ExamGecko
Search Search Login
Home Home / Fortinet / FCP_FGT_AD-7.4

Fortinet FCP_FGT_AD-7.4 Practice Test - Questions Answers, Page 3

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibits. FGT-1 and FGT-2 are updated with HA configuration commands shown in the exhibit. What would be the expected outcome in the HA cluster?
Which three methods are used by the collector agent for AD polling? (Choose three.)
Refer to the exhibits. The exhibits show a diagram of a FortiGate device connected to the network, and the firewall configuration. An administrator created a Deny policy with default settings to deny Webserver access for Remote-User2. The policy should work such that Remote-User1 must be able to access the Webserver while preventing Remote-User2 from accessing the Webserver. Which two configuration changes can the administrator make to the policy to deny Webserver access for Remote-User2? (Choose two.)
Which two statements about equal-cost multi-path (ECMP) configuration on FortiGate are true? (Choose two.)
Refer to the exhibit, which shows a partial configuration from the remote authentication server. Why does the FortiGate administrator need this configuration?
An administrator configured a FortiGate to act as a collector for agentless polling mode. What must the administrator add to the FortiGate device to retrieve AD user group information?
Which three strategies are valid SD-WAN rule strategies for member selection? (Choose three.)
A network administrator is configuring an IPsec VPN tunnel for a sales employee travelling abroad. Which IPsec Wizard template must the administrator apply?
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes. All traffic must be routed through the primary tunnel when both tunnels are up. The secondary tunnel must be used only if the primary tunnel goes down. In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover. Which two key configuration changes must the administrator make on FortiGate to meet the requirements? (Choose two.)
Which method allows management access to the FortiGate CLI without network connectivity?

Question 21

Report
Export
Collapse

Which three strategies are valid SD-WAN rule strategies for member selection? (Choose three.)

A.
Manual with load balancing
A.
Manual with load balancing
Answers
B.
Lowest Cost (SLA) with load balancing
B.
Lowest Cost (SLA) with load balancing
Answers
C.
Best Quality with load balancing
C.
Best Quality with load balancing
Answers
D.
Lowest Quality (SLA) with load balancing
D.
Lowest Quality (SLA) with load balancing
Answers
E.
Lowest Cost (SLA) without load balancing
E.
Lowest Cost (SLA) without load balancing
Answers
Suggested answer: A, B, C

Explanation:

FortiGate's SD-WAN rule strategies for member selection include the following:Manual with load balancing: This strategy allows an administrator to manually configure whichSD-WAN member interfaces to use for specific traffic.Lowest Cost (SLA) with load balancing: This strategy prioritizes the link with the lowest cost thatmeets the SLA requirements.Best Quality with load balancing: This strategy selects the link with the best performancemetrics, such as latency, jitter, or packet loss.Options D and E are incorrect because 'Lowest Quality' is not a valid strategy, and 'Lowest Costwithout load balancing' contradicts the requirement for load balancing in the strategy name.FortiOS 7.4.1 Administration Guide: SD-WAN Rule Strategies

Question 22

Report
Export
Collapse

Which two features of IPsec IKEv1 authentication are supported by FortiGate? (Choose two.)

A.
Pre-shared key and certificate signature as authentication methods
A.
Pre-shared key and certificate signature as authentication methods
Answers
B.
Extended authentication (XAuth)to request the remote peer to provide a username and password
B.
Extended authentication (XAuth)to request the remote peer to provide a username and password
Answers
C.
Extended authentication (XAuth) for faster authentication because fewer packets are exchanged
C.
Extended authentication (XAuth) for faster authentication because fewer packets are exchanged
Answers
D.
No certificate is required on the remote peer when you set the certificate signature as the authentication method
D.
No certificate is required on the remote peer when you set the certificate signature as the authentication method
Answers
Suggested answer: A, B

Question 23

Report
Export
Collapse

Which two statements are true regarding FortiGate HA configuration synchronization? (Choose two.)

A.
Checksums of devices are compared against each other to ensure configurations are the same.
A.
Checksums of devices are compared against each other to ensure configurations are the same.
Answers
B.
Incremental configuration synchronization can occur only from changes made on the primary FortiGate device.
B.
Incremental configuration synchronization can occur only from changes made on the primary FortiGate device.
Answers
C.
Incremental configuration synchronization can occur from changes made on any FortiGate device within the HA cluster
C.
Incremental configuration synchronization can occur from changes made on any FortiGate device within the HA cluster
Answers
D.
Checksums of devices will be different from each other because some configuration items are not synced to other HA members.
D.
Checksums of devices will be different from each other because some configuration items are not synced to other HA members.
Answers
Suggested answer: A, B

Question 24

Report
Export
Collapse

What are two features of the NGFW profile-based mode? (Choose two.)

