Study Online FCP_FGT_AD-7.4 Exam Dumps to Pass

Category:

Comments:

0 Comments

Post Date:

August 25, 2024

FCP_FGT_AD-7.4 dumps questions can help you identify areas where you need to focus your studies. As you answer questions, you will be able to see which topics you are comfortable with and which ones you need to spend more time studying. Fortinet FCP_FGT_AD-7.4 dumps questions provide realistic practice for the certification exam. FCP_FGT_AD-7.4 dumps are designed to simulate the actual exam environment, and they will give you a chance to practice answering questions under time pressure. Study free Fortinet FCP_FGT_AD-7.4 online dumps below.

Page 1 of 8

1. On FortiGate, which type of logs record information about traffic directly to and from the FortiGate management IP addresses?

Forward traffic logs

Local traffic logs

Security logs

System event logs

2. What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

A. It limits the scanning of application traffic to the browser-based technology category only.

B. It limits the scanning of application traffic to the DNS protocol only.

C. It limits the scanning of application traffic to use parent signatures only.

D. It limits the scanning of application traffic to the application category only.

3. Refer to exhibit.

An administrator configured the web filtering profile shown in the exhibit to block access to all social networking sites except Twitter. However, when users try to access twitter.com, they are redirected to a FortiGuard web filtering block page.

Based on the exhibit, which configuration change can the administrator make to allow Twitter while blocking all other social networking sites?

On the FortiGuard Category Based Filter configuration, set Action to Warning for Social Networking.

On the Static URL Filter configuration, set Type to Simple.

On the Static URL Filter configuration, set Action to Exempt.

On the Static URL Filter configuration, set Action to Monitor.

4. Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?

A. Intrusion prevention system engine

B. Detection engine

C. Flow engine

D. Antivirus engine

5. Refer to the exhibits.

Exhibit A.

Exhibit B.

An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).

What must the administrator do to synchronize the address object?

Change the csf setting on Local-FortiGate (root) to set configuration-sync local.

Change the csf setting on ISFW (downstream) to set configuration-sync local.

Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default.

Change the csf setting on ISFW (downstream) to set fabric-object-unification default.

6. An administrator is running the following sniffer command: diagnose sniffer packet any "host 10.0.2.10" 3

What information will be included in the sniffer output? (Choose three.)

IP header

Ethernet header

Packet payload

Application header

Interface name

7. Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)

FortiGuard web filter cache

FortiGate hostname

NTP

DNS

8. Refer to the exhibit.

The exhibit shows the FortiGuard Category Based Filter section of a corporate web filter profile.

An administrator must block access to download.com, which belongs to the Freeware and Software Downloads category. The administrator must also allow other websites in the same category.

What are two solutions for satisfying the requirement? (Choose two.)

Configure a separate firewall policy with action Deny and an FQDN address object for *. download, com as destination address.

Set the Freeware and Software Downloads category Action to Warning

Configure a web override rating for download, com and select Malicious Websites as the subcategory.

Configure a static URL filter entry for download, com with Type and Action set to Wildcard and Block, respectively.

9. An administrator has configured two-factor authentication to strengthen SSL VPN access.

Which additional best practice can an administrator implement?

Configure Source IP Pools

Configure different SSL VPN realms

Configure host check

Configure split tunneling in tunnel mode

10. Refer to the exhibits.

Exhibit A shows system performance output.

Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds.

Based on the system performance output, which two results are correct? (Choose two.)

FortiGate will start sending all files to FortiSandbox for inspection.

FortiGate has entered conserve mode.

Administrators cannot change the configuration.

Administrators can access FortiGate only through the console port.

Page 2 of 8

11. Which two IP pool types are useful for carrier-grade NAT deployments? (Choose two.)

A. Port block allocation

B. Fixed port range

C. One-to-one

D. Overload

12. Refer to the exhibit, which contains a radius server configuration.

An administrator added a configuration for a new RADIUS server. While configuring, the administrator selected the Include in every user group option.

What will be the impact of using Include in every user group option in a RADIUS configuration?

This option places the RADIUS server, and all users who can authenticate against that server, into every FortiGate user group.

This option places all FortiGate users and groups required to authenticate into the RADIUS server, which, in this case, is FortiAuthenticator.

