ExamGecko
Login
Home / Fortinet / FCP_FGT_AD-7.4 / List of questions
Ask Question

Fortinet FCP_FGT_AD-7.4 Practice Test - Questions Answers

List of questions

Question 1

Report Export Collapse

Refer to the exhibit.

Fortinet FCP_FGT_AD-7.4 image Question 1 25928 09182024185827000000

Which two statements are true about the routing entries in this database table? (Choose two.)

All of the entries in the routing database table are installed in the FortiGate routing table.
All of the entries in the routing database table are installed in the FortiGate routing table.
The port2 interface is marked as inactive.
The port2 interface is marked as inactive.
Both default routes have different administrative distances.
Both default routes have different administrative distances.
The default route on porc2 is marked as the standby route.
The default route on porc2 is marked as the standby route.
Suggested answer: C, D
asked 18/09/2024
Barry Higgins
40 questions

Question 2

Report Export Collapse

Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

The host field in the HTTP header.
The host field in the HTTP header.
The server name indication (SNI) extension in the client hello message.
The server name indication (SNI) extension in the client hello message.
The subject alternative name (SAN) field in the server certificate.
The subject alternative name (SAN) field in the server certificate.
The subject field in the server certificate.
The subject field in the server certificate.
The serial number in the server certificate.
The serial number in the server certificate.
Suggested answer: B, C, D
asked 18/09/2024
Memo Albah
29 questions

Question 3

Report Export Collapse

Refer to the exhibit.

Fortinet FCP_FGT_AD-7.4 image Question 3 25930 09182024185827000000

Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?

All traffic from a source IP to a destination IP is sent to the same interface.
All traffic from a source IP to a destination IP is sent to the same interface.
Traffic is sent to the link with the lowest latency.
Traffic is sent to the link with the lowest latency.
Traffic is distributed based on the number of sessions through each interface.
Traffic is distributed based on the number of sessions through each interface.
All traffic from a source IP is sent to the same interface
All traffic from a source IP is sent to the same interface
Suggested answer: A
asked 18/09/2024
Kingsley Tibs
46 questions

Question 4

Report Export Collapse

A network administrator is configuring an IPsec VPN tunnel for a sales employee travelling abroad.

Which IPsec Wizard template must the administrator apply?

Remote Access
Remote Access
Site to Site
Site to Site
Dial up User
Dial up User
iHub-and-Spoke
iHub-and-Spoke
Suggested answer: A
asked 18/09/2024
Dylan Brons
40 questions

Question 5

Report Export Collapse

Refer to the exhibits, which show the system performance output and the default configuration of high memory usage thresholds in a FortiGate.

Fortinet FCP_FGT_AD-7.4 image Question 5 25932 09182024185827000000

Fortinet FCP_FGT_AD-7.4 image Question 5 25932 09182024185827000000

Based on the system performance output, what can be the two possible outcomes? (Choose two.)

FortiGate will start sending all files to FortiSandbox for inspection.
FortiGate will start sending all files to FortiSandbox for inspection.
FortiGate has entered conserve mode.
FortiGate has entered conserve mode.
Administrators cannot change the configuration.
Administrators cannot change the configuration.
Administrators can access FortiGate onlythrough the console port.
Administrators can access FortiGate onlythrough the console port.
Suggested answer: B, D
asked 18/09/2024
MAXIM TEN
44 questions

Question 6

Report Export Collapse

Refer to the exhibits.

Fortinet FCP_FGT_AD-7.4 image Question 6 25933 09182024185827000000

Fortinet FCP_FGT_AD-7.4 image Question 6 25933 09182024185827000000

Fortinet FCP_FGT_AD-7.4 image Question 6 25933 09182024185827000000

The exhibits show a diagram of a FortiGate device connected to the network, as well as the firewall policy and IP pool configuration on the FortiGate device.

Two PCs, PC1 and PC2, are connected behind FortiGate and can access the internet successfully. However, when the administrator adds a third PC to the network (PC3), the PC cannot connect to the internet.

Based on the information shown in the exhibit, which two configuration options can the administrator use to fix the connectivity issue for PC3? (Choose two.)

In the firewall policy configuration, add 10. o. l. 3 as an address object in the source field.
In the firewall policy configuration, add 10. o. l. 3 as an address object in the source field.
In the IP pool configuration, set endig to 192.2.0.12.
In the IP pool configuration, set endig to 192.2.0.12.
Configure another firewall policy that matches only the address of PC3 as source, and then place the policy on top of the list.
Configure another firewall policy that matches only the address of PC3 as source, and then place the policy on top of the list.
In the IP pool configuration, set cype to overload.
In the IP pool configuration, set cype to overload.
Suggested answer: B, D
asked 18/09/2024
Solanki Narendra
36 questions

Question 7

Report Export Collapse

Which method allows management access to the FortiGate CLI without network connectivity?

