● FCP - FortiGate 7.4 Administrator Exam Materials
Please note that the exam "FCP - FortiGate 7.4 Administrator Exam " is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 4 - FortiOS 7.6 Exam"
The new exam version is available on Brave-Dumps and can be purchased.
It has been replaced by the exam "NSE 4 - FortiOS 7.6 Exam"
The new exam version is available on Brave-Dumps and can be purchased.
Question #81
Question #82
Based on the routing database shown in the exhibit, which two conclusions can you make about the routes? (Choose two answers)
- A. The port3 default route has the lowest metric.
- B. The port1 and port2 default routes are active in the routing table.
- C. The ports default route has the highest distance.
- D. There will be eight routes active in the routing table.
Question #83
What are two features of FortiGate FSSO agentless polling mode? (Choose two answers)
- A. FortiGate directs the collector agent to use a remote LDAP server.
- B. FortiGate uses the SMB protocol to read the event viewer logs from the DCs.
- C. FortiGate does not support workstation check.
- D. FortiGate uses the AD server as the collector agent.
Question #84
Which statement correctly describes NetAPI polling mode for the FSSO collector agent? (Choose one answer)
- A. The collector agent must search Windows application event logs.
- B. The NetSessionEnum function is used to track user logouts.
- C. NetAPI polling can increase bandwidth usage in large networks
- D. The collector agent uses a Windows API to query DCs for user logins.
Question #85
Refer to the exhibits.
An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).
What must the administrator do to synchronize the address object?
(Choose one answer)
- A. Change the csf setting on ISFW (downstream) to set configuration-sync local.
- B. Change the csf setting on ISFW (downstream) to set authorization-request-type certificate.
- C. Change the csf setting on both devices to set downstream-access enable.
- D. Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default.
Question #86
Refer to the exhibits.
The SSL VPN connection fails when a user attempts to connect to it.
What should the user do to successfully connect to the SSL VPN?
(Choose one answer)
- A. Change the SSL VPN portal to the tunnel.
- B. Change the idle timeout.
- C. Change the server IP address.
- D. Change the SSL VPN port on the client.
Question #87
Refer to the exhibits.
The exhibits contain a network diagram, and virtual IP, IP pool, and firewall policies configuration information.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.
The first firewall policy has NAT enabled using IP pool.
The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT (SNAT) the internet traffic coming from a workstation with the IP address 10.0.1.10?
(Choose one answer)
- A. 10.200.1.1
- B. 10.0.1.254
- C. 10.200.1.10
- D. 10.200.1.100
Question #88
Refer to the exhibit.
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.
Based on the phase 2 configuration shown in the exhibit, which two configuration changes will bring phase 2 up?
(Choose two answers)
- A. On Remote-FortiGate, set Seconds to 43200.
- B. On Remote-FortiGate, set Remote Address to 10.0.1.0/255.255.255.0.
- C. On HQ-FortiGate, enable Diffie-Hellman Group 2.
- D. On HQ-FortiGate, set Encryption to AES256.
Question #89
Refer to the exhibits.
The exhibits show the application sensor configuration and the Excessive-Bandwidth and Apple filter details.
Based on the configuration, what will happen to Apple FaceTime if there are only a few calls originating or incoming?
(Choose one answer)
- A. Apple FaceTime will be allowed, based on the Video/Audio category configuration.
- B. Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration.
- C. Apple FaceTime will be allowed, based on the Apple filter configuration.
- D. Apple FaceTime will be allowed only if the Apple filter in Application and Filter Overrides is set to Allow.
An administrator is configuring an IPsec VPN between site A and site B. The Remote Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.168.1.0/24 and the remote quick mode selector is 192.168.2.0/24.
Which subnet must the administrator configure for the local quick mode selector for site B? (Choose one answer)