● FCSS - Enterprise Firewall 7.4 Administrator Exam Materials
Please note that the exam "FCSS - Enterprise Firewall 7.4 Administrator Exam" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 7 - Enterprise Firewall 7.6 Administrator"
The new exam version is available on Brave-Dumps and can be purchased.
It has been replaced by the exam "NSE 7 - Enterprise Firewall 7.6 Administrator"
The new exam version is available on Brave-Dumps and can be purchased.
Question #21
Question #22
Refer to the exhibit, which shows a partial troubleshooting command output.
An administrator is extensively using IPsec on FortiGate. Many tunnels show information similar to the output shown in the exhibit.
What can the administrator conclude?
(Choose one answer)
- A. IPsec SAs cannot be offloaded.
- B. The two IPsec SAs, inbound and outbound, are copied to the NPU.
- C. Only the outbound IPsec SA is copied to the NPU.
- D. Only the inbound IPsec SA is copied to the NPU.
Question #23
Refer to the exhibit, which shows a corporate network and a new remote office network.
An administrator must integrate the new remote office network with the corporate enterprise network.
What must the administrator do to allow routing between the two networks?
(Choose one answer)
- A. The administrator must configure virtual links on both FortiGate devices.
- B. The administrator must implement OSPF over IPsec on both FortiGate devices.
- C. The administrator must implement BGP to inject the new remote office network into the corporate FortiGate device
- D. The administrator must configure a static route to the subnet 192.168.l.0/24 on the corporate FortiGate device.
Question #24
Refer to the exhibit, which shows an enterprise network connected to an internet service provider.
The administrator must configure the BGP section of FortiGate A to give internet access to the enterprise network.
Which command must the administrator use to establish a connection with the internet service provider?
(Choose one answer)
- A. config neighbor
- B. config redistribute bgp
- C. config router route-map
- D. config redistribute ospf
Question #25
Refer to the exhibit, which shows the FortiGuard Distribution Network of a FortiGate device.
FortiGuard Distribution Network on FortiGate
An administrator is trying to find the web filter database signature on FortiGate to resolve issues with websites not being filtered correctly in a flow-mode web filter profile.
Why is the web filter database version not visible on the GUI, such as with IPS definitions?
(Choose one answer)
- A. The web filter database is stored locally, but the administrator must run over CLI diagnose autoupdate versions.
- B. The web filter database is stored locally on FortiGate, but it is hidden behind the GUI. It requires enabling debug mode to make it visible.
- C. The web filter database is not hosted on FortiGate: FortiGate queries FortiGuard or FortiManager for web filter ratings on demand.
- D. The web filter database is only accessible after manual syncing with a valid FDS server using diagnose test update info.
Question #26
Refer to the exhibit, which shows an ADVPN network
An administrator must configure an ADVPN using IBGP and EBGP to connect overlay network 1 with 2.
What two options must the administrator configure in BGP?
(Choose two answers)
- A. set ebgp-enforce-multrhop enable
- B. set next-hop-self enable
- C. set ibgp-enforce-multihop advpn
- D. set attribute-unchanged next-hop
Question #27
Refer to the exhibit.
A pre-run CLI template that is used in zero-touch provisioning (ZTP) and low-touch provisioning (LTP) with FortiManager is shown.
The template is not assigned even though the configuration has already been installed on FortiGate.
What is true about this scenario?
(Choose one answer)
- A. The administrator did not assign the template correctly when adding the model device because pre-CLI templates remain permanently assigned to the firewall
- B. Pre-run CLI templates are automatically unassigned after their initial installation
- C. Pre-run CLI templates for ZTP and LTP must be unassigned manually after the first installation to avoid conflicting error objects when importing a policy package
- D. The administrator must use post-run CLI templates that are designed for ZTP and LTP
Question #28
Refer to the exhibit, which shows a revision history window in the FortiManager device layer.
The IT team is trying to identify the administrator responsible for the most recent update in the
FortiGate device database.
Which conclusion can you draw about this scenario?
(Choose one answer)
- A. This retrieved process was automatically triggered by a Remote FortiGate Directly (via CLI) script.
- B. The user script_manager is an API user from the Fortinet Developer Network (FDN) retrieving a configuration.
- C. To identify the user who created the event, check it on the Configuration and Installation widgeton FortiGate within the FortiManager device layer.
- D. Find the user in the FortiManager system logs and use the type=script command to find the administrator user in the user field.
Question #29
Refer to the exhibit, which contains the partial output of an OSPF command.
An administrator is checking the OSPF status of a FortiGate device and receives the output shown in the exhibit.
What two conclusions can the administrator draw?
(Choose two answers)
- A. The FortiGate device is a backup designated router
- B. The FortiGate device is connected to multiple areas
- C. The FortiGate device injects external routing information
- D. The FortiGate device has OSPF ECMP enabled
Question #30
Refer to the exhibit, which contains a partial command output.
The administrator has configured BGP on FortiGate. The status of this new BGP configuration is shown in the exhibit.
What configuration must the administrator consider next?
(Choose one answer)
- A. Configure a static route to 100.65.4.1.
- B. Configure the local AS to 65300.
- C. Contact the remote peer administrator to enable BGP
- D. Enable ebgp-enforce-multihop
Refer to the exhibit, which shows a command output.
FortiGate_A and FortiGate_B are members of an FGSP cluster in an enterprise network.
While testing the cluster using the ping command, the administrator monitors packet loss and found that the session output on FortiGate_B is as shown in the exhibit.
What could be the cause of this output on FortiGate_B? (Choose one answer)