This option places all users into every RADIUS user group, including groups that are used for the LDAP server on FortiGate.

This option places the RADIUS server, and all users who can authenticate against that server, into every RADIUS group.

13. Which additional load balancing method is supported in equal cost multipath (ECMP) load balancing when SD-WAN is enabled?

Volume based

Source-destination IP based

Source IP based

Weight based

14. Which three statements explain a flow-based antivirus profile? (Choose three.)

A. Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection.

B. If a virus is detected, the last packet is delivered to the client.

C. The IPS engine handles the process as a standalone.

D. FortiGate buffers the whole file but transmits to the client at the same time.

E. Flow-based inspection optimizes performance compared to proxy-based inspection.

15. Examine this FortiGate configuration:

Examine the output of the following debug command:

Based on the diagnostic outputs above, how is the FortiGate handling the traffic for new sessions that require inspection?

It is allowed, but with no inspection

It is allowed and inspected as long as the inspection is flow based

It is dropped.

It is allowed and inspected, as long as the only inspection required is antivirus.

16. NGFW mode allows policy-based configuration for most inspection rules.

Which security profile's configuration does not change when you enable policy-based inspection?

Web filtering

Antivirus

Web proxy

Application control

17. Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)

A. For a stronger authentication, you can also enable extended authentication (XAuth) to request the remote peer to provide a username and password.

B. FortiGate supports pre-shared key and signature as authentication methods.

C. Enabling XAuth results in a faster authentication because fewer packets are exchanged.

D. A certificate is not required on the remote peer when you set the signature as the authentication

method.

18. Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?

To remove the NAT operation.

To generate logs

To finish any inspection operations.

To allow for out-of-order packets that could arrive after the FIN/ACK packets.

19. A FortiGate administrator is required to reduce the attack surface on the SSL VPN portal.

Which SSL timer can you use to mitigate a denial of service (DoS) attack?

SSL VPN dcls-hello-timeout

SSL VPN http-request-header-timeout

SSL VPN login-timeout

SSL VPN idle-timeout

20. An administrator has a requirement to keep an application session from timing out on port 80.

What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)

A. Create a new firewall policy with the new HTTP service and place it above the existing HTTP policy.

B. Create a new service object for HTTP service and set the session TTL to never

C. Set the TTL value to never under config system-ttl

D. Set the session TTL on the HTTP policy to maximum

Page 3 of 8

21. Refer to the exhibits.

Exhibit A shows a topology for a FortiGate HA cluster that performs proxy-based inspection on traffic.

Exhibit B shows the HA configuration and the partial output of the get system ha status command.

Based on the exhibits, which two statements about the traffic passing through the cluster are true? (Choose two.)

A. For non-load balanced connections, packets forwarded by the cluster to the server contain the virtual MAC address of port2 as source.

B. The traffic sourced from the client and destined to the server is sent to FGT-1.

C. The cluster can load balance ICMP connections to the secondary.

D. For load balanced connections, the primary encapsulates TCP SYN packets before forwarding them

to the secondary.

22. An administrator wants to monitor their network for any probing attempts aimed to exploit existing vulnerabilities in their servers.

Which two items must they configure on their FortiGate to accomplish this? (Choose two.)

A web application firewall profile to check protocol constraints

A DoS policy, and log all UDP and TCP scan attempts

An IPS sensor to monitor all signatures applicable to the server

An application control profile, and set all application signatures to monitor

23. An administrator has configured outgoing interface any in a firewall policy.

Which statement is true about the policy list view?

Interface Pair view will be disabled.

Search option will be disabled.

Policy lookup will be disabled.

By Sequence view will be disabled.

24. Which statement regarding the firewall policy authentication timeout is true?

A. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP.

B. It is a hard timeout. The FortiGate removes the temporary policy for a user's source IP address after this timer has expired.

C. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source MAC.

D. It is a hard timeout. The FortiGate removes the temporary policy for a user's source MAC address

after this timer has expired.

25. Refer to the exhibit.

The exhibit contains a network diagram, firewall policies, and a firewall address object configuration. An administrator created a Deny policy with default settings to deny Webserver access for Remote-user2. Remote-user2 is still able to access Webserver.

