensor will gather a packet log for all matched traffic.

B.

The sensor will reset all connections that match these signatures.

C.

The sensor will allow attackers matching the Microsoft.Windows.iSCSl.Target.DoS signature.

D.

The sensor will block all attacks aimed at Windows servers.

Buy Now
Questions 25

Which three strategies are valid SD-WAN rule strategies for member selection? (Choose three.)

Options:

A.

Manual with load balancing

B.

Lowest Cost (SLA) with load balancing

C.

Best Quality with load balancing

D.

Lowest Quality (SLA) with load balancing

E.

Lowest Cost (SLA) without load balancing

Buy Now
Exam Code: FCP_FGT_AD-7.4
Exam Name: FCP - FortiGate 7.4 Administrator
Last Update: Dec 22, 2024
Questions: 86

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now FCP_FGT_AD-7.4 testing engine

PDF (Q&A)

$36.75  $104.99
buy now FCP_FGT_AD-7.4 pdf