FCP_FGT_AD-7.4 Exam Questions

Which two statements explain antivirus scanning modes? (Choose two.)

Refer to the exhibits, which show the firewall policy and the security profile for Facebook. Users are given access to the Facebook web application. They can play video content hos...

Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?

A FortiGate administrator is required to reduce the attack surface on the SSL VPN portal. Which SSL timer can you use to mitigate a denial of service (DoS) attack?

A FortiGate firewall policy is configured with active authentication however, the user cannot authenticate when accessing a website. Which protocol must FortiGate allow even though...

Refer to exhibit. An administrator configured the web filtering profile shown in the exhibit to block access to all social networking sites except Twitter. However, when users try...

There are multiple dial-up IPsec VPNs configured in aggressive mode on the HQ FortiGate. The requirement is to connect dial-up users to their respective department VPN tunnels. Whi...

Which three CLI commands, can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)

An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when there is outboun...

Which two statements are correct when FortiGate enters conserve mode? (Choose two.)

Which statement is correct regarding the use of application control for inspecting web applications?

What are three key routing principles in SD-WAN? (Choose three.)

Refer to the exhibits, which show a diagram of a FortiGate device connected to the network. VIP object configuration, and the firewall policy configuration. The WAN (port1) interfa...

Which two attributes are required on a certificate so it can be used as a CA certificate on SSL inspection? (Choose two.)

Refer to the exhibit showing a debug flow output. What two conclusions can you make from the debug flow output? (Choose two.)

Which three statements explain a flow-based antivirus profile? (Choose three.)

Which two statements are true about the FGCP protocol? (Choose two.)

Refer to the exhibit which contains a RADIUS server configuration. An administrator added a configuration for a new RADIUS server. While configuring, the administrator selected the...

Which statement about the deployment of the Security Fabric in a multi-VDOM environment is true?

Refer to the exhibit. The administrator configured SD-WAN rules and set the FortiGate traffic log page to display SD- WAN- specific columns: SD-WAN Quality and SD-WAN Rule Name. Fo...

FortiGuard categories can be overridden and defined in different categories. To create a web rating override for the example.com home page the override must be configured using a s...

An administrator has configured the following settings: config system settings set ses-denied-traffic enable end config system global set block-session-timer 30 end What are the tw...

Refer to the exhibit. The exhibit shows a diagram of a FortiGate device connected to the network, the firewall policy and VIP configuration on the FortiGate device, and the routing...

An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSUTLS connection. Which FortiGate configuration ca...

Which three statements about SD-WAN zones are true? (Choose three.)

An administrator has configured a strict RPF check on FortiGate. How does strict RPF check work?

A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visit...

Refer to the exhibit. The NOC team connects to the FortiGate GUI with the NOC_Access admin profile. They request that their GUI sessions do not disconnect too early during inactivi...

A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy. When downloading an EICAR test file through HTTP, FortiGate detects the virus...

Refer to the exhibit. Examine the intrusion prevention system (IPS) diagnostic command shown in the exhibit. If option 5 is used with the IPS diagnostic command and the outcome is...

How can you disable RPF checking?

An administrator is configuring an IPsec VPN between site A and site . The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quic...

FortiGate is operating in NAT mode and has two physical interfaces connected to the LAN and DMZ networks respectively. Which two statements are true about the requirements of conne...

Which two pieces of information are synchronized between FortiGate HA members? (Choose two.)

Refer to the exhibit. Based on the routing database shown in the exhibit which two conclusions can you make about the routes? (Choose two.)

What are two features of FortiGate FSSO agentless polling mode? (Choose two.)

Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

Refer to the exhibits. An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not avail...

Refer to the exhibits. The SSL VPN connection fails when a user attempts to connect to it. What should the user do to successfully connect to the SSL VPN?

Refer to the exhibits. The exhibits show a diagram of a FortiGate device connected to the network, and the firewall policies configuration, VIP configuration, and IP pool configura...

Refer to the exhibits. The exhibits show a diagram of a FortiGate device connected to the network, VIP configuration, firewall policy, and the sniffer CLI output on the FortiGate d...

Refer to the exhibit. A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phas...