ExamGecko
Login
Home / Fortinet / FCP_FGT_AD-7.4 / List of questions
Ask Question

Fortinet FCP_FGT_AD-7.4 Practice Test - Questions Answers, Page 4

List of questions

Question 31

Report Export Collapse

The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile.

Which order must FortiGate use when the web filter profile has features such as safe search enabled?

FortiGuard category filter and rating filter
FortiGuard category filter and rating filter
Static domain filter, SSL inspection filter, and external connectors filters
Static domain filter, SSL inspection filter, and external connectors filters
DNS-based web filter and proxy-based web filter
DNS-based web filter and proxy-based web filter
Static URL filter, FortiGuard category filter, and advanced filters
Static URL filter, FortiGuard category filter, and advanced filters
Suggested answer: D
asked 18/09/2024
Robert Akehurst
39 questions

Question 32

Report Export Collapse

FortiGate is integrated with FortiAnalyzer and FortiManager.

When a firewall policy is created, which attribute is added to the policy to improve functionality and to support recording logs to FortiAnalyzer or FortiManager?

Log ID
Log ID
Policy ID
Policy ID
(Sequence ID
(Sequence ID
Universally Unique Identifier
Universally Unique Identifier
Suggested answer: D
asked 18/09/2024
richard van der sligte
38 questions

Question 33

Report Export Collapse

An administrator configured a FortiGate to act as a collector for agentless polling mode.

What must the administrator add to the FortiGate device to retrieve AD user group information?

LDAP server
LDAP server
RADIUS server
RADIUS server
DHCP server
DHCP server
Windows server
Windows server
Suggested answer: A
Explanation:

To retrieve AD user group information in agentless polling mode, the administrator must add anLDAP server to the FortiGate device.

asked 18/09/2024
Chris Carter
39 questions

Question 34

Report Export Collapse

An administrator manages a FortiGate model that supports NTurbo.

How does NTurbo enhance performance for flow-based inspection?

NTurbo offloads traffic to the content processor.
NTurbo offloads traffic to the content processor.
NTurbo creates two inspection sessions on the FortiGate device.
NTurbo creates two inspection sessions on the FortiGate device.
NTurbo buffers the whole file and then sends it to the antivirus engine.
NTurbo buffers the whole file and then sends it to the antivirus engine.
NTurbo creates a special data path to redirect traffic between the IPS engine its ingress and egress interfaces.
NTurbo creates a special data path to redirect traffic between the IPS engine its ingress and egress interfaces.
Suggested answer: A
asked 18/09/2024
Michael Amann
43 questions

Question 35

Report Export Collapse

Refer to the exhibit.

Fortinet FCP_FGT_AD-7.4 image Question 35 25962 09182024185827000000

FortiGate has two separate firewall policies for Sales and Engineering to access the same web server with the same security profiles.

Which action must the administrator perform to consolidate the two policies into one?

Enable Multiple Interface Policies to select port1 and port2 in the same firewall policy
Enable Multiple Interface Policies to select port1 and port2 in the same firewall policy
Create an Interface Group that includes port1 and port2 to create a single firewall policy
Create an Interface Group that includes port1 and port2 to create a single firewall policy
Select port1 and port2 subnets in a single firewall policy.
Select port1 and port2 subnets in a single firewall policy.
Replace port1 and port2 with the any interface in a single firewall policy.
Replace port1 and port2 with the any interface in a single firewall policy.
Suggested answer: B
Explanation:

To consolidate the two separate firewall policies for Sales and Engineering departmentsaccessing the same web server, you can create an Interface Group that includes both port1
(Sales) and port2 (Engineering). Once the Interface Group is created, you can use this group as asingle incoming interface in a single firewall policy. This approach reduces the number ofpolicies, making management more efficient.FortiOS 7.4.1 Administration Guide: Firewall Policy Configuration

asked 18/09/2024
Harri rrapaj
34 questions

Question 36

Report Export Collapse

Refer to the exhibit, which shows a partial configuration from the remote authentication server.

Fortinet FCP_FGT_AD-7.4 image Question 36 25963 09182024185827000000

Why does the FortiGate administrator need this configuration?

To authenticate only the Training user group.
To authenticate only the Training user group.
To set up a RADIUS server Secret
To set up a RADIUS server Secret
To authenticate and match the Training OU on the RADIUS server.
To authenticate and match the Training OU on the RADIUS server.
To authenticate Any FortiGate user groups.
To authenticate Any FortiGate user groups.
Suggested answer: C
asked 18/09/2024
Naeem Navaid Shaikh
46 questions

Question 37

Report Export Collapse

Refer to the exhibits.

Fortinet FCP_FGT_AD-7.4 image Question 37 25964 09182024185827000000

Fortinet FCP_FGT_AD-7.4 image Question 37 25964 09182024185827000000

Fortinet FCP_FGT_AD-7.4 image Question 37 25964 09182024185827000000

The exhibits show a diagram of a FortiGate device connected to the network, as well as the IP pool configuration and firewall policy objects.

The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port3) interface has the IPaddress 10.0.1.254/24.

Which IP address will be used to source NAT (SNAT) the traffic, if the user on Local-Client (10.0.1.10) pings the IP address of Remote-FortiGate (10.200.3.1)?

10.200.1.1
10.200.1.1
10.200.1.149
10.200.1.149
10.200.1.99
10.200.1.99
10.200.1.49
10.200.1.49
Suggested answer: D
asked 18/09/2024
Yuri Mitrofanov
49 questions

Question 38

Report Export Collapse

Refer to the exhibit.

Fortinet FCP_FGT_AD-7.4 image Question 38 25965 09182024185827000000

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 failed to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match.

Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes can the administrator make to bring phase 1 up? (Choose two.)

