Fortinet FCP_FCT_AD-7.2 Exam Practice Test Instant Access

Question 1

Refer to the exhibit.

Based on the FortiClient logs shown in the exhibit which application is blocked by the application firewall?

ATwitter

BFacebook

CInternet Explorer

DFirefox

Answer : D

Based on the FortiClient logs shown in the exhibit:

The first log entry shows the application 'firefox.exe' trying to access a destination IP, with the threat identified as 'Twitter.'

The action taken by the application firewall is 'blocked' with the event type 'appfirewall.'

This indicates that the application firewall has blocked access to Twitter.

Reference

FortiClient EMS 7.2 Study Guide, Application Firewall Logs Section

Fortinet Documentation on Interpreting FortiClient Logs

Question 2

Which two statements are true about the ZTNA rule? (Choose two.)

AIt applies security profiles to protect traffic

BIt applies SNAT to protect traffic.

CIt defines the access proxy.

DIt enforces access control.

Answer : A, D

Understanding ZTNA Rule Configuration:

The ZTNA rule configuration shown in the exhibit defines how traffic is managed and controlled based on specific tags and conditions.

Evaluating Rule Components:

The rule includes security profiles to protect traffic by applying various security checks (A).

The rule also enforces access control by determining which endpoints can access the specified resources based on the ZTNA tag (D).

Eliminating Incorrect Options:

SNAT (Source Network Address Translation) is not mentioned as part of this ZTNA rule.

The rule does not define the access proxy but uses it to enforce access control.

Conclusion:

The correct statements about the ZTNA rule are that it applies security profiles to protect traffic (A) and enforces access control (D).

ZTNA rule configuration documentation from the study guides.

Question 3

FortiClient EMS endpoint policies

Refer to the exhibit, which shows multiple endpoint policies on FortiClient EMS. Which policy is applied to the endpoint in the AD group trainingAD

AThe Training policy

BBoth the Sales and Training policies because their priority is higher than the Default policy

CThe Default policy because it has the highest priority

DThe sales policy

Answer : A

Observation of Endpoint Policies:

The exhibit shows multiple endpoint policies with their assigned groups, priority levels, and enabled status.

Evaluating Policy Assignment:

The Training policy is specifically assigned to the 'trainingAD.training.lab' group, with a higher priority than the Default policy.

Conclusion:

The correct policy applied to the endpoint in the AD group 'trainingAD' is the Training policy (A).

FortiClient EMS policy configuration and priority management documentation from the study guides.

Question 4

Refer to the exhibit.

Based on the settings shown in the exhibit, which two actions must the administrator take to make the endpoint compliant? (Choose two.)

AEnable the web filter profile.

BRun Calculator application on the endpoint.

CIntegrate FortiSandbox tor infected file analysis

DPatch applications that have vulnerability rated as high or above.

Answer : B, D

Observation of Compliance Profile:

The compliance profile shown in the exhibit includes rules for vulnerability severity level and running process (Calculator.exe).

Evaluating Actions for Compliance:

To make the endpoint compliant, the administrator needs to ensure that the vulnerability severity level is medium or higher is patched (D).

Additionally, the Calculator.exe application must be running on the endpoint (B).

Eliminating Incorrect Options:

Enabling the web filter profile (A) is not related to the compliance rules shown.

Integrating FortiSandbox (C) is not a requirement in the given compliance profile.

Conclusion:

The correct actions are to run the Calculator application on the endpoint (B) and patch applications with vulnerabilities rated as high or above (D).

FortiClient EMS compliance profile configuration documentation from the study guides.

Question 5

What is the function of the quick scan option on FortiClient?

AIt scans programs and drivers that are currently running, for threats

BIt performs a full system scan including all files, executable files. DLLs, and drivers for throats.

CIt allows users to select a specific file folder on their local hard disk drive (HDD), to scan for threats.

DIt scans executable files. DLLs, and drivers that are currently running, for threats.

Answer : B

Understanding Quick Scan Function:

The quick scan option on FortiClient is designed to scan certain elements of the system quickly for threats.

Evaluating Scan Scope:

The quick scan specifically targets executable files, DLLs, and drivers that are currently running, providing a rapid assessment of the active components of the system.

Conclusion:

The correct answer is D, as it accurately describes the function of the quick scan option on FortiClient.

FortiClient scanning options documentation from the study guides.

Question 6

An administrator needs to connect FortiClient EMS as a fabric connector to FortiGate What is the prerequisite to get FortiClient EMS lo connect to FortiGate successfully?

AImport and verify the FortiClient EMS tool CA certificate on FortiGate.

BRevoke and update the FortiClient client certificate on EMS.

CImport and verify the FortiClient client certificate on FortiGate.

DRevoke and update the FortiClient EMS root CA.

Answer : A

Connecting FortiClient EMS to FortiGate:

The administrator needs to establish a connection between FortiClient EMS and FortiGate as a fabric connector.

Prerequisites for Connection:

A key prerequisite is the import and verification of the FortiClient EMS tool CA certificate on FortiGate to ensure a trusted connection.

Conclusion:

The correct prerequisite for a successful connection is to import and verify the FortiClient EMS tool CA certificate on FortiGate.

FortiClient EMS and FortiGate connection and certificate management documentation from the study guides.

Question 7

In a ForliSandbox integration, what does the remediation option do?

ADeny access to a tile when it sees no results

BAlert and notify only

CExclude specified files

DWait for FortiSandbox results before allowing files

Answer : B

Understanding FortiSandbox Integration:

In a FortiSandbox integration, various remediation options are available for handling suspicious files.

Evaluating Remediation Options:

The remediation option for alerting and notifying without blocking access or waiting for results is essential to understand.

Conclusion:

The correct action for the remediation option in this context is to alert and notify only.

FortiSandbox integration documentation from the study guides.

Fortinet FCP_FCT_AD-7.2 FCP - FortiClient EMS 7.2 Administrator Exam Practice Test