Fortinet FCP_FGT_AD-7.4 Exam Practice Test Instant Access

Question 1

Refer to the exhibit.

The NOC team connects to the FortiGate GUI with the NOC_Access admin profile. They request that their GUI sessions do not disconnect too early during inactivity.

What must the administrator configure to answer this specific request from the NOC team?

AEnable the parameter Never Timeout in the admin profiles

BIncrease the admintimeout value under config system accprofile super_admin.

CIncrease the admintimeout value under config system global

DIncrease the offline value of the Override idle Timeout parameter in the NOC_Access admin profile

Answer : C

To adjust the inactivity timeout for GUI sessions, the administrator should increase the admintimeout value in the global settings. This parameter controls how long an administrator's session can remain idle before it times out and disconnects. This is configured globally and affects all administrators, including those with the 'NOC_Access' profile.

Question 2

A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors.

What is the reason for the certificate warning errors?

AThe option invalid SSL certificates is set to allow on the SSL/SSH inspection profile

BThe browser does not trust the certificate used by FortiGate for SSL inspection

CThe certificate used by FortiGate for SSL inspection does not contain the required certificate extensions.

DThe matching firewall policy is set to proxy inspection mode

Answer : B

When full SSL inspection is enabled, FortiGate intercepts HTTPS traffic, decrypts it for inspection, and re-encrypts it using its own SSL certificate before forwarding it to the browser. If the browser does not trust the SSL certificate being used by FortiGate for re-encryption, it will display certificate warning errors. To resolve this, the certificate used by FortiGate for SSL inspection must be installed and trusted in the browser's certificate store.

Question 3

An administrator has configured a strict RPF check on FortiGate.

How does strict RPF check work?

AStrict RPF checks the best route back to the source using the incoming interface.

BStrict RPF allows packets back to sources with all active routes.

CStrict RPF checks only for the existence of at least one active route back to the source using the incoming interface.

DStrict RPF check is run on the first sent and reply packet of any new session.

Answer : A

Strict RPF (Reverse Path Forwarding) check ensures that the packet is received on the same interface that the FortiGate device would use to send traffic back to the source. It verifies that the best route to the source of the packet is through the same interface it arrived on, enhancing security by preventing IP spoofing. If the check fails, the packet is dropped.

Question 4

Which three statements about SD-WAN zones are true? (Choose three.)

AAn SD-WAN zone can contain physical and logical interfaces

BYou can use an SD-WAN zone in static route definitions

CYou can define up to three SD-WAN zones per FortiGate device

DAn SD-WAN zone must contains at least two members

EAn SD-WAN zone is a logical grouping of members

Answer : A, B, E

An SD-WAN zone can contain physical and logical interfaces

SD-WAN zones can include both physical and logical interfaces, allowing flexible configuration for different network types.

You can use an SD-WAN zone in static route definitions

SD-WAN zones can be referenced in static routes, enabling dynamic path selection based on SD-WAN rules.

An SD-WAN zone is a logical grouping of members

An SD-WAN zone is a logical grouping of interfaces (members), used to simplify the management and application of SD-WAN rules.

Question 5

An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSUTLS connection.

Which FortiGate configuration can achieve this goal?

ASSL VPN quick connection

BSSL VPN tunnel

CSSL VPN bookmark

DZero trust network access

Answer : B

An SSL VPN tunnel allows remote users to securely connect to the organization's network and transmit all traffic, including external application data and FTP resources, through an encrypted SSL/TLS connection. This ensures secure access to the network while supporting various protocols such as FTP and other application-specific traffic from the user's PC.

Question 6

Which statement is correct regarding the use of application control for inspecting web applications?

AApplication control can identify child and parent applications, and perform different actions on them

BApplication control signatures are included in Fortinet Antivirus engine

CApplication control does not display a replacement message for a blocked web application

DApplication control does not require SSL Inspection to Identity web applications

Answer : A

FortiGate's application control can differentiate between parent and child applications and allows administrators to configure distinct actions for each. For example, it can identify Facebook (parent application) and specific functions within it (child applications) like Facebook video or chat, enabling more granular control over application traffic.

Question 7

Which two statements are correct when FortiGate enters conserve mode? (Choose two.)

AFortiGate halts complete system operation and requires a reboot to regain available resources

BFortiGate refuses to accept configuration changes

CFortiGate continues to run critical security actions, such as quarantine.

DFortiGate continues to transmit packets without IPS inspection when the fail-open global setting in IPS is enabled

Answer : C, D

FortiGate continues to run critical security actions, such as quarantine.

Even in conserve mode, FortiGate prioritizes critical security functions to ensure basic protections are still in place, such as quarantining malicious traffic.

FortiGate continues to transmit packets without IPS inspection when the fail-open global setting in IPS is enabled.

When the system is in conserve mode and the 'fail-open' setting is enabled, FortiGate will allow traffic to pass without IPS inspection to ensure traffic flow continuity despite resource limitations.

Fortinet FCP_FGT_AD-7.4 FCP - FortiGate 7.4 Administrator Exam Practice Test