Which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose two.)

Disable match-vip in the Deny policy.

Set the Destination address as Deny_IP in the Allow-access policy.

Enable match-vip in the Deny policy.

Set the Destination address as Web_server in the Deny policy.

26. Which of the following SD-WAN load Cbalancing method use interface weight value to distribute traffic? (Choose two.)

Source IP

Spillover

Volume

Session

27. Which inspection mode does FortiGate use for application profiles if it is configured as a profile-based next-generation firewall (NGFW)?

Full content inspection

Proxy-based inspection

Certificate inspection

Flow-based inspection

28. Refer to the exhibit.

The exhibit shows a FortiGate configuration.

How does FortiGate handle web proxy traffic coming from the IP address 10.2.1.200, that requires authorization?

It always authorizes the traffic without requiring authentication.

It drops the traffic

It authenticates the traffic using the authentication scheme SCHEME2.

It authenticates the traffic using the authentication scheme SCHEME1.

29. A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.

What is the reason for the certificate warning errors?

The option invalid SSL certificates is set to allow on the SSL/SSH inspection profile

The browser does not trust the certificate used by FortiGate for SSL inspection

The certificate used by FortiGate for SSL inspection does not contain the required certificate extensions.

The matching firewall policy is set to proxy inspection mode

30. Which two statements explain antivirus scanning modes? (Choose two.)

In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.

In flow-based inspection mode files bigger than the buffer size are scanned

In proxy-based inspection mode files bigger than the buffer size are scanned

In proxy-based inspection mode antivirus scanning buffers the whole file for scanning, before sending it to the client

Page 4 of 8

31. Refer to the web filter raw logs.

Based on the raw logs shown in the exhibit, which statement is correct?

Access to the social networking web filter category was explicitly blocked to all users.

The action on firewall policy ID 1 is set to warning.

Social networking web filter category is configured with the action set to authenticate.

The name of the firewall policy is all_users_web.

32. An administrator configured a FortiGate to act as a collector for agentless polling mode.

What must the administrator add to the FortiGate device to retrieve AD user group information?

LDAP server

RADIUS server

DHCP server

Windows server

33. Which three statements about SD-WAN zones are true? (Choose three.)

An SD-WAN zone can contain physical and logical interfaces

You can use an SD-WAN zone in static route definitions

You can define up to three SD-WAN zones per FortiGate device

An SD-WAN zone must contains at least two members

An SD-WAN zone is a logical grouping of members

34. What is the primary FortiGate election process when the HA override setting is disabled?

Connected monitored ports > System uptime > Priority > FortiGate Serial number

Connected monitored ports > HA uptime > Priority > FortiGate Serial number

Connected monitored ports > Priority > HA uptime > FortiGate Serial number

Connected monitored ports > Priority > System uptime > FortiGate Serial number

35. Refer to the exhibit.

Given the interfaces shown in the exhibit, which two statements are true? (Choose two.)

A. Traffic between port2 and port2-vlan1 is allowed by default.

B. port1-vlan10 and port2-vlan10 are part of the same broadcast domain.

C. port1-vlan1 and port2-vlan1 can be assigned in the same VDOM or to different VDOMs.

D. port1 is a native VLAN.

36. Which timeout setting can be responsible for deleting SSL VPN associated sessions?

SSL VPN idle-timeout

SSL VPN http-request-body-timeout

SSL VPN login-timeout

SSL VPN dtls-hello-timeout

37. Refer to the exhibit.

The global settings on a FortiGate device must be changed to align with company security policies.

What does the Administrator account need to access the FortiGate global settings?

Enable restrict access to trusted hosts

Change password

Enable two-factor authentication

Change Administrator profile

38. Refer to the exhibit, which contains a session list output.

Based on the information shown in the exhibit, which statement is true?

Port block allocation IP pool is used in the firewall policy

Destination NAT is disabled in the firewall policy

Overload NAT IP pool is used in the firewall policy

One-to-one NAT IP pool is used in the firewall policy

39. Which three strategies are valid SD-WAN rule strategies for member selection? (Choose three.)

Manual with load balancing

Lowest Cost (SLA) with load balancing

Best Quality with load balancing

Lowest Quality (SLA) with load balancing

Lowest Cost (SLA) without load balancing

40. Which statement is correct regarding the inspection of some of the services available by web applications embedded in third-party websites?

