FCP_FGT_AD-7.4 exam

FortiGuard categories can be overridden and defined in different categories. To create a web rating override for the example.com home page, the override must be configured using a specific syntax. Which two syntaxes are correct to configure a web rating override for the home page? (Choose two.) A. www.example.com B....

Which timeout setting can be responsible for deleting SSL VPN associated sessions?A . SSL VPN idle-timeoutB . SSL VPN http-request-body-timeoutC . SSL VPN login-timeoutD . SSL VPN dtls-hello-timeoutView AnswerAnswer: A Explanation: The SSL VPN idle-timeout setting determines how long an SSL VPN session can be inactive before it is terminated....

Refer to the exhibit. Which route will be selected when trying to reach 10.20.30.254? A. 10.20.30.0/24 [10/0] via 172.20.167.254, port3, [1/0] B. 10.30.20.0/24 [10/0] via 172.20.121.2, port1, [1/0] C. 10.20.30.0/26 [10/0] via 172.20.168.254, port2, [1/0] D. 0.0.0.0/0 [10/0] via 172.20.121.2, port1, [1/0]View AnswerAnswer: A Explanation: The correct route to reach...

Which three settings and protocols can be used to provide secure and restrictive administrative access to FortiGate? (Choose three.) A. SSH B. FortiTelemetry C. Trusted host D. HTTPS E. Trusted authenticationView AnswerAnswer: A,C,D Explanation: To provide secure and restrictive administrative access to FortiGate, the following three settings and protocols can...

FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy. Which two other security profiles can you apply to the security policy? (Choose two.) A. Antivirus scanning B. File filter C. DNS filter D. Intrusion preventionView AnswerAnswer: A,D...

Refer to the exhibits. Exhibit A shows a topology for a FortiGate HA cluster that performs proxy-based inspection on traffic. Exhibit B shows the HA configuration and the partial output of the get system ha status command. Based on the exhibits, which two statements about the traffic passing through the...

NGFW mode allows policy-based configuration for most inspection rules. Which security profile's configuration does not change when you enable policy-based inspection?A . Web filteringB . AntivirusC . Web proxyD . Application controlView AnswerAnswer: B Explanation: Antivirus and IPS is enhanced by the IPS Engine, so that is why B is...

An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to the SSL-VPN. How can this be achieved?A . Assigning public IP addresses to SSL-VPN usersB . Configuring web bookmarksC . Disabling split tunnelingD . Using web-only modeView AnswerAnswer: C Explanation: The correct answer...

An administrator needs to increase network bandwidth and provide redundancy. What interface type must the administrator select to bind multiple FortiGate interfaces?A . VLAN interfaceB . Software Switch interfaceC . Aggregate interfaceD . Redundant interfaceView AnswerAnswer: C Explanation: Link aggregation (IEEE 802.3ad) enables you to bind two or more physical...

Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)A . FortiGuard update serversB . System timeC . Operating modeD . NGFW modeView AnswerAnswer: C,D Explanation: C: Operating mode is per-VDOM setting. You can combine transparent mode VDOM's with NAT mode VDOMs on the same...