Fortinet FCP_FGT_AD-7.4 Übungsprüfungen
Zuletzt aktualisiert am 26.04.2025- Prüfungscode: FCP_FGT_AD-7.4
- Prüfungsname: FCP - FortiGate 7.4 Administrator
- Zertifizierungsanbieter: Fortinet
- Zuletzt aktualisiert am: 26.04.2025
An administrator wants to monitor their network for any probing attempts aimed to exploit existing vulnerabilities in their servers.
Which two items must they configure on their FortiGate to accomplish this? (Choose two.)
- A . A web application firewall profile to check protocol constraints
- B . A DoS policy, and log all UDP and TCP scan attempts
- C . An IPS sensor to monitor all signatures applicable to the server
- D . An application control profile, and set all application signatures to monitor
An administrator wants to monitor their network for any probing attempts aimed to exploit existing vulnerabilities in their servers.
Which two items must they configure on their FortiGate to accomplish this? (Choose two.)
- A . A web application firewall profile to check protocol constraints
- B . A DoS policy, and log all UDP and TCP scan attempts
- C . An IPS sensor to monitor all signatures applicable to the server
- D . An application control profile, and set all application signatures to monitor
Which additional load balancing method is supported in equal cost multipath (ECMP) load balancing when SD-WAN is enabled?
- A . Volume based
- B . Source-destination IP based
- C . Source IP based
- D . Weight based
FortiGuard categories can be overridden and defined in different categories. To create a web rating override for the example.com home page, the override must be configured using a specific syntax.
Which two syntaxes are correct to configure a web rating override for the home page? (Choose two.)
- A . www.example.com
- B . www.example.com/index.html
- C . www.example.com:443
- D . example.com
Which three actions are valid for static URL filtering? (Choose three.)
- A . Block
- B . Warning
- C . Shape
- D . Exempt
- E . Allow
To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on which device?
- A . FortiManager
- B . Root FortiGate
- C . FortiAnalyzer
- D . Downstream FortiGate
Refer to the exhibit.
Which route will be selected when trying to reach 10.20.30.254?
- A . 10.20.30.0/24 [10/0] via 172.20.167.254, port3, [1/0]
- B . 10.30.20.0/24 [10/0] via 172.20.121.2, port1, [1/0]
- C . 10.20.30.0/26 [10/0] via 172.20.168.254, port2, [1/0]
- D . 0.0.0.0/0 [10/0] via 172.20.121.2, port1, [1/0]
Which statement about firewall policy NAT is true?
- A . DNAT is not supported.
- B . DNAT can automatically apply to multiple firewall policies, based on DNAT rules.
- C . You must configure SNAT for each firewall policy.
- D . SNAT can automatically apply to multiple firewall policies, based on SNAT rules.
If the Services field is configured in a Virtual IP (VIP), which of the following statements is true when central NAT is used?
- A . The Services field removes the requirement of creating multiple VIPs for different services.
- B . The Services field is used when several VIPs need to be bundled into VIP groups.
- C . The Services field does not allow source NAT and destination NAT to be combined in the same policy.
- D . The Services field does not allow multiple sources of traffic, to use multiple services, to connect to a
single computer.
A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service.
Which type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?
- A . Pre-shared key
- B . Dialup user
- C . Dynamic DNS
- D . Static IP address