The security actions applied on the web applications will also be explicitly applied on the third-party websites.

The application signature database inspects traffic only from the original web application server.

FortiGuard maintains only one signature of each web application that is unique.

FortiGate can inspect sub-application traffic regardless where it was originated.

Page 5 of 8

41. Refer to the exhibit showing a debug flow output.

What two conclusions can you make from the debug flow output? (Choose two.)

The debug flow is for ICMP traffic.

The default route is required to receive a reply.

A new traffic session was created.

A firewall policy allowed the connection.

42. Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

A. FortiSIEM

B. FortiCloud

C. FortiCache

D. FortiSandbox

E. FortiAnalyzer

43. Which two actions can you perform only from the root FortiGate in a Security Fabric? (Choose two.)

A. Shut down/reboot a downstream FortiGate device.

B. Disable FortiAnalyzer logging for a downstream FortiGate device.

C. Log in to a downstream FortiSwitch device.

D. Ban or unban compromised hosts.

44. Refer to the exhibit.

FortiGate is configured for firewall authentication. When attempting to access an external website, the user is not presented with a login prompt.

What is the most likely reason for this situation?

No matching user account exists for this user.

The user is using a guest account profile.

The user was authenticated using passive authentication.

The user is using a super admin account.

45. View the exhibit.

A user at 192.168.32.15 is trying to access the web server at 172.16.32.254.

Which two statements best describe how the FortiGate will perform reverse path forwarding (RPF)

checks on this traffic? (Choose two.)

Strict RPF check will deny the traffic.

Loose RPF check will allow the traffic.

Strict RPF check will allow the traffic.

Loose RPF check will deny the traffic.

46. FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy.

Which two other security profiles can you apply to the security policy? (Choose two.)

A. Antivirus scanning

B. File filter

C. DNS filter

D. Intrusion prevention

47. Refer to the exhibits.

The SSL VPN connection fails when a user attempts to connect to it.

What should the user do to successfully connect to the SSL VPN?

Change the SSL VPN portal to the tunnel.

Change the idle timeout.

Change the server IP address.

Change the SSL VPN port on the client.

48. How can you disable RPF checking?

Disable src-check on the interface level settings

Unset fail-alert-interfaces on the interface level settings.

Disable fail-detect on the interface level settings.

Disable strict-src-check under system settings.

49. When FortiGate performs SSL/SSH full inspection, you can decide how it should react when it detects an invalid certificate.

Which three actions are valid actions that FortiGate can perform when it detects an invalid certificate? (Choose three.)

Allow & Warning

Trust & Allow

Allow

Block & Warning

Block

50. Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)

FortiGate uses the AD server as the collector agent

FortiGate uses the SMB protocol to read the event viewer logs from the DCs

FortiGate points the collector agent to use a remote LDAP server

FortiGate queries AD by using the LDAP to retrieve user group information

Page 6 of 8

51. Which two attributes are required on a certificate so it can be used as a CA certificate on SSL inspection? (Choose two.)

The keyUsage extension must be set to keyCertSign.

The CA extension must be set to TRU

The issuer must be a public C

The common name on the subject field must use a wildcard name.

52. What does the command diagnose debug fsso-polling refresh-user do?

It refreshes all users learned through agentless polling.

It displays status information and some statistics related to the polls done by FortiGate on each D

It refreshes user group information from any servers connected to FortiGate using a collector agent.

It enables agentless polling mode real-time debug.

53. Refer to the exhibit to view the application control profile.

Based on the configuration, what will happen to Apple FaceTime?

Apple FaceTime will be allowed, based on the Apple filter configuration.

Apple FaceTime will be allowed, based on the Categories configuration.

Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration.

Apple FaceTime will be allowed only if the filter in Application and Filter Overrides is set to Learn.

54. Which security fabric feature causes an event trigger to monitor the network when a threat is detected?

Security rating

Optimization

Automation stiches

Fabric connectors

55. When configuring a firewall virtual wire pair policy, which following statement is true?

Any number of virtual wire pairs can be included, as long as the policy traffic direction is the same.

