ExamGecko
Login
Home / Fortinet / FCP_FGT_AD-7.4 / List of questions
Ask Question

Fortinet FCP_FGT_AD-7.4 Practice Test - Questions Answers, Page 3

List of questions

Question 21

Report Export Collapse

Which three strategies are valid SD-WAN rule strategies for member selection? (Choose three.)

Manual with load balancing
Manual with load balancing
Lowest Cost (SLA) with load balancing
Lowest Cost (SLA) with load balancing
Best Quality with load balancing
Best Quality with load balancing
Lowest Quality (SLA) with load balancing
Lowest Quality (SLA) with load balancing
Lowest Cost (SLA) without load balancing
Lowest Cost (SLA) without load balancing
Suggested answer: A, B, C
Explanation:

FortiGate's SD-WAN rule strategies for member selection include the following:Manual with load balancing: This strategy allows an administrator to manually configure whichSD-WAN member interfaces to use for specific traffic.Lowest Cost (SLA) with load balancing: This strategy prioritizes the link with the lowest cost thatmeets the SLA requirements.Best Quality with load balancing: This strategy selects the link with the best performancemetrics, such as latency, jitter, or packet loss.Options D and E are incorrect because 'Lowest Quality' is not a valid strategy, and 'Lowest Costwithout load balancing' contradicts the requirement for load balancing in the strategy name.FortiOS 7.4.1 Administration Guide: SD-WAN Rule Strategies

asked 18/09/2024
Katlego Nkwane
52 questions

Question 22

Report Export Collapse

Which two features of IPsec IKEv1 authentication are supported by FortiGate? (Choose two.)

Pre-shared key and certificate signature as authentication methods
Pre-shared key and certificate signature as authentication methods
Extended authentication (XAuth)to request the remote peer to provide a username and password
Extended authentication (XAuth)to request the remote peer to provide a username and password
Extended authentication (XAuth) for faster authentication because fewer packets are exchanged
Extended authentication (XAuth) for faster authentication because fewer packets are exchanged
No certificate is required on the remote peer when you set the certificate signature as the authentication method
No certificate is required on the remote peer when you set the certificate signature as the authentication method
Suggested answer: A, B
asked 18/09/2024
Bouchtig, Yassine
45 questions

Question 23

Report Export Collapse

Which two statements are true regarding FortiGate HA configuration synchronization? (Choose two.)

Checksums of devices are compared against each other to ensure configurations are the same.
Checksums of devices are compared against each other to ensure configurations are the same.
Incremental configuration synchronization can occur only from changes made on the primary FortiGate device.
Incremental configuration synchronization can occur only from changes made on the primary FortiGate device.
Incremental configuration synchronization can occur from changes made on any FortiGate device within the HA cluster
Incremental configuration synchronization can occur from changes made on any FortiGate device within the HA cluster
Checksums of devices will be different from each other because some configuration items are not synced to other HA members.
Checksums of devices will be different from each other because some configuration items are not synced to other HA members.
Suggested answer: A, B
asked 18/09/2024
Jose Gonzalez
48 questions

Question 24

Report Export Collapse

What are two features of the NGFW profile-based mode? (Choose two.)

NGFW profile-based mode can only be applied globally and not on individual VDOMs.
NGFW profile-based mode can only be applied globally and not on individual VDOMs.
NGFW profile-based mode must require the use of central source NAT policy
NGFW profile-based mode must require the use of central source NAT policy
NGFW profile-based mode policies support both flow inspection and proxy inspection.
NGFW profile-based mode policies support both flow inspection and proxy inspection.
NGFW profile-based mode supports applying applications and web filtering profiles in a firewall policy.
NGFW profile-based mode supports applying applications and web filtering profiles in a firewall policy.
Suggested answer: C, D
asked 18/09/2024
Nghia To Duc
58 questions

Question 25

Report Export Collapse

Refer to the exhibit to view the firewall policy.

Fortinet FCP_FGT_AD-7.4 image Question 25 25952 09182024185827000000

Why would the firewall policy not block a well-known virus, for example eicar?

The action on the firewall policy is not set to deny.
The action on the firewall policy is not set to deny.
The firewall policy is not configured in proxy-based inspection mode.
The firewall policy is not configured in proxy-based inspection mode.
Web filter is not enabled on the firewall policy to complement the antivirus profile.
Web filter is not enabled on the firewall policy to complement the antivirus profile.
The firewall policy does not apply deep content inspection.
The firewall policy does not apply deep content inspection.
Suggested answer: B
Explanation:

The firewall policy shown in the exhibit is configured in flow-based inspection mode. In flow-based inspection, certain security features, such as deep content inspection, might not be aseffective as in proxy-based mode. Proxy-based inspection is necessary for thorough contentinspection, which includes identifying and blocking well-known viruses like EICAR.FortiOS 7.4.1 Administration Guide: Inspection Modes

asked 18/09/2024
Shrini Ch
37 questions

Question 26

Report Export Collapse

Which inspection mode does FortiGate use for application profiles if it is configured as a profile-based next-generation firewall (NGFW)?

