● FCP - FortiGate 7.4 Administrator Exam Materials

Please note that the exam "FCP - FortiGate 7.4 Administrator Exam " is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 4 - FortiOS 7.6 Exam"

The new exam version is available on Brave-Dumps and can be purchased.

Question #21

Which two statements are correct when FortiGate enters conserve mode? (Choose two answers)

A. FortiGate continues to transmit packets without IPS inspection when the fail-open global setting in IPS is enabled.
B. FortiGate halts complete system operation and requires a reboot to regain available resources.
C. FortiGate continues to run critical security actions, such as quarantine.
D. FortiGate refuses to accept configuration changes.

Question #22

Which two pieces of information are synchronized between FortiGate HA members? (Choose two answers)

A. IPsec security associations
B. BGP peerings
C. DHCP leases
D. OSPF adjacencies

Question #23

What two conclusions can you make from the debug flow output? (Choose two answers)

A. A firewall policy allowed the connection.
B. The debug flow is for ICMP traffic.
C. The default route is required to receive a reply.
D. A new traffic session was created.

Question #24

There are multiple dial-up IPsec VPNs configured in aggressive mode on the HQ FortiGate. The requirement is to connect dial-up users to their respective department VPN tunnels.

Which phase 1 setting you can configure to match the user to the tunnel? (Choose one answer)

A. Peer ID
B. Local Gateway
C. Dead Peer Detection
D. IKE Mode Config

Question #25

FortiGate has two separate firewall policies for Sales and Engineering to access the same web server with the same security profiles.

Which action must the administrator perform to consolidate the two policies into one? (Choose one answer)

A. Enable Multiple Interface Policies to select port1 and port2 in the same firewall policy
B. Replace port1 and port2 with the any interface in a single firewall policy
C. Select port1 and port2 subnets in a single firewall policy
D. Create an Interface Group that includes port1 and port2 to create a single firewall policy

Question #26

FortiGate is operating in NAT mode and has two physical interfaces connected to the LAN and DMZ networks respectively.

Which two statements are true about the requirements of connected physical interfaces on FortiGate? (Choose two answers)

A. Both interfaces must have the interface role assigned.
B. Both interfaces must have directly connected routes on the routing table.
C. Both interfaces must have DHCP enabled.
D. Both interfaces must have IP addresses assigned.

Question #27

Refer to the exhibit,

Which shows an SD-WAN zone configuration on the FortiGate GUI.

Based on the exhibit, which statement is true? (Choose one answer)

A. The d-wan zone cannot be deleted.
B. The d-wan zone contains no member.
C. The underlay zone contains port1 and port2.
D. The virtual-wan-link zone contains no member.

Question #28

FortiGate is integrated with FortiAnalyzer and FortiManager.

When a firewall policy is created, which attribute is added to the policy to improve functionality and to support recording logs to FortiAnalyzer or FortiManager? (Choose one answer)

A. Log ID
B. Policy ID
C. Universally Unique Identifier
D. Sequence ID

Question #29

Refer to the exhibit.

Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?

All traffic from a source IP is sent to the same interface. (Choose one answer)

A. Traffic is distributed based on the number of sessions through each interface.
B. Traffic is sent to the link with the lowest latency.
C. All traffic from a source IP to a destination IP is sent to the same interface.
D. All traffic from a source IP is sent to the same interface.

Question #30

An administrator must enable a DHCP server on one of the directly connected networks on FortiGate. However, the administrator is unable to complete the process on the GUI to enable the service on the interface.

In this scenario, what prevents the administrator from enabling DHCP service? (Choose one answer)

A. The FortiGate model does not support the DHCP server.
B. Another interface is configured as the only DHCP server on FortiGate.
C. The role of the interface prevents setting a DHCP server.
D. The DHCP server setting is available only on the CLI.

● FCP - FortiGate 7.4 Administrator Exam Materials

Which two statements are correct when FortiGate enters conserve mode? (Choose two answers)

Correct Answer: A,D

Which two pieces of information are synchronized between FortiGate HA members? (Choose two answers)

Correct Answer: A,C

What two conclusions can you make from the debug flow output? (Choose two answers)

Correct Answer: B,D

There are multiple dial-up IPsec VPNs configured in aggressive mode on the HQ FortiGate. The requirement is to connect dial-up users to their respective department VPN tunnels.