Only a single virtual wire pair can be included in each policy.

Any number of virtual wire pairs can be included in each policy, regardless of the policy traffic direction settings.

Exactly two virtual wire pairs need to be included in each policy.

56. An administrator has configured a strict RPF check on FortiGate.

How does strict RPF check work?

Strict RPF allows packets back to sources with all active routes.

Strict RPF checks the best route back to the source using the incoming interface.

Strict RPF checks only for the existence of at least one active route back to the source using the incoming interface.

Strict RPF check is run on the first sent and reply packet of any new session.

57. Refer to the exhibit.

The exhibit shows the IPS sensor configuration.

If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)

A. The sensor will allow attackers matching the NTP.Spoofed.KoD.DoS signature.

B. The sensor will block all attacks aimed at Windows servers.

C. The sensor will reset all connections that match these signatures.

D. The sensor will gather a packet log for all matched traffic.

58. Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)

FortiGuard update servers

System time

Operating mode

NGFW mode

59. Refer to the exhibits.

Change the csf setting on Local-FortiGate (root) to sec fabric-object-unification default.

Change the csf setting on both devices to sec downscream-access enable.

Change the csf setting on ISFW (downstream) to sec auchorizacion-requesc-cype certificace.

Change the csf setting on ISFW (downstream) to sec configuration-sync local.

60. Refer to the exhibits.

The exhibits show a firewall policy (Exhibit A) and an antivirus profile (Exhibit B).

Why is the user unable to receive a block replacement message when downloading an infected file for the first time?

The volume of traffic being inspected is too high for this model of FortiGate.

The intrusion prevention security profile needs to be enabled when using flow-based inspection mode.

The firewall policy performs the full content inspection on the file.

The flow-based inspection is used, which resets the last packet to the user.

Page 7 of 8

61. A network administrator is configuring an IPsec VPN tunnel for a sales employee travelling abroad.

Which IPsec Wizard template must the administrator apply?

Remote Access

Site to Site

Dial up User

iHub-and-Spoke

62. How do you format the FortiGate flash disk?

Load the hardware test (HQIP) image.

Select the format boot device option from the BIOS menu.

Load a debug FortiOS image.

Execute the CLI command execute formatlogdisk.

63. An organization's employee needs to connect to the office through a high-latency internet connection.

Which SSL VPN setting should the administrator adjust to prevent the SSL VPN negotiation failure?

Change the session-ttl.

Change the login-timeout.

Change the idle-timeout.

Change the udp-idle-timer.

64. How does FortiGate act when using SSL VPN in web mode?

FortiGate acts as an FDS server.

FortiGate acts as an HTTP reverse proxy.

FortiGate acts as DNS server.

FortiGate acts as router.

65. Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall (NGFW)? (Choose two.)

A. Proxy-based inspection

B. Certificate inspection

C. Flow-based inspection

D. Full Content inspection

66. Which two statements are correct when FortiGate enters conserve mode? (Choose two.)

FortiGate halts complete system operation and requires a reboot to regain available resources

FortiGate refuses to accept configuration changes

FortiGate continues to run critical security actions, such as quarantine.

FortiGate continues to transmit packets without IPS inspection when the fail-open global setting in IPS is enabled

67. Refer to the exhibit.

FortiGate has two separate firewall policies for Sales and Engineering to access the same web server with the same security profiles.

Which action must the administrator perform to consolidate the two policies into one?

Enable Multiple Interface Policies to select port1 and port2 in the same firewall policy

Create an Interface Group that includes port1 and port2 to create a single firewall policy

Select port1 and port2 subnets in a single firewall policy.

Replace port1 and port2 with the any interface in a single firewall policy.

68. Refer to the exhibit.

The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address.

An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies. The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication.

How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.0.1.10 to the destination http:// www.fortinet.com? (Choose three.)

If a Mozilla Firefox browser is used with User-B credentials, the HTTP request will be allowed.

If a Google Chrome browser is used with User-B credentials, the HTTP request will be allowed.

If a Mozilla Firefox browser is used with User-A credentials, the HTTP request will be allowed.

