Fortinet FCP_FGT_AD-7.4 FCP – FortiGate 7.4 Administrator Online Training
Fortinet FCP_FGT_AD-7.4 Online Training
The questions for FCP_FGT_AD-7.4 were last updated at Mar 01,2025.
- Exam Code: FCP_FGT_AD-7.4
- Exam Name: FCP - FortiGate 7.4 Administrator
- Certification Provider: Fortinet
- Latest update: Mar 01,2025
What does the command diagnose debug fsso-polling refresh-user do?
- A . It refreshes all users learned through agentless polling.
- B . It displays status information and some statistics related to the polls done by FortiGate on each DC.
- C . It refreshes user group information from any servers connected to FortiGate using a collector agent.
- D . It enables agentless polling mode real-time debug.
View the exhibit.
Both VDOMs are operating in NAT/route mode. The subnet 10.0.1.0/24 is connected to VDOM1. The subnet 10.0.2.0/24 is connected to VDOM2. There is an inter-VDOM link between VDOM1 and VDOM2. Also, necessary firewall policies are configured in VDOM1 and VDOM2.
Which two static routes are required in the FortiGate configuration, to route traffic between both subnets through an inter-VDOM link? (Choose two.)
- A . A static route in VDOM1 with the destination subnet matching the subnet assigned to the inter-VDOM link
- B . A static route in VDOM2 for the destination subnet 10.0.1.0/24
- C . A static route in VDOM1 for the destination subnet 10.0.2.0/24
- D . A static route in VDOM2 with the destination subnet matching the subnet assigned to the inter-VDOM link
An administrator configured the antivirus profile in a firewall policy set to flow-based inspection mode. While testing the configuration, the administrator noticed that eicar.com test files can be downloaded using HTTPS protocol only.
What is causing this issue?
- A . Hardware acceleration is in use.
- B . The test file is larger than the oversize limit.
- C . HTTPS protocol is not enabled under Inspected Protocols.
- D . Full SSL inspection is disabled.
An administrator wants to monitor their network for any probing attempts aimed to exploit existing vulnerabilities in their servers.
Which two items must they configure on their FortiGate to accomplish this? (Choose two.)
- A . A web application firewall profile to check protocol constraints
- B . A DoS policy, and log all UDP and TCP scan attempts
- C . An IPS sensor to monitor all signatures applicable to the server
- D . An application control profile, and set all application signatures to monitor
Which three settings and protocols can be used to provide secure and restrictive administrative access to FortiGate? (Choose three.)
- A . SSH
- B . FortiTelemetry
- C . Trusted host
- D . HTTPS
- E . Trusted authentication
Which statement about firewall policy NAT is true?
- A . DNAT is not supported.
- B . DNAT can automatically apply to multiple firewall policies, based on DNAT rules.
- C . You must configure SNAT for each firewall policy.
- D . SNAT can automatically apply to multiple firewall policies, based on SNAT rules.
Which statement about traffic flow in an active-active HA cluster is true?
- A . The SYN packet from the client always arrives at the primary device first.
- B . The secondary device responds to the primary device with a SYN/ACK, and then the primary device forwards the SYN/ACK to the client.
- C . All FortiGate devices are assigned the same virtual MAC addresses for the HA heartbeat interfaces to redistribute to the sessions.
- D . The ACK from the client is received on the physical MAC address of the primary device.
Which two statements about incoming and outgoing interfaces in firewall policies are true? (Choose two.)
- A . Only the "any" interface can be chosen as an incoming interface.
- B . An incoming interface is mandatory in a firewall policy, but an outgoing interface is optional.
- C . Multiple interfaces can be selected as incoming and outgoing interfaces.
- D . A zone can be chosen as the outgoing interface.
View the exhibit.
date=2022-06-14 time=14:45:16 logid=0317013312 type=utm subtype=webfilter eventtype=ftgd_allow level=notice vd="root" policyid=2 identidx=1 sessionid=31232959 user="anonymous" group="ldap_users" srcip=192.168.1.24 srcport=63355 srcintf="port2" dstip=66.171.121.44 dstport=80 dstintf="port1" service="http" hostname="www.fortinet.com" profiletype="Webfilter_Profile" profile="default" status="passthrough" reqtype="direct" url="/" sentbyte=304 rcvdbyte=60135 msg="URL belongs to an allowed category in policy" method=domain class=0 cat=140 catdesc="custom1"
What two things does this raw log indicate? (Choose two.)
- A . FortiGate allowed the traffic to pass.
- B . 192.168.1.24 is the IP address for www.fortinet.com.
- C . The traffic matches the webfilter profile on firewall policy ID 2.
- D . The traffic originated from 66.171.121.44.
Refer to the exhibit.
FortiGate is configured for firewall authentication. When attempting to access an external website, the user is not presented with a login prompt.
What is the most likely reason for this situation?
- A . No matching user account exists for this user.
- B . The user is using a guest account profile.
- C . The user was authenticated using passive authentication.
- D . The user is using a super admin account.
Latest FCP_FGT_AD-7.4 Dumps Valid Version with 200 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
