● FCP - Azure Cloud Security 7.4 Administrator Exam Material

Please note that the exam "FCP - Azure Cloud Security 7.4 Administrato" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,



Question #31
Comment Image Comment Image Comment Image

What characterizes the branch-to-branch topology in an Azure virtual WAN? (Choose one answer)

  • A. Increased redundancy through multiple connections to the central hub
  • B. Enhanced security through centralized traffic management
  • C. Simplified network architecture with reduced hub dependencies
  • D. Improved scalability for branch offices connecting to Azure

Question #32
Comment Image Comment Image Comment Image

How are the configurations synchronized between two FortiGate VMs in an active-passive HA with SDN connector failover deployed from the Azure marketplace? (Choose one answer)

  • A. Using unicast FGCP
  • B. Using system autoscaling during a failover
  • C. An Azure function distributes the configuration files
  • D. By configuring FGSP on the primary

Question #33
Comment Image Comment Image Comment Image

Refer to the exhibits.

Two new dynamic firewall addresses have been configured on the FortiGate VM using the external connector to Integrate within the same Azure environment.
The debug output shows that one IP address can be resolved successfully, but the second is empty.

Which steps could you perform to correct the misconfiguration? (Choose two answers)

  • A. Verify the filter used for the dynamic firewall address
  • B. Verify the tags on the target VM
  • C. Check for a mistyped Microsof Entra ID subscription
  • D. Verify the NSG for the target VM
  • E. Verify the Microsoft Entra ID role assignment access rights

Question #34
Comment Image Comment Image Comment Image

Refer to the exhibit.

An Azure Route Server and an active-passive FortiGate with Elastic Load Balancing (ELB) and Internal Load Balancing (ILB) have been deployed successfully and they are sharing and populating BGP routes in the Protected VNet.
A Linux server has been deployed in a new VNet spoke. It is expected that Azure Route Server should inject the FortiGate BGP routes into the Linux server but that failed.

How can you diagnose the problem? (Choose one answer)

  • A. Monitor effective routes on the Azure network interface (NIC) of the Linux server
  • B. Review FortiGate BGP neighbors
  • C. Verify the BGP setup on Azure Route Server
  • D. Linux server doesn't support BGP negotiation with Azure Route Server

Question #35
Comment Image Comment Image Comment Image

Refer to the exhibit.

A high availability, active-active FortiGate with Elastic Load Balancing (ELB) and Internal Load Balancing (ILB) was deployed in your Azure environment.

Which tools can you use to configure synchronization? (Choose two answers)

  • A. FortiGate Clustering Protocol (FGCP)
  • B. Autoscale
  • C. Heartbeat interfaces
  • D. Software-defined network (SDN) Fabric Connector
  • E. FortiManager

Question #36
Comment Image Comment Image Comment Image

A Linux server has been deployed in the protected VNet. You need to create a list of control rules that allow or deny traffic that reaches the Linux server based on IP addresses and ports.

Which basic Azure networking feature could be configured for that purpose? (Choose one answer)

  • A. Virtual network peering for automatic traffic filtering
  • B. User-defined routes (UDR)
  • C. Access control list (ACL)
  • D. Network security group (NSG)

Question #37
Comment Image Comment Image Comment Image

Which statement about an Azure route server is true? (Choose one answer)

  • A. It supports automatic route updates for only Azure virtual networks.
  • B. It uses the OSPF protocol for route exchange.
  • C. It is network topology-agnostic.
  • D. It helps process user data traffic in a way that is similar to a load balancer.

Question #38
Comment Image Comment Image Comment Image

A FortiGate VM was deployed using a PAYG license. After successful testing, your team would like to send production traffic to the FortiGate VM and replace its PAYG license with a BYOL license. You are tasked with the license transitioning.

Which step could you take to perform the license transition? (Choose one answer)

  • A. Access the FortiGate VM command line to switch the license model.
  • B. Use the Azure Portal option to select and switch the license model.
  • C. Redeploy the FortiGate VM with the new BYOL license.
  • D. Ask Fortinet customer support to assist in the transition.

Question #39
Comment Image Comment Image Comment Image

What is the primary purpose of an Azure availability set? (Choose one answer)

  • A. To enforce access controls for Azure resources
  • B. To optimize network traffic within a single data center
  • C. To distribute resources across different Azure regions
  • D. To provide fault tolerance by spreading VMs across multiple update and fault domains

Question #40
Comment Image Comment Image Comment Image

Refer to the exhibit.

Ping executed from an on-premise workstation. A new Linux server VM was deployed in Azure.

While performing basic network connectivity testing from your on-premises network, you noticed that executing a ping to its public IP address returns “request time out” messages.

Which configuration can you perform to allow ICMP traffic? (Choose one answer)

  • A. Add an entry on the Linux firewall
  • B. Add an inbound security rule on the network security group (NSG)
  • C. Redeploy the VM
  • D. Add user-defined routes (UDR) rule