SSH console
SSH console
CLI console widget
CLI console widget
Serial console
Serial console
Telnet console
Telnet console
Suggested answer: B
asked 18/09/2024
Arvee Natividad
47 questions

Question 8

Report Export Collapse

Refer to the exhibit.

Fortinet FCP_FGT_AD-7.4 image Question 8 25935 09182024185827000000

In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output shown in the exhibit.

What should the administrator do next, to troubleshoot the problem?

Execute a debug flow.
Execute a debug flow.
Capture the traffic using an external sniffer connected to part1.
Capture the traffic using an external sniffer connected to part1.
Execute another sniffer on FortiGate, this time with the filter 'hose 10.o.1.10'.
Execute another sniffer on FortiGate, this time with the filter 'hose 10.o.1.10'.
Run a sniffer on the web server.
Run a sniffer on the web server.
Suggested answer: A
asked 18/09/2024
Arslan Ibragimov
44 questions

Question 9

Report Export Collapse

Refer to the exhibit.

Fortinet FCP_FGT_AD-7.4 image Question 9 25936 09182024185827000000

The exhibit shows the FortiGuard Category Based Filter section of a corporate web filter profile.

An administrator must block access to download.com, which belongs to the Freeware and Software Downloads category. The administrator must also allow other websites in the same category.

What are two solutions for satisfying the requirement? (Choose two.)

Configure a separate firewall policy with action Deny and an FQDN address object for *. download, com as destination address.
Configure a separate firewall policy with action Deny and an FQDN address object for *. download, com as destination address.
Set the Freeware and Software Downloads category Action to Warning
Set the Freeware and Software Downloads category Action to Warning
Configure a web override rating for download, com and select Malicious Websites as the subcategory.
Configure a web override rating for download, com and select Malicious Websites as the subcategory.
Configure a static URL filter entry for download, com with Type and Action set to Wildcard and Block, respectively.
Configure a static URL filter entry for download, com with Type and Action set to Wildcard and Block, respectively.
Suggested answer: A, D
Explanation:

To block access specifically to download.com while allowing other sites in the 'Freeware andSoftware Downloads' category, you can create a separate firewall policy with a deny actionspecifically for the FQDN *.download.com. This approach allows blocking this particular sitewithout affecting the other sites in the same category. Alternatively, configuring a static URLfilter entry with the type set to Wildcard and action set to Block will also achieve the desiredeffect by directly blocking the specific URL without impacting other sites in the category.FortiOS 7.4.1 Administration Guide: URL filter configuration

asked 18/09/2024
Jon Jones
40 questions

Question 10

Report Export Collapse

A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.

All traffic must be routed through the primary tunnel when both tunnels are up. The secondary tunnel must be used only if the primary tunnel goes down. In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover.

Which two key configuration changes must the administrator make on FortiGate to meet the requirements? (Choose two.)

Enable Dead Peer Detection
Enable Dead Peer Detection
Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.
Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.
Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
Suggested answer: A, C
asked 18/09/2024
Komalaharshini Basireddygari
48 questions
Total 88 questions
Go to page: of 9
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A network administrator has configured an SSL/SSH inspection profile defined for full SSL inspection and set with a private CA certificate. The firewall policy that allows the traffic uses this profile for SSL inspection and performs web filtering. When visiting any HTTPS websites, the browser reports certificate warning errors. What is the reason for the certificate warning errors?
Refer to the exhibit. FortiGate is configured for firewall authentication. When attempting to access an external website, the user is not presented with a login prompt. What is the most likely reason for this situation?
Refer to the exhibits. The exhibits show a diagram of a FortiGate device connected to the network, as well as the IP pool configuration and firewall policy objects. The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port3) interface has the IPaddress 10.0.1.254/24. Which IP address will be used to source NAT (SNAT) the traffic, if the user on Local-Client (10.0.1.10) pings the IP address of Remote-FortiGate (10.200.3.1)?
A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the and does not block the file allowing it to be downloaded. The administrator confirms that the traffic matches the configured firewall policy. What are two reasons for the failed virus detection by FortiGate? (Choose two.)
Refer to the exhibits, which show the system performance output and the default configuration of high memory usage thresholds in a FortiGate. Based on the system performance output, what can be the two possible outcomes? (Choose two.)
Refer to the exhibits. FGT-1 and FGT-2 are updated with HA configuration commands shown in the exhibit. What would be the expected outcome in the HA cluster?
An administrator configured a FortiGate to act as a collector for agentless polling mode. What must the administrator add to the FortiGate device to retrieve AD user group information?
A network administrator is configuring an IPsec VPN tunnel for a sales employee travelling abroad. Which IPsec Wizard template must the administrator apply?
An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when there is outbound traffic but no response from the peer. Which DPD mode on FortiGate meets this requirement?
A FortiGate firewall policy is configured with active authentication however, the user cannot authenticate when accessing a website. Which protocol must FortiGate allow even though the user cannot authenticate?