Fortinet FCP_FGT_AD-7.4 Exam Practice Test Instant Access

Question 1

Refer to the exhibits.

The exhibits show a diagram of a FortiGate device connected to the network, and the firewall configuration.

An administrator created a Deny policy with default settings to deny Webserver access for Remote-User2.

The policy should work such that Remote-User1 must be able to access the Webserver while preventing Remote-User2 from accessing the Webserver.

Which two configuration changes can the administrator make to the policy to deny Webserver access for Remote-User2? (Choose two.)

AEnable match-vip in the Deny policy.

BSet the Destination address as Webserver in the Deny policy.

CDisable match-vip in the Deny policy.

DSet the Destination address as Deny_IP in the Allow_access policy.

Answer : A, B

Question 2

Refer to the exhibits.

FGT-1 and FGT-2 are updated with HA configuration commands shown in the exhibit.

What would be the expected outcome in the HA cluster?

AFGT-1 will remain the primary because FGT-2 has lower priority.

BFGT-2 will take over as the primary because it has the override enable setting and higher priority than FGT-1.

CFGT-1 will synchronize the override disable setting with FGT-2.

DThe HA cluster will become out of sync because the override setting must match on all HA members.

Answer : B

Question 3

Refer to the exhibits, which show the firewall policy and an antivirus profile configuration.

Why is the user unable to receive a block replacement message when downloading an infected file for the first time?

AThe intrusion prevention security profile must be enabled when using flow-based inspection mode.

BThe option to send files to FortiSandbox for inspection is enabled.

CThe firewall policy performs a full content inspection on the file.

DFlow-based inspection is used, which resets the last packet to the user.

Answer : D

Question 4

An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings.

What is true about the DNS connection to a FortiGuard server?

AIt uses UDP 8888.

BIt uses DNS over HTTPS.

CIt uses DNS over TLS.

DIt uses UDP 53.

Answer : C

Question 5

What are two features of collector agent advanced mode? (Choose two.)

AIn advanced mode, FortiGate can be configured as an LDAP client and group filters can be configured on FortiGate.

BAdvanced mode supports nested or inherited groups.

CIn advanced mode, security profiles can be applied only to user groups, not individual users.

DAdvanced mode uses the Windows convention ---NetBios: Domain\Username.

Answer : A, B

Question 6

Which two statements about equal-cost multi-path (ECMP) configuration on FortiGate are true? (Choose two.)

AIf SD-WAN is enabled, you control the load balancing algorithm with the parameter load-balance-mode.

BIf SD-WAN is disabled, you can configure the parameter v4-ecmp-mode to volume-based.

CIf SD-WAN is enabled, you can configure routes with unequal distance and priority values to be part of ECMP

DIf SD-WAN is disabled, you configure the load balancing algorithm in config system settings.

Answer : B, C

Question 7

Which three methods are used by the collector agent for AD polling? (Choose three.)

AWinSecLog

BWMI

CNetAPI

DFSSO REST API

EFortiGate polling

Answer : C, D, E

Fortinet FCP_FGT_AD-7.4 FCP - FortiGate 7.4 Administrator Exam Practice Test