A.
NGFW profile-based mode can only be applied globally and not on individual VDOMs.
A.
NGFW profile-based mode can only be applied globally and not on individual VDOMs.
Answers
B.
NGFW profile-based mode must require the use of central source NAT policy
B.
NGFW profile-based mode must require the use of central source NAT policy
Answers
C.
NGFW profile-based mode policies support both flow inspection and proxy inspection.
C.
NGFW profile-based mode policies support both flow inspection and proxy inspection.
Answers
D.
NGFW profile-based mode supports applying applications and web filtering profiles in a firewall policy.
D.
NGFW profile-based mode supports applying applications and web filtering profiles in a firewall policy.
Answers
Suggested answer: C, D

Question 25

Report
Export
Collapse

Refer to the exhibit to view the firewall policy.

Why would the firewall policy not block a well-known virus, for example eicar?

A.
The action on the firewall policy is not set to deny.
A.
The action on the firewall policy is not set to deny.
Answers
B.
The firewall policy is not configured in proxy-based inspection mode.
B.
The firewall policy is not configured in proxy-based inspection mode.
Answers
C.
Web filter is not enabled on the firewall policy to complement the antivirus profile.
C.
Web filter is not enabled on the firewall policy to complement the antivirus profile.
Answers
D.
The firewall policy does not apply deep content inspection.
D.
The firewall policy does not apply deep content inspection.
Answers
Suggested answer: B

Explanation:

The firewall policy shown in the exhibit is configured in flow-based inspection mode. In flow-based inspection, certain security features, such as deep content inspection, might not be aseffective as in proxy-based mode. Proxy-based inspection is necessary for thorough contentinspection, which includes identifying and blocking well-known viruses like EICAR.FortiOS 7.4.1 Administration Guide: Inspection Modes

Question 26

Report
Export
Collapse

Which inspection mode does FortiGate use for application profiles if it is configured as a profile-based next-generation firewall (NGFW)?

A.
Full content inspection
A.
Full content inspection
Answers
B.
Proxy-based inspection
B.
Proxy-based inspection
Answers
C.
Certificate inspection
C.
Certificate inspection
Answers
D.
Flow-based inspection
D.
Flow-based inspection
Answers
Suggested answer: D

Question 27

Report
Export
Collapse

Refer to the exhibit showing a FortiGuard connection debug output.

Based on the output, which two facts does the administrator know about the FortiGuard connection? (Choose two.)

A.
One server was contacted to retrieve the contract information.
A.
One server was contacted to retrieve the contract information.
Answers
B.
There is at least one server that lost packets consecutively.
B.
There is at least one server that lost packets consecutively.
Answers
C.
A local FortiManaqer is one of the servers FortiGate communicates with.
C.
A local FortiManaqer is one of the servers FortiGate communicates with.
Answers
D.
FortiGate is using default FortiGuard communication settings.
D.
FortiGate is using default FortiGuard communication settings.
Answers
Suggested answer: A, D

Question 28

Report
Export
Collapse

Refer to the exhibit.

Why did FortiGate drop the packet?

A.
11 matched an explicitly configured firewall policy with the action DENY
A.
11 matched an explicitly configured firewall policy with the action DENY
Answers
B.
It failed the RPF check.
B.
It failed the RPF check.
Answers
C.
The next-hop IP address is unreachable.
C.
The next-hop IP address is unreachable.
Answers
D.
It matched the default implicit firewall policy
D.
It matched the default implicit firewall policy
Answers
Suggested answer: D

Question 29

Report
Export
Collapse

An administrator must enable a DHCP server on one of the directly connected networks on FortiGate. However, the administrator is unable to complete the process on the GUI to enable the service on the interface.

In this scenario, what prevents the administrator from enabling DHCP service?

A.
The role of the interface prevents setting a DHCP server.
A.
The role of the interface prevents setting a DHCP server.
Answers
B.
The DHCP server setting is available only on the CLI.
B.
The DHCP server setting is available only on the CLI.
Answers
C.
Another interface is configured as the only DHCP server on FortiGate.
C.
Another interface is configured as the only DHCP server on FortiGate.
Answers
D.
The FortiGate model does not support the DHCP server.
D.
The FortiGate model does not support the DHCP server.
Answers
Suggested answer: A

Question 30

Report
Export
Collapse

Refer to the exhibit.

Review the intrusion prevention system (IPS) profile signature settings shown in the exhibit.

What do you conclude when adding the FTP.Login.Failed signature to the IPS sensor profile?

A.
Traffic matching the signature will be allowed and logged.
A.
Traffic matching the signature will be allowed and logged.
Answers
B.
The signature setting uses a custom rating threshold.
B.
The signature setting uses a custom rating threshold.
Answers
C.
The signature setting includes a group of other signatures.
C.
The signature setting includes a group of other signatures.
Answers
D.
Traffic matching the signature will be silently dropped and logged.
D.
Traffic matching the signature will be silently dropped and logged.
Answers
Suggested answer: A

Explanation:

The exhibit shows that the 'FTP.Login.Failed' IPS signature is set with the action 'Pass' andpacket logging enabled. This means that any traffic matching this signature will be allowedthrough the FortiGate, and the traffic details will be logged for monitoring and analysispurposes.FortiOS 7.4.1 Administration Guide: IPS Signature Actions

Total 86 questions
Go to page: of 9
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms