FCP_FGT_AD-7.4

An administrator has configured central DNAT and virtual IPs. Which item can be selected in the firewall policy Destination field?A . An IP poolB . A VIP objectC . A VIP groupD . The mapped IP address object of the VIP objectView AnswerAnswer: D Explanation: - when central NAT is...

An administrator wants to block https://www.example.com/videos and allow all other URLs on the website. What are two configuration changes that the administrator can make to satisfy the requirement? (Choose two.)A . Configure web override for the URL and select a blocked FortiGuard subcategoryB . Enable full SSL inspectionC . Configure...

View the exhibit. Which two behaviors result from this full (deep) SSL configuration? (Choose two.)A . The browser bypasses all certificate warnings and allows the connection.B . A temporary trusted FortiGate certificate replaces the server certificate, even when the server certificate is untrusted.C . A temporary trusted FortiGate certificate replaces...

What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?A . FortiGate automatically negotiates different local and remote addresses with the remote peer.B . FortiGate automatically negotiates a new security association after the existing security association expires.C . FortiGate automatically negotiates different encryption and...

Which three methods can you use to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.)A . Instant message appB . FortiTokenC . EmailD . Voicemail messageE . SMS text messageView AnswerAnswer: B,C,E Explanation: The three methods that can be used to deliver...

Which two statements about incoming and outgoing interfaces in firewall policies are true? (Choose two.)A . Only the "any" interface can be chosen as an incoming interface.B . An incoming interface is mandatory in a firewall policy, but an outgoing interface is optional.C . Multiple interfaces can be selected as...

View the exhibit. date=2022-06-14 time=14:45:16 logid=0317013312 type=utm subtype=webfilter eventtype=ftgd_allow level=notice vd="root" policyid=2 identidx=1 sessionid=31232959 user="anonymous" group="ldap_users" srcip=192.168.1.24 srcport=63355 srcintf="port2" dstip=66.171.121.44 dstport=80 dstintf="port1" service="http" hostname="www.fortinet.com" profiletype="Webfilter_Profile" profile="default" status="passthrough" reqtype="direct" url="/" sentbyte=304 rcvdbyte=60135 msg="URL belongs to an allowed category in policy" method=domain class=0 cat=140 catdesc="custom1" What two things does this raw log...

An administrator configured the antivirus profile in a firewall policy set to flow-based inspection mode. While testing the configuration, the administrator noticed that eicar.com test files can be downloaded using HTTPS protocol only. What is causing this issue?A . Hardware acceleration is in use.B . The test file is larger...

Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall (NGFW)? (Choose two.) A. Proxy-based inspection B. Certificate inspection C. Flow-based inspection D. Full Content inspectionView AnswerAnswer: A,C Explanation: The two inspection modes that you can use to configure a firewall policy on...

Refer to the exhibits. The exhibits show the firewall policies and the objects used in the firewall policies. The administrator is using the Policy Lookup feature and has entered the search criteria shown in the exhibit. Which policy will be highlighted, based on the input criteria?A . Policy with ID...