FCP_FGT_AD-7.4 by Fortinet Actual Free Exam Questions And Answers

Question 1

A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.
What is the reason for the certificate warning errors?

A. The option invalid SSL certificates is set to allow on the SSL/SSH inspection profile

B. The browser does not trust the certificate used by FortiGate for SSL inspection

C. The certificate used by FortiGate for SSL inspection does not contain the required certificate extensions.

D. The matching firewall policy is set to proxy inspection mode

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 2

Refer to the exhibits, which show a diagram of a FortiGate device connected to the network. VIP object configuration, and the firewall policy configuration.

The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port3) interface has the IP address 10.0.1.254/24.
If the host 10.200.3.1 sends a TCP SYN packet on port 8080 to 10.200.1.10, what will the source address, destination address, and destination port of the packet be at the time FortiGate forwards the packet to the destination?

A. 10.0.1.254, 10.0.1.10, and 80, respectively

B. 10.200.3.1, 10.0.1.10, and 8080, respectively

C. 10.0.1.254, 10.200.1.10, and 8080, respectively

D. 10.200.3.1, 10.0.1.10, and 80, respectively

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 3

Refer to the exhibits.

The SSL VPN connection fails when a user attempts to connect to it.
What should the user do to successfully connect to the SSL VPN?

A. Change the SSL VPN port on the client.

B. Change the SSL VPN portal to the tunnel.

C. Change the idle timeout.

D. Change the server IP address.

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 4

Which two attributes are required on a certificate so it can be used as a CA certificate on SSL inspection? (Choose two.)

A. The CA extension must be set to TRUE

B. The keyUsage extension must be set to keyCertSign

C. The issuer must be a public CA

D. The Authority Key Identifier must be of type SSL

Discussion 0

Correct Answer: A,B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 5

Which inspection mode does FortiGate use for application profiles if it is configured as a profile-based next-generation firewall (NGFW)?

A. Full content inspection

B. Proxy-based inspection

C. Certificate inspection

D. Flow-based inspection

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 6

An employee needs to connect to the office through a high-latency internet connection.
Which SSL VPN setting should the administrator adjust to prevent SSL VPN negotiation failure?

A. SSL VPN login-timeout

B. SSL VPN idle-timeout

C. SSL VPN dtls-hello-timeout

D. SSL VPN session-ttl

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 7

There are multiple dial-up IPsec VPNs configured in aggressive mode on the HQ FortiGate. The requirement is to connect dial-up users to their respective department VPN tunnels.
Which phase 1 setting you can configure to match the user to the tunnel?

A. Dead Peer Detection

B. Local Gateway

C. Peer ID

D. IKE Mode Config

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 8

Refer to the exhibits, which show the system performance output and the default configuration of high memory usage thresholds in a FortiGate.

Based on the system performance output, what can be the two possible outcomes? (Choose two.)

A. FortiGate has entered conserve mode.

B. Administrators can access FortiGate onlythrough the console port.

C. Administrators cannot change the configuration.

D. FortiGate will start sending all files to FortiSandbox for inspection.

Discussion 0

Correct Answer: A,B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 9

Refer to the exhibit.

Review the intrusion prevention system (IPS) profile signature settings shown in the exhibit.
What do you conclude when adding the FTP.Login.Failed signature to the IPS sensor profile?

A. The signature setting uses a custom rating threshold.

B. Traffic matching the signature will be silently dropped and logged.

C. The signature setting includes a group of other signatures.

D. Traffic matching the signature will be allowed and logged.

Discussion 0

Correct Answer: B Vote an answer

Question 10

Which two statements are correct when FortiGate enters conserve mode? (Choose two.)

A. FortiGate continues to transmit packets without IPS inspection when the fail-open global setting in IPS is enabled

B. FortiGate halts complete system operation and requires a reboot to regain available resources

C. FortiGate continues to run critical security actions, such as quarantine.

D. FortiGate refuses to accept configuration changes

Discussion 0

Correct Answer: A,D Vote an answer

Fortinet FCP - FortiGate 7.4 Administrator - FCP_FGT_AD-7.4 Exam Practice Test

Contact Us

Useful Links

Latest Updated