Full content inspection
Full content inspection
Proxy-based inspection
Proxy-based inspection
Certificate inspection
Certificate inspection
Flow-based inspection
Flow-based inspection
Suggested answer: D
asked 18/09/2024
Liam Connelly
44 questions

Question 27

Report Export Collapse

Refer to the exhibit showing a FortiGuard connection debug output.

Fortinet FCP_FGT_AD-7.4 image Question 27 25954 09182024185827000000

Based on the output, which two facts does the administrator know about the FortiGuard connection? (Choose two.)

One server was contacted to retrieve the contract information.
One server was contacted to retrieve the contract information.
There is at least one server that lost packets consecutively.
There is at least one server that lost packets consecutively.
A local FortiManaqer is one of the servers FortiGate communicates with.
A local FortiManaqer is one of the servers FortiGate communicates with.
FortiGate is using default FortiGuard communication settings.
FortiGate is using default FortiGuard communication settings.
Suggested answer: A, D
asked 18/09/2024
Steven Prater
44 questions

Question 28

Report Export Collapse

Refer to the exhibit.

Fortinet FCP_FGT_AD-7.4 image Question 28 25955 09182024185827000000

Why did FortiGate drop the packet?

11 matched an explicitly configured firewall policy with the action DENY
11 matched an explicitly configured firewall policy with the action DENY
It failed the RPF check.
It failed the RPF check.
The next-hop IP address is unreachable.
The next-hop IP address is unreachable.
It matched the default implicit firewall policy
It matched the default implicit firewall policy
Suggested answer: D
asked 18/09/2024
Andifon Etim
43 questions

Question 29

Report Export Collapse

An administrator must enable a DHCP server on one of the directly connected networks on FortiGate. However, the administrator is unable to complete the process on the GUI to enable the service on the interface.

In this scenario, what prevents the administrator from enabling DHCP service?

The role of the interface prevents setting a DHCP server.
The role of the interface prevents setting a DHCP server.
The DHCP server setting is available only on the CLI.
The DHCP server setting is available only on the CLI.
Another interface is configured as the only DHCP server on FortiGate.
Another interface is configured as the only DHCP server on FortiGate.
The FortiGate model does not support the DHCP server.
The FortiGate model does not support the DHCP server.
Suggested answer: A
asked 18/09/2024
Georgios Kavvalakis
35 questions

Question 30

Report Export Collapse

Refer to the exhibit.

Fortinet FCP_FGT_AD-7.4 image Question 30 25957 09182024185827000000

Review the intrusion prevention system (IPS) profile signature settings shown in the exhibit.

What do you conclude when adding the FTP.Login.Failed signature to the IPS sensor profile?

Traffic matching the signature will be allowed and logged.
Traffic matching the signature will be allowed and logged.
The signature setting uses a custom rating threshold.
The signature setting uses a custom rating threshold.
The signature setting includes a group of other signatures.
The signature setting includes a group of other signatures.
Traffic matching the signature will be silently dropped and logged.
Traffic matching the signature will be silently dropped and logged.
Suggested answer: A
Explanation:

The exhibit shows that the 'FTP.Login.Failed' IPS signature is set with the action 'Pass' andpacket logging enabled. This means that any traffic matching this signature will be allowedthrough the FortiGate, and the traffic details will be logged for monitoring and analysispurposes.FortiOS 7.4.1 Administration Guide: IPS Signature Actions

asked 18/09/2024
Jay Chua
48 questions
Total 88 questions
Go to page: of 9
Open VPLUS File
Convert VPLUS to PDF

Related questions

A network administrator has configured an SSL/SSH inspection profile defined for full SSL inspection and set with a private CA certificate. The firewall policy that allows the traffic uses this profile for SSL inspection and performs web filtering. When visiting any HTTPS websites, the browser reports certificate warning errors. What is the reason for the certificate warning errors?
Refer to the exhibit. FortiGate is configured for firewall authentication. When attempting to access an external website, the user is not presented with a login prompt. What is the most likely reason for this situation?
Refer to the exhibits. The exhibits show a diagram of a FortiGate device connected to the network, as well as the IP pool configuration and firewall policy objects. The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port3) interface has the IPaddress 10.0.1.254/24. Which IP address will be used to source NAT (SNAT) the traffic, if the user on Local-Client (10.0.1.10) pings the IP address of Remote-FortiGate (10.200.3.1)?
A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the and does not block the file allowing it to be downloaded. The administrator confirms that the traffic matches the configured firewall policy. What are two reasons for the failed virus detection by FortiGate? (Choose two.)
Refer to the exhibits, which show the system performance output and the default configuration of high memory usage thresholds in a FortiGate. Based on the system performance output, what can be the two possible outcomes? (Choose two.)
Refer to the exhibits. FGT-1 and FGT-2 are updated with HA configuration commands shown in the exhibit. What would be the expected outcome in the HA cluster?
An administrator configured a FortiGate to act as a collector for agentless polling mode. What must the administrator add to the FortiGate device to retrieve AD user group information?
A network administrator is configuring an IPsec VPN tunnel for a sales employee travelling abroad. Which IPsec Wizard template must the administrator apply?
An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when there is outbound traffic but no response from the peer. Which DPD mode on FortiGate meets this requirement?
A FortiGate firewall policy is configured with active authentication however, the user cannot authenticate when accessing a website. Which protocol must FortiGate allow even though the user cannot authenticate?