Fortinet FCP_FGT_AD-7.4 FCP – FortiGate 7.4 Administrator Online Training
Fortinet FCP_FGT_AD-7.4 Online Training
The questions for FCP_FGT_AD-7.4 were last updated at Mar 01,2025.
- Exam Code: FCP_FGT_AD-7.4
- Exam Name: FCP - FortiGate 7.4 Administrator
- Certification Provider: Fortinet
- Latest update: Mar 01,2025
A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service.
Which type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?
- A . Pre-shared key
- B . Dialup user
- C . Dynamic DNS
- D . Static IP address
Which timeout setting can be responsible for deleting SSL VPN associated sessions?
- A . SSL VPN idle-timeout
- B . SSL VPN http-request-body-timeout
- C . SSL VPN login-timeout
- D . SSL VPN dtls-hello-timeout
Which statement is correct regarding the use of application control for inspecting web applications?
- A . Application control can identify child and parent applications, and perform different actions on them.
- B . Application control signatures are organized in a nonhierarchical structure.
- C . Application control does not require SSL inspection to identify web applications.
- D . Application control does not display a replacement message for a blocked web application.
A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and does not block the file, allowing it to be downloaded.
The administrator confirms that the traffic matches the configured firewall policy.
What are two reasons for the failed virus detection by FortiGate? (Choose two.)
- A . The website is exempted from SSL inspection.
- B . The EICAR test file exceeds the protocol options oversize limit.
- C . The selected SSL inspection profile has certificate inspection enabled.
- D . The browser does not trust the FortiGate self-signed CA certificate.
Refer to the exhibits.
Exhibit A shows a topology for a FortiGate HA cluster that performs proxy-based inspection on traffic.
Exhibit B shows the HA configuration and the partial output of the get system ha status command.
Based on the exhibits, which two statements about the traffic passing through the cluster are true? (Choose two.)
- A . For non-load balanced connections, packets forwarded by the cluster to the server contain the virtual MAC address of port2 as source.
- B . The traffic sourced from the client and destined to the server is sent to FGT-1.
- C . The cluster can load balance ICMP connections to the secondary.
- D . For load balanced connections, the primary encapsulates TCP SYN packets before forwarding them
to the secondary.
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL inspection? (Choose two.)
- A . The keyUsage extension must be set to keyCertSign.
- B . The CA extension must be set to TRUE.
- C . The issuer must be a public CA.
- D . The common name on the subject field must use a wildcard name.
Which two configuration settings are global settings? (Choose two.)
- A . User & Device settings
- B . Firewall policies
- C . HA settings
- D . FortiGuard settings
Which additional load balancing method is supported in equal cost multipath (ECMP) load balancing when SD-WAN is enabled?
- A . Volume based
- B . Source-destination IP based
- C . Source IP based
- D . Weight based
Examine the exhibit, which shows a firewall policy configured with multiple security profiles.
Which two security profiles are handled by the IPS engine? (Choose two.)
- A . Web Filter
- B . IPS
- C . AntiVirus
- D . Application Control
Which two statements correctly describe the differences between IPsec main mode and IPsec aggressive mode? (Choose two.)
- A . The first packet of aggressive mode contains the peer ID, while the first packet of main mode does not.
- B . Main mode cannot be used for dialup VPNs, while aggressive mode can.
- C . Aggressive mode supports XAuth, while main mode does not.
- D . Six packets are usually exchanged during main mode, while only three packets are exchanged during aggressive mode.
Latest FCP_FGT_AD-7.4 Dumps Valid Version with 200 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
