Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
Fortinet
Fortinet Network Security Expert
FCP_FGT_AD-7.4
FCP - FortiGate 7.4 Administrator Questions and Answers

Pass the Fortinet Network Security Expert FCP_FGT_AD-7.4 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam FCP_FGT_AD-7.4 Premium Access

View all detail and faqs for the FCP_FGT_AD-7.4 exam

Go to Exam

690 Students Passed

87% Average Score

98% Same Questions

Viewing page 2 out of 3 pages

Viewing questions 11-20 out of questions

Questions # 11:

Which three strategies are valid SD-WAN rule strategies for member selection? (Choose three.)

Options:

Manual with load balancing

Lowest Cost (SLA) with load balancing

Best Quality with load balancing

Lowest Quality (SLA) with load balancing

Lowest Cost (SLA) without load balancing

Answer

A, B, E

Explanation

https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/342836/lowest-cost-sla-strategy

Questions # 12:

Refer to the exhibits.

Question # 12

The exhibits show a diagram of a FortiGate device connected to the network, as well as the IP pool configuration and firewall policy objects.

The WAN (port1) interface has the IP address10.200.1.1/24. The LAN (port3) interface has the IPaddress10.0.1.254/24.

Which IP address will be used to source NAT (SNAT) the traffic, if the user on Local-Client (10.0.1.10) pings the IP address of Remote-FortiGate (10.200.3.1)?

Options:

10.200.1.1

10.200.1.149

10.200.1.99

10.200.1.49

Answer

Questions # 13:

Which three statements about SD-WAN zones are true? (Choose three.)

Options:

An SD-WAN zone can contain physical and logical interfaces

You can use an SD-WAN zone in static route definitions

You can define up to three SD-WAN zones per FortiGate device

An SD-WAN zone must contains at least two members

An SD-WAN zone is a logical grouping of members

Answer

A, B, E

Explanation

An SD-WAN zone can contain physical and logical interfaces

SD-WAN zones can include both physical and logical interfaces, allowing flexible configuration for different network types.

You can use an SD-WAN zone in static route definitions

SD-WAN zones can be referenced in static routes, enabling dynamic path selection based on SD-WAN rules.

An SD-WAN zone is a logical grouping of members

An SD-WAN zone is a logical grouping of interfaces (members), used to simplify the management and application of SD-WAN rules.

Questions # 14:

Refer to the exhibits, which show the firewall policy and the security profile for Facebook.

Question # 14

Users are given access to the Facebook web application. They can play video content hosted on Facebook but they are unable to leave reactions on videos or other types of posts.

Which part of the configuration must you change to resolve the issue?

Options:

Make the SSL inspection a deep content inspection

Add Facebook to the URL category in the security policy

Disable HTTP redirect to HTTPS on the web browser

Get the additional application signatures required to add to the security policy

Answer

Questions # 15:

Refer to the exhibit.

Question # 15

The NOC team connects to the FortiGate GUI with theNOC_Accessadmin profile. They request that their GUI sessions do not disconnect too early during inactivity.

What must the administrator configure to answer this specific request from the NOC team?

Options:

Enable the parameter Never Timeout in the admin profiles

Increase theadmintimeoutvalue underconfig system accprofile super_admin.

Increase the admintimeout value under config system global

Increase the offline value of the Override idle Timeout parameter in the NOC_Access admin profile

Answer

Explanation

"You can override the idle timeout setting per administartor profile using the Override Idle Timeout setting. You can configure an administrator profile to increase inactivity timeout and facilitate use of the GUI for central monitoring. Then Override Idel Timeout setting allows the admintimeout value, under the config system accprofile, to be overridden per access profile."

Questions # 16:

Which two statements explain antivirus scanning modes? (Choose two.)

Options:

In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.

In flow-based inspection mode files bigger than the buffer size are scanned

In proxy-based inspection mode files bigger than the buffer size are scanned

In proxy-based inspection mode antivirus scanning buffers the whole file for scanning, before sending it to the client

Answer

A, D

Explanation

In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.

Flow-based inspection allows real-time scanning of files as they are being transmitted, with minimal impact on performance.

In proxy-based inspection mode antivirus scanning buffers the whole file for scanning, before sending it to the client.

Proxy-based inspection mode holds the file completely, scans it for threats, and only sends the file to the client if no threats are detected.

Questions # 17:

When FortiGate performs SSL/SSH full inspection, you can decide how it should react when it detects an invalid certificate.

Which three actions are valid actions that FortiGate can perform when it detects an invalid certificate? (Choose three.)

Options:

Allow & Warning

Trust & Allow

Allow

Block & Warning

Block

Answer

B, C, E

Explanation

When a certificate fails for any of the reasons above, you can configure any of the following actions: • Keep untrusted & Allow: FortiGate allows the website and lets the browser decide the action to take. FortiGate takes the certificate as untrusted. • Block: FortiGate blocks the content of the site. • Trust & Allow: FortiGate allows the website and takes the certificate as trusted.

Questions # 18:

An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSUTLS connection.

Which FortiGate configuration can achieve this goal?

Options:

SSL VPN quick connection

SSL VPN tunnel

SSL VPN bookmark

Zero trust network access

Answer

Explanation

An SSL VPN tunnel allows remote users to securely connect to the organization's network and transmit all traffic, including external application data and FTP resources, through an encrypted SSL/TLS connection. This ensures secure access to the network while supporting various protocols such as FTP and other application-specific traffic from the user's PC.

Questions # 19:

Refer to exhibit.

Question # 19

An administrator configured the web filtering profile shown in the exhibit to block access to all social networking sites except Twitter. However, when users try to accesstwitter.com, they are redirected to a FortiGuard web filtering block page.

Based on the exhibit, which configuration change can the administrator make to allow Twitter while blocking all other social networking sites?

Options:

On the Static URL Filter configuration set Type to Simple

On the FortiGuard Category Based Filter configuration set Action to Warning for Social Networking

On the Static URL Filter configuration set Action to Monitor

On the Static URL Filter configuration set Action to Exempt

Answer

Explanation

In the current configuration, although "twitter.com" is allowed in the Static URL Filter, the category "Social Networking" is set to "Block" under the FortiGuard Category Based Filter. To resolve the issue, setting the action to "Exempt" in the Static URL Filter for "twitter.com" will bypass the category-based block for this specific URL while still enforcing the block on other social networking sites.

Questions # 20:

An administrator has configured a strict RPF check on FortiGate.

How does strict RPF check work?

Options:

Strict RPF checks the best route back to the source using the incoming interface.

Strict RPF allows packets back to sources with all active routes.

Strict RPF checks only for the existence of at least one active route back to the source using the incoming interface.

Strict RPF check is run on the first sent and reply packet of any new session.

Answer

Explanation

Strict RPF (Reverse Path Forwarding) check ensures that the packet is received on the same interface that the FortiGate device would use to send traffic back to the source. It verifies that the best route to the source of the packet is through the same interface it arrived on, enhancing security by preventing IP spoofing. If the check fails, the packet is dropped.

Viewing page 2 out of 3 pages

Viewing questions 11-20 out of questions