FCP_FGT_AD-7.4 Exam Questions
92 real FCP_FGT_AD-7.4 exam questions with expert-verified answers and explanations. Page 1 of 2.
- Question #1
Which inspection mode does FortiGate use for application profiles if it is configured as a profile- based next-generation firewall (NGFW)?
- Question #2
Refer to the exhibit showing a FortiGuard connection debug output. Based on the output, which two facts does the administrator know about the FortiGuard connection? (Choose two.)
- Question #3
Refer to the exhibit. Why did FortiGate drop the packet?
- Question #4
An administrator must enable a DHCP server on one of the directly connected networks on FortiGate. However, the administrator is unable to complete the process on the GUI to enable...
- Question #5
Refer to the exhibit. Review the intrusion prevention system (IPS) profile signature settings shown in the exhibit. What do you conclude when adding the FTP.Login.Failed signature...
- Question #6
The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. Which order must FortiGate use when the web filt...
- Question #7
FortiGate is integrated with FortiAnalyzer and FortiManager. When a firewall policy is created, which attribute is added to the policy to improve functionality and to support recor...
- Question #8
An administrator configured a FortiGate to act as a collector for agentless polling mode. What must the administrator add to the FortiGate device to retrieve AD user group informat...
- Question #9
An administrator manages a FortiGate model that supports NTurbo. How does NTurbo enhance performance for flow-based inspection?
- Question #10
Refer to the exhibit. FortiGate has two separate firewall policies for Sales and Engineering to access the same web server with the same security profiles. Which action must the ad...
- Question #11
Refer to the exhibit, which shows a partial configuration from the remote authentication server. Why does the FortiGate administrator need this configuration?
- Question #12
Refer to the exhibits. The exhibits show a diagram of a FortiGate device connected to the network, as well as the IP pool configuration and firewall policy objects. The WAN (port1)...
- Question #13
Refer to the exhibit. A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 failed to come up. The...
- Question #14
A network administrator has configured an SSL/SSH inspection profile defined for full SSL inspection and set with a private CA certificate. The firewall policy that allows the traf...
- Question #15
Refer to the exhibit. FortiGate is configured for firewall authentication. When attempting to access an external website, the user is not presented with a login prompt. What is the...
- Question #16
Which three methods are used by the collector agent for AD polling? (Choose three.)
- Question #17
Which two statements about equal-cost multi-path (ECMP) configuration on FortiGate are true? (Choose two.)
- Question #18
What are two features of collector agent advanced mode? (Choose two.)
- Question #19
An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings. What is true about the DNS connection to a FortiGuard server?
- Question #20
Refer to the exhibits, which show the firewall policy and an antivirus profile configuration. Why is the user unable to receive a block replacement message when downloading an infe...
- Question #21
Refer to the exhibits. FGT-1 and FGT-2 are updated with HA configuration commands shown in the exhibit. What would be the expected outcome in the HA cluster?
- Question #22
Refer to the exhibits. The exhibits show a diagram of a FortiGate device connected to the network, and the firewall configuration. An administrator created a Deny policy with defau...
- Question #23
Refer to the exhibit. Which two statements are true about the routing entries in this database table? (Choose two.)
- Question #24
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
- Question #25
Refer to the exhibit. Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?
- Question #26
A network administrator is configuring an IPsec VPN tunnel for a sales employee travelling abroad. Which IPsec Wizard template must the administrator apply?
- Question #27
Refer to the exhibits, which show the system performance output and the default configuration of high memory usage thresholds in a FortiGate. Based on the system performance output...
- Question #28
Refer to the exhibits. The exhibits show a diagram of a FortiGate device connected to the network, as well as the firewall policy and IP pool configuration on the FortiGate device....
- Question #29
Which method allows management access to the FortiGate CLI without network connectivity?
- Question #30
Refer to the exhibit. In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the...
- Question #31
Refer to the exhibit. The exhibit shows the FortiGuard Category Based Filter section of a corporate web filter profile. An administrator must block access to download.com, which be...
- Question #32
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes. All traffic must be routed through the primary tu...
- Question #33
Refer to the exhibit. Which statement about this firewall policy list is true?
- Question #34
Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI. Based on the exhibit, which statement is true?
- Question #35
Which two statements describe how the RPF check is used? (Choose two.)
- Question #36
Which three strategies are valid SD-WAN rule strategies for member selection? (Choose three.)
- Question #37
Which two features of IPsec IKEv1 authentication are supported by FortiGate? (Choose two.)
- Question #38
Which two statements are true regarding FortiGate HA configuration synchronization? (Choose two.)
- Question #39
What are two features of the NGFW profile-based mode? (Choose two.)
- Question #40
Refer to the exhibit to view the firewall policy. Why would the firewall policy not block a well-known virus, for example eicar?
- Question #41
Refer to the exhibits. The exhibits show the application sensor configuration and the Excessive- Bandwidth and Apple filter details. Based on the configuration, what will happen to...
- Question #42
An employee needs to connect to the office through a high-latency internet connection. Which SSL VPN setting should the administrator adjust to prevent SSL VPN negotiation failure?
- Question #43
When FortiGate performs SSL/SSH full inspection, you can decide how it should react when it detects an invalid certificate. Which three actions are valid actions that FortiGate can...
- Question #44
Refer to the exhibit, which shows the IPS sensor configuration. If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)
- Question #45
Which statement is a characteristic of automation stitches?
- Question #46
What is the primary FortiGate election process when the HA override setting is disabled?
- Question #47
Which two settings are required for SSL VPN to function between two FortiGate devices? (Choose two.)
- Question #48
Which FortiGate feature sends real-time queries to the FortiGuard Distribution Network (FDN)?
- Question #49
Which FortiGate interface does source device type enable device detection on?
- Question #50
What criteria does FortiGate use to match traffic to a firewall policy? (Choose two.)