ExamGecko
Search Search Login
Home Home / Fortinet / FCP_FGT_AD-7.4

Fortinet FCP_FGT_AD-7.4 Practice Test - Questions Answers, Page 9

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibits. FGT-1 and FGT-2 are updated with HA configuration commands shown in the exhibit. What would be the expected outcome in the HA cluster?
Which three methods are used by the collector agent for AD polling? (Choose three.)
Refer to the exhibits. The exhibits show a diagram of a FortiGate device connected to the network, and the firewall configuration. An administrator created a Deny policy with default settings to deny Webserver access for Remote-User2. The policy should work such that Remote-User1 must be able to access the Webserver while preventing Remote-User2 from accessing the Webserver. Which two configuration changes can the administrator make to the policy to deny Webserver access for Remote-User2? (Choose two.)
Which two statements about equal-cost multi-path (ECMP) configuration on FortiGate are true? (Choose two.)
An administrator configured a FortiGate to act as a collector for agentless polling mode. What must the administrator add to the FortiGate device to retrieve AD user group information?
Refer to the exhibit, which shows a partial configuration from the remote authentication server. Why does the FortiGate administrator need this configuration?
Which three strategies are valid SD-WAN rule strategies for member selection? (Choose three.)
A network administrator is configuring an IPsec VPN tunnel for a sales employee travelling abroad. Which IPsec Wizard template must the administrator apply?
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes. All traffic must be routed through the primary tunnel when both tunnels are up. The secondary tunnel must be used only if the primary tunnel goes down. In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover. Which two key configuration changes must the administrator make on FortiGate to meet the requirements? (Choose two.)
Which method allows management access to the FortiGate CLI without network connectivity?

Question 81

Report
Export
Collapse

Refer to the exhibits.

An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).

What must the administrator do to synchronize the address object?

A.

Change the csf setting on Local-FortiGate (root) to sec fabric-object-unification default.

A.

Change the csf setting on Local-FortiGate (root) to sec fabric-object-unification default.

Answers
B.

Change the csf setting on both devices to sec downscream-access enable.

B.

Change the csf setting on both devices to sec downscream-access enable.

Answers
C.

Change the csf setting on ISFW (downstream) to sec auchorizacion-requesc-cype certificace.

C.

Change the csf setting on ISFW (downstream) to sec auchorizacion-requesc-cype certificace.

Answers
D.

Change the csf setting on ISFW (downstream) to sec configuration-sync local.

D.

Change the csf setting on ISFW (downstream) to sec configuration-sync local.

Answers
Suggested answer: A

Explanation:

The current setting for the root FortiGate (Local-FortiGate) is fabric-object-unification local, which means that new address objects are not shared across the security fabric. Changing this setting to fabric-object-unification default will allow address objects to be synchronized and shared with downstream devices like the ISFW.

Question 82

Report
Export
Collapse

Refer to the exhibits.

The SSL VPN connection fails when a user attempts to connect to it.

What should the user do to successfully connect to the SSL VPN?

A.

Change the SSL VPN portal to the tunnel.

A.

Change the SSL VPN portal to the tunnel.

Answers
B.

Change the idle timeout.

B.

Change the idle timeout.

Answers
C.

Change the server IP address.

C.

Change the server IP address.

Answers
D.

Change the SSL VPN port on the client.

D.

Change the SSL VPN port on the client.

Answers
Suggested answer: D

Explanation:

The SSL VPN is configured to listen on port 11443 on the FortiGate device, as shown in the SSL VPN settings in the exhibit. However, the user is attempting to connect to the server using port 1443, as displayed in the VPN connection status. The mismatch between the ports is causing the connection failure. To resolve this, the user should change the client configuration to use port 11443 to match the FortiGate SSL VPN configuration.


Question 83

Report
Export
Collapse

Which statement is correct regarding the use of application control for inspecting web applications?

A.

Application control can identify child and parent applications, and perform different actions on them

A.

Application control can identify child and parent applications, and perform different actions on them

Answers
B.

Application control signatures are included in Fortinet Antivirus engine

B.

