● FCSS - Enterprise Firewall 7.4 Administrator Exam Materials
Please note that the exam "FCSS - Enterprise Firewall 7.4 Administrator Exam" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 7 - Enterprise Firewall 7.6 Administrator"
The new exam version is available on Brave-Dumps and can be purchased.
It has been replaced by the exam "NSE 7 - Enterprise Firewall 7.6 Administrator"
The new exam version is available on Brave-Dumps and can be purchased.
Question #51
Question #52
Refer to the exhibit.
The routing tables of FortiGate_A and FortiGate_B are shown. FortiGate_A and FortiGate_B are in the same autonomous system.
The administrator wants to dynamically add only route 172.16.1.248/30 on FortiGate_A.
What must the administrator configure?
(Choose one answer)
- A. The prefix 172.16.1.248/30 in the BGP Networks section on FortiGate_B
- B. A BGP route map out for 172.16.1.248/30 on FortiGate_B
- C. Enable Redistribute Connected in the BGP section on FortiGate_B.
- D. A BGP route map in for 172.16.1.248/30 on FortiGate_A
Question #53
Refer to the exhibit, which shows a network diagram.
Which IPSec phase 2 configuration should you implement so that only one remote site is connected at any time?
(Choose one answer)
- A. Set net-device to enable.
- B. Set route-overlap to allow.
- C. Set single-source to enable.
- D. Set route-overlap to either use-new or use-old.
Question #54
An administrator wants to scale the IBGP sessions and optimize the routing table in an IBGP network.
Which parameter should the administrator configure?
(Choose one answer)
- A. network-import-check
- B. ibgp-enforce-multihop
- C. neighbor-group
- D. route-reflector-client
Question #55
Refer to the exhibits.
The configuration of a user's Windows PC, which has a default MTU of 1500 bytes, along with FortiGate interfaces set to an MTU of 1000 bytes, and the results of PC1 pinging server 172.16.0.254 are shown.
Why is the user in Windows PC1 unable to ping server 172.16.0.254 and is seeing the message: Packet needs to be fragmented but DF set?
(Choose one answer)
- A. Option ip.flags.mf must be set to enable on FortiGate. The user has to adjust the ping MTU to 1000 to succeed.
- B. Fragmented packets must be encrypted. To connect any application successfully, the user must install the Fortinet_CA certificate in the Microsoft Management Console.
- C. FortiGate honors the do not fragment bit and the packets are dropped. The user has to adjust the ping MTU to 972 to succeed.
- D. The user must trigger different traffic because path MTU discovery techniques do not recognize ICMP payloads.
Question #56
Refer to the exhibit,
Which shows the VDOM section of a FortiGate device.
An administrator discovers that webfilter stopped working in Core1 and Core2 after a maintenance window.
Which two reasons could explain why webfilter stopped working?
(Choose two answers)
- A. The root VDOM does not have access to FortiManager in a closed network.
- B. The root VDOM does not have a VDOM link to connect with the Corel and Core2 VDOMs.
- C. The Core1 and Core2 VDOMs must also be enabled as Management VDOMs to receive FortiGuard updates
- D. The root VDOM does not have access to any valid public FDN.
Question #57
Refer to the exhibit.
An administrator is deploying a hub and spokes network and using OSPF as dynamic protocol.
Which configuration is mandatory for neighbor adjacency?
(Choose one answer)
- A. Set bfd enable in the router configuration
- B. Set network-type point-to-multipoint in the hub interface
- C. Set rfc1583-compatible enable in the router configuration
- D. Set virtual-link enable in the hub interface
Question #58
Refer to the exhibits.
The exhibits show the firewall policy ID 1 of the policy package DCFW and the reinstall preview windows for the policy package installation.
Why is FortiManager installing set srcaddr "SSLVPN TUNNEL ADDRI" on the firewall policy ID 1
when policy package DCFW has the source address 10.1.4. on the firewall policy ID 1?
(Choose one answer)
- A. FortiManager has assigned to DCFW firewall a CLI template that can overwrite configurations in the policy layer.
- B. The firewall policy and reinstall preview use the same addresses, but they have different names because of per-device mapping.
- C. The reinstall policy package ignores recent changes to the policy layer. The administrator must run the Install Wizard.
- D. FortiManager is installing the global policy package, which was higher priority than the ADOM policy package.
Question #59
Refer to the exhibit.
The routing tables of FortiGate_A and FortiGate_B are shown.
Why does FortiGate_B have only one external route available to 100.75.5.1/32?
(Choose one answer)
- A. FortiGate_A advertises only one external route to FortiGate_B.
- B. The route to 100.75.5.1/32 shown on FortiGate_B has the highest cost.
- C. The subnet 10.1.5.0/24 is not located in the FortiGate B area.
- D. rfc-1583-compatible is not set to enable on the FortiGate_B device.
Question #60
Refer to the exhibit.
A network topology and the routing table of a FortiGate device is shown.
What must the administrator configure in the BGP section to add only the subnet 100.64.2.0/24 in the routing table of FortiGate_A?
(Choose one answer)
- A. The administrator must configure connected routes redistribution on FortiGate_C.
- B. The administrator must configure BGP route redistribution on FortiGate_B.
- C. The administrator must configure the 100.64.2.0/24 network on FortiGate_C.
- D. The administrator must configure route-map in on FortiGate_A.
A FortiGate device with UTM profiles is reaching the resource limits, and the administrator expects the traffic in the enterprise network to increase.
The administrator has received an additional FortiGate of the same model.
Which two protocols should the administrator use to integrate the additional FortiGate device into this enterprise network? (Choose two answers)