If a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed.

If a Mozilla Firefox browser is used with User-C credentials, the HTTP request will be denied.

69. An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSUTLS connection.

Which FortiGate configuration can achieve this goal?

SSL VPN quick connection

SSL VPN tunnel

SSL VPN bookmark

Zero trust network access

70. Which method allows management access to the FortiGate CLI without network connectivity?

SSH console

CLI console widget

Serial console

Telnet console

Page 8 of 8

71. FortiGate is integrated with FortiAnalyzer and FortiManager.

When a firewall policy is created, which attribute is added to the policy to improve functionality and to support recording logs to FortiAnalyzer or FortiManager?

Log ID

Policy ID

Sequence ID

Universally Unique Identifier

72. Refer to the exhibits.

The exhibits contain a network diagram, and virtual IP, IP pool, and firewall policies configuration information.

The WAN (port1) interface has the IP address 10.200.1.1/24.

The LAN (port3) interface has the IP address 10.0.1.254/24.

The first firewall policy has NAT enabled using IP pool.

The second firewall policy is configured with a VIP as the destination address.

Which IP address will be used to source NAT (SNAT) the internet traffic coming from a workstation with the IP address 10.0.1.10?

10.200.1.1

10.0.1.254

10.200.1.10

10.200.1.100

73. Refer to the exhibits.

The exhibits show a diagram of a FortiGate device connected to the network, as well as the firewall policy and IP pool configuration on the FortiGate device.

Two PCs, PC1 and PC2, are connected behind FortiGate and can access the internet successfully. However, when the administrator adds a third PC to the network (PC3), the PC cannot connect to the internet.

Based on the information shown in the exhibit, which two configuration options can the administrator use to fix the connectivity issue for PC3? (Choose two.)

A. In the firewall policy configuration, add 10. o. l. 3 as an address object in the source field.

B. In the IP pool configuration, set endig to 192.2.0.12.

C. Configure another firewall policy that matches only the address of PC3 as source, and then place the policy on top of the list.

D. In the IP pool configuration, set cype to overload.

74. An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings.

What is true about the DNS connection to a FortiGuard server?

It uses UDP 8888.

It uses DNS over HTTP

It uses DNS over TL

It uses UDP 53.

75. Refer to the exhibit.

In the network shown in the exhibit, the web client cannot connect to the HTTP web server.

The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.

What should the administrator do next to troubleshoot the problem?

Run a sniffer on the web server.

Capture the traffic using an external sniffer connected to port1.

Execute another sniffer in the FortiGate, this time with the filter “host 10.0.1.10”

Execute a debug flow.

76. Refer to the exhibits.

An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).

What must the administrator do to synchronize the address object?

Change the csf setting on ISFW (downstream) to set configuration-sync local.

Change the csf setting on ISFW (downstream) to set authorization-request-type certificate.

Change the csf setting on both devices to set downstream-access enable.

Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default.

77. An administrator must enable a DHCP server on one of the directly connected networks on FortiGate. However, the administrator is unable to complete the process on the GUI to enable the service on the interface.

In this scenario, what prevents the administrator from enabling DHCP service?

The role of the interface prevents setting a DHCP server.

The DHCP server setting is available only on the CL

Another interface is configured as the only DHCP server on FortiGate.

The FortiGate model does not support the DHCP server.

78. Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)

Firewall policy

Policy rule

Security policy

SSL inspection and authentication policy

79. Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)

A. hard-timeout

B. auth-on-demand

C. soft-timeout

D. new-session

E. Idle-timeout

TAGS:

FCP_FGT_AD-7.4, FCP_FGT_AD-7.4 exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Get FCP_FGT_AD-7.4 Dumps Full Version

Q&As: 260
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

Study Online FCP_FGT_AD-7.4 Exam Dumps to Pass

Related

Posts

Test Online NSE7_SDW-7.2 Dumps Questions to Be Certified

FCP_ZCS_AD-7.4 Dumps Help You Study Objectives

Improve Your Knowledge with FCSS_NST_SE-7.4 Exam Dumps

Online FCP_FAZ_AD-7.4 Dumps Help You Understand Questions Well

About Us

EMAIL

Services

Opening Hours