On HQ-FortiGate, disable Diffie-Helman group 2.
On HQ-FortiGate, disable Diffie-Helman group 2.
On Remote-FortiGate, set port2 as Interface.
On Remote-FortiGate, set port2 as Interface.
On both FortiGate devices, set Dead Peer Detection to On Demand.
On both FortiGate devices, set Dead Peer Detection to On Demand.
On HQ-FortiGate, set IKE mode to Main (ID protection).
On HQ-FortiGate, set IKE mode to Main (ID protection).
Suggested answer: C, D
Explanation:

To bring Phase 1 up, the following changes can be made:A . On HQ-FortiGate, disable Diffie-Helman group 2: This is incorrect because Diffie-Hellmangroup 2 is already selected on both devices. Disabling it would not help.B . On Remote-FortiGate, set port2 as Interface: This is incorrect as both sides should beconsistent in their interface settings for the IPsec tunnel, and the interface is correctly set toport1 on both FortiGates in the IPsec configuration.C . On both FortiGate devices, set Dead Peer Detection to On Demand: This is a valid option.Setting Dead Peer Detection (DPD) to 'On Demand' helps maintain the IPsec connection bychecking if the peer is still available, which can help in some cases where the connection failsdue to timeouts.D . On HQ-FortiGate, set IKE mode to Main (ID protection): This is also a valid option becausethe Remote-FortiGate is already set to Main mode (ID protection). Ensuring that both ends usethe same mode is crucial for successful phase 1 negotiation.Thus, the correct answers are: C . On both FortiGate devices, set Dead Peer Detection to OnDemand. D . On HQ-FortiGate, set IKE mode to Main (ID protection).

asked 18/09/2024
Jesus Ignacio Morales Vivancos
47 questions

Question 39

Report Export Collapse

A network administrator has configured an SSL/SSH inspection profile defined for full SSL inspection and set with a private CA certificate. The firewall policy that allows the traffic uses this profile for SSL inspection and performs web filtering. When visiting any HTTPS websites, the browser reports certificate warning errors.

What is the reason for the certificate warning errors?

The SSL cipher compliance option is not enabled on the SSL inspection profile. This setting is required when the SSL inspection profile is defined with a private CA certificate.
The SSL cipher compliance option is not enabled on the SSL inspection profile. This setting is required when the SSL inspection profile is defined with a private CA certificate.
The certificate used by FortiGate for SSL inspection does not contain the required certificate extensions.
The certificate used by FortiGate for SSL inspection does not contain the required certificate extensions.
The browser does not recognize the certificate in use as signed by a trusted CA.
The browser does not recognize the certificate in use as signed by a trusted CA.
With full SSL inspection it is not possible to avoid certificate warning errors at the browser level.
With full SSL inspection it is not possible to avoid certificate warning errors at the browser level.
Suggested answer: C
asked 18/09/2024
Robert Akehurst
35 questions

Question 40

Report Export Collapse

Refer to the exhibit.

Fortinet FCP_FGT_AD-7.4 image Question 40 25967 09182024185827000000

FortiGate is configured for firewall authentication. When attempting to access an external website, the user is not presented with a login prompt.

What is the most likely reason for this situation?

The Service DNS is required in the firewall policy.
The Service DNS is required in the firewall policy.
The user is using an incorrect user name.
The user is using an incorrect user name.
The Remote-users group is not added to the Destination.
The Remote-users group is not added to the Destination.
No matching user account exists for this user.
No matching user account exists for this user.
Suggested answer: A
Explanation:

Firewall authentication generally requires the DNS service to be enabled in the firewall policy tocorrectly resolve hostnames during the authentication process. If DNS is not allowed in thefirewall policy, the FortiGate cannot resolve external domains, and as a result, the user may notbe presented with the login prompt when attempting to access an external website.FortiOS 7.4.1 Administration Guide: Firewall Authentication Configuration

asked 18/09/2024
Robert Petty
56 questions
Total 88 questions
Go to page: of 9
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A network administrator has configured an SSL/SSH inspection profile defined for full SSL inspection and set with a private CA certificate. The firewall policy that allows the traffic uses this profile for SSL inspection and performs web filtering. When visiting any HTTPS websites, the browser reports certificate warning errors. What is the reason for the certificate warning errors?
Refer to the exhibit. FortiGate is configured for firewall authentication. When attempting to access an external website, the user is not presented with a login prompt. What is the most likely reason for this situation?
Refer to the exhibits. The exhibits show a diagram of a FortiGate device connected to the network, as well as the IP pool configuration and firewall policy objects. The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port3) interface has the IPaddress 10.0.1.254/24. Which IP address will be used to source NAT (SNAT) the traffic, if the user on Local-Client (10.0.1.10) pings the IP address of Remote-FortiGate (10.200.3.1)?
A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the and does not block the file allowing it to be downloaded. The administrator confirms that the traffic matches the configured firewall policy. What are two reasons for the failed virus detection by FortiGate? (Choose two.)
Refer to the exhibits, which show the system performance output and the default configuration of high memory usage thresholds in a FortiGate. Based on the system performance output, what can be the two possible outcomes? (Choose two.)
Refer to the exhibits. FGT-1 and FGT-2 are updated with HA configuration commands shown in the exhibit. What would be the expected outcome in the HA cluster?
An administrator configured a FortiGate to act as a collector for agentless polling mode. What must the administrator add to the FortiGate device to retrieve AD user group information?
A network administrator is configuring an IPsec VPN tunnel for a sales employee travelling abroad. Which IPsec Wizard template must the administrator apply?
An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when there is outbound traffic but no response from the peer. Which DPD mode on FortiGate meets this requirement?
A FortiGate firewall policy is configured with active authentication however, the user cannot authenticate when accessing a website. Which protocol must FortiGate allow even though the user cannot authenticate?