Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Fortinet FCP_FGT_AD-7.4 - FCP - FortiGate 7.4 Administrator

Fortinet FCP_FGT_AD-7.4 Premium Access     Download Demo    
Page: 2 / 3
Total 89 questions

How can you disable RPF checking?

A.

Disable src-check on the interface level settings

B.

Unset fail-alert-interfaces on the interface level settings.

C.

Disable fail-detect on the interface level settings.

D.

Disable strict-src-check under system settings.

Refer to the exhibit.

The exhibit shows theFortiGuard Category Based Filtersection of a corporate web filter profile.

An administrator must block access todownload.com, which belongs to theFreeware and Software Downloadscategory. The administrator must also allow other websites in the same category.

What are two solutions for satisfying the requirement? (Choose two.)

A.

Configure a separate firewall policy with action Deny and an FQDN address object for *. download, com as destination address.

B.

Set the Freeware and Software Downloads category Action to Warning

C.

Configure a web override rating for download, com and select Malicious Websites as the subcategory.

D.

Configure a static URL filter entry for download, com with Type and Action set to Wildcard and Block, respectively.

Which three statements explain a flow-based antivirus profile? (Choose three.)

A.

Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection

B.

Flow-based inspection optimizes performance compared to proxy-based inspection

C.

FortiGate buffers the whole file but transmits to the client at the same time.

D.

If a virus is detected, the last packet is delivered to the client.

E.

The IPS engine handles the process as a standalone.

Which two pieces of information are synchronized between FortiGate HA members? (Choose two.)

A.

OSPF adjacencies

B.

IPsec security associations

C.

BGP peerings

D.

DHCP leases

Refer to the exhibits.

The SSL VPN connection fails when a user attempts to connect to it.

What should the user do to successfully connect to the SSL VPN?

A.

Change the SSL VPN portal to the tunnel.

B.

Change the idle timeout.

C.

Change the server IP address.

D.

Change the SSL VPN port on the client.

Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?

A.

Internet Service Database (ISDB) engine

B.

Intrusion prevention system engine

C.

Antivirus engine

D.

Application control engine

Refer to the exhibit.

The administrator configured SD-WAN rules and set the FortiGate traffic log page to display SD-WAN-specific columns: SD-WAN Quality and SD-WAN Rule Name.

FortiGate allows the traffic according to policy ID 1. This is the policy that allows SD-WAN traffic.

Despite these settings the traffic logs do not show the name of the SD-WAN rule used to steer those traffic flows.

What can be the reason?

A.

FortiGate load balanced the traffic according to the implicit SD-WAN rule.

B.

There is no application control profile applied to the firewall policy.

C.

Destination in the SD-WAN rules are configured per application but the feature visibility is not enabled.

D.

SD-WAN rule names do not appear immediately. The administrator needs to refresh the page.

Refer to the exhibits, which show the firewall policy and an antivirus profile configuration.

Why is the user unable to receive a block replacement message when downloading an infected file for the first time?

A.

The intrusion prevention security profile must be enabled when using flow-based inspection mode.

B.

The option to send files to FortiSandbox for inspection is enabled.

C.

The firewall policy performs a full content inspection on the file.

D.

Flow-based inspection is used, which resets the last packet to the user.

Refer to the exhibit.

FortiGate has two separate firewall policies for Sales and Engineering to access the same web server with the same security profiles.

Which action must the administrator perform to consolidate the two policies into one?

A.

Enable Multiple Interface Policies to select port1 and port2 in the same firewall policy

B.

Create an Interface Group that includes port1 and port2 to create a single firewall policy

C.

Select port1 and port2 subnets in a single firewall policy.

D.

Replace port1 and port2 with the any interface in a single firewall policy.

An employee needs to connect to the office through a high-latency internet connection.

Which SSL VPN setting should the administrator adjust to prevent SSL VPN negotiation failure?

A.

SSL VPN idle-timeout

B.

SSL VPN login-timeout

C.

SSL VPN dtls-hello-timeout

D.

SSL VPN session-ttl