Application control signatures are included in Fortinet Antivirus engine

Answers
C.

Application control does not display a replacement message for a blocked web application

C.

Application control does not display a replacement message for a blocked web application

Answers
D.

Application control does not require SSL Inspection to Identity web applications

D.

Application control does not require SSL Inspection to Identity web applications

Answers
Suggested answer: A

Explanation:

FortiGate's application control can differentiate between parent and child applications and allows administrators to configure distinct actions for each. For example, it can identify Facebook (parent application) and specific functions within it (child applications) like Facebook video or chat, enabling more granular control over application traffic.

Question 84

Report
Export
Collapse

Which two statements are true about the FGCP protocol? (Choose two.)

A.

FGCP is not used when FortiGate is in transparent mode

A.

FGCP is not used when FortiGate is in transparent mode

Answers
B.

FGCP elects the primary FortiGate device

B.

FGCP elects the primary FortiGate device

Answers
C.

FGCP is used to discover FortiGate devices in different HA groups

C.

FGCP is used to discover FortiGate devices in different HA groups

Answers
D.

FGCP runs only over the heartbeat links

D.

FGCP runs only over the heartbeat links

Answers
Suggested answer: B, D

Explanation:

FGCP elects the primary FortiGate device

FGCP is responsible for electing the primary (active) device in a FortiGate HA (High Availability) cluster, ensuring proper role assignment between the primary and secondary devices.

FGCP runs only over the heartbeat links

FGCP runs over the dedicated heartbeat links between FortiGate devices in the HA cluster, ensuring synchronization and communication between the devices for failover and redundancy purposes.

Question 85

Report
Export
Collapse

Refer to the exhibit which contains a RADIUS server configuration.

An administrator added a configuration for a new RADIUS server. While configuring, the administrator selected the Include in every user group option.

What is the impact of using the Include in every user group option in a RADIUS configuration?

A.

This option places the RADIUS server, and all users who can authenticate against that server, into every FortiGate user group

A.

This option places the RADIUS server, and all users who can authenticate against that server, into every FortiGate user group

Answers
B.

This option places all users into even/ RADIUS user group, including groups that are used for the LDAP server on FortiGate

B.

This option places all users into even/ RADIUS user group, including groups that are used for the LDAP server on FortiGate

Answers
C.

This option places all FortiGate users and groups required to authenticate into the RADIUS server, which, in this case is FortiAuthenticator

C.

This option places all FortiGate users and groups required to authenticate into the RADIUS server, which, in this case is FortiAuthenticator

Answers
D.

This option places the RADIUS server, and all users who can authenticate against that server, into every RADIUS group

D.

This option places the RADIUS server, and all users who can authenticate against that server, into every RADIUS group

Answers
Suggested answer: A

Explanation:

By selecting the 'Include in every user group' option in the RADIUS configuration, FortiGate automatically includes this RADIUS server as an authentication source for all user groups. This means any user group configured on the FortiGate will authenticate using this RADIUS server, allowing users to authenticate against the server for any group they belong to.

Question 86

Report
Export
Collapse

Which statement about the deployment of the Security Fabric in a multi-VDOM environment is true?

A.

Downstream devices can connect to the upstream device from any of their VDOMs

A.

Downstream devices can connect to the upstream device from any of their VDOMs

Answers
B.

Each VDOM in the environment can be part of a different Security Fabric

B.

Each VDOM in the environment can be part of a different Security Fabric

Answers
C.

VDOMs without ports with connected devices are not displayed in the topology

C.

VDOMs without ports with connected devices are not displayed in the topology

Answers
D.

Security rating reports can be run individually for each configured VDOM

D.

Security rating reports can be run individually for each configured VDOM

Answers
Suggested answer: B

Explanation:

In a multi-VDOM environment, each VDOM can be treated as an independent virtual firewall, and each VDOM can belong to a separate Security Fabric. This allows administrators to configure and manage separate Security Fabrics for different VDOMs, providing flexibility in managing security policies and fabric connections across virtual domains.

Total 86 questions
Go to page: of 9
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms