Fortinet FCP_FGT_AD-7.4 Übungsprüfungen
Zuletzt aktualisiert am 27.04.2025- Prüfungscode: FCP_FGT_AD-7.4
- Prüfungsname: FCP - FortiGate 7.4 Administrator
- Zertifizierungsanbieter: Fortinet
- Zuletzt aktualisiert am: 27.04.2025
Which statement best describes the role of a DC agent in an FSSO DC agent mode solution?
- A . It captures the login and logoff events and forwards them to the collector agent.
- B . It captures the login events and forwards them to the collector agent.
- C . It captures the login events and forwards them to FortiGate.
- D . It captures the user IP address and workstation name and forwards them to FortiGate.
Which two IP pool types enable you to identify user connections without having to log user traffic? (Choose two.)
- A . Fixed port range
- B . Port block allocation
- C . One-to-one
- D . Overload
An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.
Which DPD mode on FortiGate will meet the above requirement?
- A . Disabled
- B . On Demand
- C . Enabled
- D . On Idle
An administrator configured the antivirus profile in a firewall policy set to flow-based inspection mode. While testing the configuration, the administrator noticed that eicar.com test files can be downloaded using HTTPS protocol only.
What is causing this issue?
- A . Hardware acceleration is in use.
- B . The test file is larger than the oversize limit.
- C . HTTPS protocol is not enabled under Inspected Protocols.
- D . Full SSL inspection is disabled.
A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded.
What is the reason for the failed virus detection by FortiGate?
- A . Application control is not enabled
- B . SSL/SSH Inspection profile is incorrect
- C . Antivirus profile configuration is incorrect
- D . Antivirus definitions are not up to date
Refer to the exhibit to view the application control profile.
Based on the configuration, what will happen to Apple FaceTime?
- A . Apple FaceTime will be allowed, based on the Apple filter configuration.
- B . Apple FaceTime will be allowed, based on the Categories configuration.
- C . Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration.
- D . Apple FaceTime will be allowed only if the filter in Application and Filter Overrides is set to Learn.
Refer to the exhibit.
An administrator has configured a performance SLA on FortiGate, which failed to generate any traffic.
Why is FortiGate not sending probes to 4.2.2.2 and 4.2.2.1 servers? (Choose two.)
- A . The Detection Mode setting is not set to Passive.
- B . Administrator didn’t configure a gateway for the SD-WAN members, or configured gateway is not valid.
- C . The configured participants are not SD-WAN members.
- D . The Enable probe packets setting is not enabled.
Which two settings must you configure when FortiGate is being deployed as a root FortiGate in a Security Fabric topology? (Choose two.)
- A . FortiManager IP address
- B . FortiAnalyzer IP address
- C . Pre-authorize downstream FortiGate devices
- D . Fabric name
Refer to the exhibits.
An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).
What must the administrator do to synchronize the address object?
- A . Change the csf setting on ISFW (downstream) to set configuration-sync local.
- B . Change the csf setting on ISFW (downstream) to set authorization-request-type certificate.
- C . Change the csf setting on both devices to set downstream-access enable.
- D . Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default.
Which two statements about advanced AD access mode for the FSSO collector, agent are true? (Choose two.)
- A . FortiGate can act as an LDAP client to configure the group filters.
- B . It uses the Windows convention for naming; that is, DomainUsername.
- C . It supports monitoring of nested groups.
- D . It is only supported if DC agents are deployed.