Which phase 1 setting you can configure to match the user to the tunnel? (Choose one answer)

Correct Answer: A

FortiGate has two separate firewall policies for Sales and Engineering to access the same web server with the same security profiles.

Which action must the administrator perform to consolidate the two policies into one? (Choose one answer)

Correct Answer: A

FortiGate is operating in NAT mode and has two physical interfaces connected to the LAN and DMZ networks respectively.

Which two statements are true about the requirements of connected physical interfaces on FortiGate? (Choose two answers)

Correct Answer: B,D

Refer to the exhibit,

Which shows an SD-WAN zone configuration on the FortiGate GUI.

Based on the exhibit, which statement is true? (Choose one answer)

Correct Answer: B

FortiGate is integrated with FortiAnalyzer and FortiManager.

When a firewall policy is created, which attribute is added to the policy to improve functionality and to support recording logs to FortiAnalyzer or FortiManager? (Choose one answer)

Correct Answer: C

Refer to the exhibit.

Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?

All traffic from a source IP is sent to the same interface. (Choose one answer)

Correct Answer: C

Correct Answer: C

● FCP - FortiGate 7.4 Administrator Exam Materials

Which two statements are correct when FortiGate enters conserve mode? (Choose two answers)

Correct Answer: A,D

Which two pieces of information are synchronized between FortiGate HA members? (Choose two answers)

Correct Answer: A,C

What two conclusions can you make from the debug flow output? (Choose two answers)

Correct Answer: B,D

There are multiple dial-up IPsec VPNs configured in aggressive mode on the HQ FortiGate. The requirement is to connect dial-up users to their respective department VPN tunnels. Which phase 1 setting you can configure to match the user to the tunnel? (Choose one answer)

Correct Answer: A

FortiGate has two separate firewall policies for Sales and Engineering to access the same web server with the same security profiles. Which action must the administrator perform to consolidate the two policies into one? (Choose one answer)

Correct Answer: A

FortiGate is operating in NAT mode and has two physical interfaces connected to the LAN and DMZ networks respectively. Which two statements are true about the requirements of connected physical interfaces on FortiGate? (Choose two answers)

Correct Answer: B,D

Refer to the exhibit, Which shows an SD-WAN zone configuration on the FortiGate GUI. Based on the exhibit, which statement is true? (Choose one answer)

Correct Answer: B

FortiGate is integrated with FortiAnalyzer and FortiManager. When a firewall policy is created, which attribute is added to the policy to improve functionality and to support recording logs to FortiAnalyzer or FortiManager? (Choose one answer)

Correct Answer: C

Refer to the exhibit. Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules? All traffic from a source IP is sent to the same interface. (Choose one answer)

Correct Answer: C

Correct Answer: C

There are multiple dial-up IPsec VPNs configured in aggressive mode on the HQ FortiGate. The requirement is to connect dial-up users to their respective department VPN tunnels.

Which phase 1 setting you can configure to match the user to the tunnel? (Choose one answer)

FortiGate has two separate firewall policies for Sales and Engineering to access the same web server with the same security profiles.

Which action must the administrator perform to consolidate the two policies into one? (Choose one answer)

FortiGate is operating in NAT mode and has two physical interfaces connected to the LAN and DMZ networks respectively.

Which two statements are true about the requirements of connected physical interfaces on FortiGate? (Choose two answers)

Refer to the exhibit,

Which shows an SD-WAN zone configuration on the FortiGate GUI.

Based on the exhibit, which statement is true? (Choose one answer)

FortiGate is integrated with FortiAnalyzer and FortiManager.

When a firewall policy is created, which attribute is added to the policy to improve functionality and to support recording logs to FortiAnalyzer or FortiManager? (Choose one answer)

Refer to the exhibit.

Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?

All traffic from a source IP is sent to the same interface. (Choose one answer)