● FCP - FortiGate 7.4 Administrator Exam Materials
Please note that the exam "FCP - FortiGate 7.4 Administrator Exam " is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 4 - FortiOS 7.6 Exam"
The new exam version is available on Brave-Dumps and can be purchased.
It has been replaced by the exam "NSE 4 - FortiOS 7.6 Exam"
The new exam version is available on Brave-Dumps and can be purchased.
Question #51
Question #52
Refer to the exhibit showing a FortiGuard connection debug output.
Based on the output, which two facts does the administrator know about the FortiGuard connection?
(Choose two answers)
- A. One server was contacted to retrieve the contract information.
- B. There is at least one server that lost packets consecutively.
- C. A local FortiManaqer is one of the servers FortiGate communicates with.
- D. FortiGate is using default FortiGuard communication settings.
Question #53
Refer to the exhibit.
Why did FortiGate drop the packet?
(Choose one answer)
- A. It matched an explicitly configured firewall policy with the action DENY.
- B. It failed the RPF check.
- C. The next-hop IP address is unreachable.
- D. It matched the default implicit firewall policy.
Question #54
Refer to the exhibit.
Review the intrusion prevention system (IPS) profile signature settings shown in the exhibit.
What do you conclude when adding the FTP.Login.Failed signature to the IPS sensor profile?
(Choose one answer)
- A. Traffic matching the signature will be allowed and logged.
- B. The signature setting uses a custom rating threshold.
- C. The signature setting includes a group of other signatures.
- D. Traffic matching the signature will be silently dropped and logged.
Question #55
The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile.
Which order must FortiGate use when the web filter profile has features such as safe search enabled?
(Choose one answer)
- A. FortiGuard category filter and rating filter
- B. Static domain filter, SSL inspection filter, and external connectors filters
- C. DNS-based web filter and proxy-based web filter
- D. Static URL filter, FortiGuard category filter, and advanced filters
Question #56
Refer to the exhibit.
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 failed to come up. The administrator has also re-entered the pre shared key on both FortiGate devices to make sure they match.Based on the phase 1 configuration and the diagram shown in the exhibit,
which two configuration changes can the administrator make to bring phase 1 up?
(Choose two answers)
- A. On HQ-FortiGate, disable Diffie-Helman group 2
- B. On Remote-FortiGate, set port2 as Interface.
- C. On both FortiGate devices, set Dead Peer Detection to On Demand
- D. On HQ-FortiGate, set IKE mode to Main (ID protection).
Question #57
Which three methods are used by the collector agent for AD polling? (Choose three answers)
- A. WinSecLog
- B. WMI
- C. NetAPI
- D. FSSO REST API
- E. FortiGate polling
Question #58
What are two features of collector agent advanced mode? (Choose two answers)
- A. In advanced mode, FortiGate can be configured as an LDAP client and group filters can be configured on FortiGate.
- B. Advanced mode supports nested or inherited groups
- C. In advanced mode, security profiles can be applied only to user groups, not individual users
- D. Advanced mode uses the Windows convention ”NetBios: Domain\Username
Question #59
An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings.
What is true about the DNS connection to a FortiGuard server?
(Choose one answer)
- A. It uses UDP 8888
- B. It uses DNS over HTTPS
- C. It uses DNS over TLS
- D. It uses UDP 53
Question #60
Refer to the exhibits.
FGT-1 and FGT-2 are updated with HA configuration commands shown in the exhibit.
What would be the expected outcome in the HA cluster?
(Choose one answer)
- A. FGT-1 will remain the primary because FGT-2 has lower priority.
- B. FGT-2 will take over as the primary because it has the override enable setting and higher priority than FGT-1.
- C. FGT-1 will synchronize the override disable setting with FGT-2.
- D. The HA cluster will become out of sync because the override setting must match on all HA members.
Which inspection mode does FortiGate use for application profiles if it is configured as a profilebased next-generation firewall (NGFW)? (Choose one answer)