FCP_FGT_AD-7.4 exam

Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.) A. The subject field in the server certificate B. The serial number in the server certificate C. The server name indication (SNI) extension in the client...

Which two statements about FortiGate antivirus databases are true? (Choose two.)A . The quick scan database is part of the normal database.B . The extreme database is available only on certain FortiGate models.C . The extended database is available on all FortiGate models.D . The extended database is available only...

Refer to the exhibit showing a debug flow output. What two conclusions can you make from the debug flow output? (Choose two.)A . The debug flow is for ICMP traffic.B . The default route is required to receive a reply.C . A new traffic session was created.D . A firewall...

Which two statements correctly describe the differences between IPsec main mode and IPsec aggressive mode? (Choose two.) A. The first packet of aggressive mode contains the peer ID, while the first packet of main mode does not. B. Main mode cannot be used for dialup VPNs, while aggressive mode can....

Which three actions are valid for static URL filtering? (Choose three.) A. Block B. Warning C. Shape D. Exempt E. AllowView AnswerAnswer: A,D,E Explanation: The correct actions for static URL filtering in FortiGate are: A. Block: This action blocks access to the specified URL or category. D. Exempt: This action...

Which statement is correct regarding the inspection of some of the services available by web applications embedded in third-party websites?A . The security actions applied on the web applications will also be explicitly applied on the third-party websites.B . The application signature database inspects traffic only from the original web...

Which statement correctly describes the use of reliable logging on FortiGate?A . Reliable logging is enabled by default in all configuration scenarios.B . Reliable logging is required to encrypt the transmission of logs.C . Reliable logging can be configured only using the CLI.D . Reliable logging prevents the loss of...

FortiGuard categories can be overridden and defined in different categories. To create a web rating override for the example.com home page, the override must be configured using a specific syntax. Which two syntaxes are correct to configure a web rating override for the home page? (Choose two.) A. www.example.com B....

Which timeout setting can be responsible for deleting SSL VPN associated sessions?A . SSL VPN idle-timeoutB . SSL VPN http-request-body-timeoutC . SSL VPN login-timeoutD . SSL VPN dtls-hello-timeoutView AnswerAnswer: A Explanation: The SSL VPN idle-timeout setting determines how long an SSL VPN session can be inactive before it is terminated....

Refer to the exhibit. Which route will be selected when trying to reach 10.20.30.254? A. 10.20.30.0/24 [10/0] via 172.20.167.254, port3, [1/0] B. 10.30.20.0/24 [10/0] via 172.20.121.2, port1, [1/0] C. 10.20.30.0/26 [10/0] via 172.20.168.254, port2, [1/0] D. 0.0.0.0/0 [10/0] via 172.20.121.2, port1, [1/0]View AnswerAnswer: A Explanation: The correct route to reach...