Fortinet FCSS_EFW_AD-7.4 FCSS – Enterprise Firewall 7.4 Administrator Online Training
Fortinet FCSS_EFW_AD-7.4 Online Training
The questions for FCSS_EFW_AD-7.4 were last updated at Feb 22,2025.
- Exam Code: FCSS_EFW_AD-7.4
- Exam Name: FCSS - Enterprise Firewall 7.4 Administrator
- Certification Provider: Fortinet
- Latest update: Feb 22,2025
Which two statements about application layer test commands are true? (Choose two.)
- A . They are used to filter real-time debugs.
- B . They display real-time application debugs.
- C . Some of them can be used to restart an application.
- D . Some of them display statistics and configuration information about a feature or process.
Refer to the exhibit, which shows the output of a diagnose command.
What can you conclude from the output shown in the exhibit? (Choose two.)
- A . This is a pinhole session created to allow traffic for a protocol that requires additional sessions to operate through FortiGate.
- B . This is an expected session created by the IPS engine.
- C . Traffic in the original direction (coming from the IP address 10.171.121.38) will be routed to the next-hop IP address 10.200.1.1.
- D . Traffic in the original direction (coming from the IP address 10.171.121.38) will be routed to the next-hop IP address 10.0.1.10.
When investigating FortiGuard connectivity issues, which action is a valid troubleshooting step?
- A . Configure a virtual IP to forward port 443 to the FortiGate external IP.
- B . Verify management VDOM internet access.
- C . Use the FortiGuard real-time debug command to verify rating requests.
- D . Verify that DNS requests are being proxied, if auto-update tunneling is enabled.
In which two states is a given session categorized as ephemeral? (Choose two.)
- A . A TCP session waiting to complete the three-way handshake.
- B . A TCP session waiting for FIN ACK.
- C . A UDP session with packets sent and received.
- D . A UDP session with only one packet received.
Refer to the exhibit, which contains the partial output of an IKE real-time debug.
Why did the tunnel not come up?
- A . The pre-shared keys do not match
- B . The remote gateway phase 1 configuration does not match the local gateway phase 1 configuration.
- C . The remote gateway phase 2 configuration does not match the local gateway phase 2 configuration.
- D . The remote gateway is using aggressive mode and the local gateway is configured to use main mode.
Which statement about administrative domains (ADOMs) on FortiManager is true?
- A . The number of configurable ADOMs is based on the FortiManager FortiCare service contract.
- B . The ADOM feature can be enabled by any administrative user.
- C . FortiGate devices with multiple VDOMs must be assigned to the same ADOM on FortiManager.
- D . ADOMs allow grouping of managed devices based on management criteria and administrative access.
Refer to the exhibits.
The exhibits show a network diagram, the output from the command config system ha, and a firewall policy.
What source MAC address does the web server detect when a user accesses it?
- A . The virtual MAC address of FortiGate B.
- B . The physical MAC address of FortiGate B.
- C . The virtual MAC address of FortiGate A.
- D . The physical MAC address of FortiGate A.
Which two statements about the Security Fabric are true? (Choose two.)
- A . Only the root FortiGate collects network information and forwards it to FortiAnalyzer.
- B . Branch FortiGate devices must be configured first.
- C . FortiGate uses FortiTelemetry protocol to communicate with FortiAnalyzer.
- D . All FortiGate devices in the Security Fabric must have bidirectional FortiTelemetry connectivity.
Examine the output from the ‘diagnose debug authd fsso list’ command; then answer the question below.
# diagnose debug authd fsso list–FSSO logons-IP: 192.168.3.1 User: STUDENT Groups:TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB The IP address 192.168.3.1 is NOT the one used by the workstation INTERNAL2. TRAINING. LAB.
What should the administrator check?
- A . The IP address recorded in the logon event for the user STUDENT.
- B . The DNS name resolution for the workstation name INTERNAL2. TRAINING. LAB.
- C . The source IP address of the traffic arriving to the FortiGate from the workstation INTERNAL2. TRAINING. LAB.
- D . The reserve DNS lookup forthe IP address 192.168.3.1.
Four FortiGate devices configured for OSPF connected to the same broadcast domain. The first unit is elected as the designated router.
The second unit is elected as the backup designated router.
Under normal operation, how many OSPF full adjacencies are formed to each of the other two units?
- A . 1
- B . 2
- C . 3
- D . 4
Latest FCSS_EFW_AD-7.4 Dumps Valid Version with 210 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
