● FCP - FortiGate 7.4 Administrator Exam Materials
Please note that the exam "FCP - FortiGate 7.4 Administrator Exam " is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 4 - FortiOS 7.6 Exam"
The new exam version is available on Brave-Dumps and can be purchased.
It has been replaced by the exam "NSE 4 - FortiOS 7.6 Exam"
The new exam version is available on Brave-Dumps and can be purchased.
Question #71
Question #72
FortiGuard categories can be overridden and defined in different categories. To create a web rating override for the example.com home page the override must be configured using a specific syntax.
Which two syntaxes are correct to configure a web rating override for the home page?
(Choose two answers)
- A. www.example.com:443
- B. www.example.com
- C. www.example.com/index.hrml
- D. example.com
Question #73
An administrator has configured the following settings:
What are the two results of this configuration?
(Choose two answers)
- A. Device detection on all interfaces is enforced for 30 minutes
- B. Denied users are blocked for 30 minutes
- C. A session for denied traffic is created
- D. The number of logs generated by denied traffic is reduced
Question #74
Refer to the exhibit.
The exhibit shows a diagram of a FortiGate device connected to the network, the firewall policy and VIP configuration on the FortiGate device, and the routing table on the ISP router.When the administrator tries to access the web server public address (203.0.113.2) from the internet, the connection times out. At the same time the administrator runs a sniffer on FortiGate to capture incoming web traffic to the server and does not see any output.
Based on the information shown in the exhibit,
what configuration change must the administrator
make to fix the connectivity issue?
(Choose one answer)
- A. Configure a loopback interface with address 203.0.113.2
- B. In the VIP configuration, enable arp-reply
- C. In the firewall policy configuration, enable match-vip.
- D. Enable port forwarding on the server to map the external service port to the internal service port.
Question #75
An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSUTLS connection.
Which FortiGate configuration can achieve this goal?
(Choose one answer)
- A. SSL VPN quick connection
- B. SSL VPN tunnel
- C. SSL VPN bookmark
- D. Zero trust network access
Question #76
An administrator has configured a strict RPF check on FortiGate.
How does strict RPF check work?
(Choose one answer)
- A. Strict RPF checks the best route back to the source using the incoming interface.
- B. Strict RPF allows packets back to sources with all active routes.
- C. Strict RPF checks only for the existence of at least one active route back to the source using the incoming interface.
- D. Strict RPF check is run on the first sent and reply packet of any new session.
Question #77
A network administrator has configured an SSL/SSH inspection profile defined for full SSL inspection and set with a private CA certificate. The firewall policy that allows the traffic uses this profile for SSL inspection and performs web filtering. When visiting any HTTPS websites, the browser reports certificate warning errors.
What is the reason for the certificate warning errors?
(Choose one answer)
- A. The SSL cipher compliance option is not enabled on the SSL inspection profile. This setting is required when the SSL inspection profile is defined with a private CA certificate.
- B. The certificate used by FortiGate for SSL inspection does not contain the required certificate extensions.
- C. The browser does not recognize the certificate in use as signed by a trusted CA.
- D. With full SSL inspection it is not possible to avoid certificate warning errors at the browser level.
Question #78
A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy.
When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file.
When downloading the same file through HTTPS, FortiGate does not detect the and does not block the file allowing it to be downloaded.
The administrator confirms that the traffic matches the configured firewall policy.
What are two reasons for the failed virus detection by FortiGate?
(Choose two answers)
- A. he selected SSL inspection profile has certificate inspection enabled
- B. The browser does not trust the FortiGate self-siqned CA certificate
- C. he EICAR test file exceeds the protocol options oversize limit
- D. The website is exempted from SSL inspection
Question #79
Examine the intrusion prevention system (IPS) diagnostic command shown in the exhibit.
If option 5 is used with the IPS diagnostic command and the outcome is a decrease in the CPU usage,
what is the correct conclusion?
(Choose one answer)
- A. The IPS engine is blocking all traffic.
- B. The IPS engine is inspecting a high volume of traffic.
- C. The IPS engine is unable to prevent an intrusion attack.
- D. The IPS engine will continue to run in a normal state.
Question #80
How can you disable RPF checking? (Choose one answer)
- A. Disable src-check on the interface level settings
- B. Unset fail-alert-interfaces on the interface level settings.
- C. Disable fail-detect on the interface level settings.
- D. Disable strict-src-check under system settings.
Which statement about the deployment of the Security Fabric in a multi-VDOM environment is true? (Choose one answer)