● FCP - FortiGate 7.4 Administrator Exam Materials

Please note that the exam "FCP - FortiGate 7.4 Administrator Exam " is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 4 - FortiOS 7.6 Exam"

The new exam version is available on Brave-Dumps and can be purchased.



Question #61
Comment Image Comment Image Comment Image

Which two statements explain antivirus scanning modes? (Choose two answers)

  • A. In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.
  • B. In flow-based inspection mode files bigger than the buffer size are scanned
  • C. In proxy-based inspection mode files bigger than the buffer size are scanned
  • D. In proxy-based inspection mode antivirus scanning buffers the whole file for scanning, before sending it to the client

Question #62
Comment Image Comment Image Comment Image

Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate? (Choose one answer)

  • A. Internet Service Database (ISDB) engine
  • B. Intrusion prevention system engine
  • C. Antivirus engine
  • D. Application control engine

Question #63
Comment Image Comment Image Comment Image

An administrator configured the web filtering profile shown in the exhibit to block access to all social networking sites except Twitter. However, when users try to access twitter.com, they are redirected to a FortiGuard web filtering block page.

Based on the exhibit, which configuration change can the administrator make to allow Twitter while blocking all other social networking sites? (Choose one answer)

  • A. On the Static URL Filter configuration set Type to Simple
  • B. On the FortiGuard Category Based Filter configuration set Action to Warning for Social Networking
  • C. On the Static URL Filter configuration set Action to Monitor
  • D. On the Static URL Filter configuration set Action to Exemp

Question #64
Comment Image Comment Image Comment Image

Which three CLI commands, can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three answers)

  • A. execute ping
  • B. execute traceroute
  • C. diagnose sys top
  • D. get system arp
  • E. diagnose sniffer packet any

Question #65
Comment Image Comment Image Comment Image

Which statement is correct regarding the use of application control for inspecting web applications? (Choose one answer)

  • A. Application control can identify child and parent applications, and perform different actions on them
  • B. Application control signatures are included in Fortinet Antivirus engine
  • C. Application control does not display a replacement message for a blocked web application
  • D. Application control does not require SSL Inspection to Identity web applications

Question #66
Comment Image Comment Image Comment Image

An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when there is outbound traffic but no response from the peer.

Which DPD mode on FortiGate meets this requirement? (Choose one answer)

  • A. On Demand
  • B. On Idle
  • C. Disabled
  • D. Enabled

Question #67
Comment Image Comment Image Comment Image

Refer to the exhibits,

which show a diagram of a FortiGate device connected to the network. VIP object configuration, and the firewall policy configuration.

The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port3) interface has the IP address 10.0.1.254/24.

If the host 10.200.3.1 sends a TCP SYN packet on port 8080 to 10.200.1.10, what will the source address, destination address, and destination port of the packet be at the time FortiGate forwards the packet to the destination? (Choose one answer)

  • A. 10.0.1.254, 10.200.1.10, and 8080, respectively
  • B. 10.0.1.254, 10.0.1.10, and 80, respectively
  • C. 10.200.3.1, 10.0.1.10, and 80, respectively
  • D. 10.200.3.1, 10.0.1.10, and 8080, respectively

Question #68
Comment Image Comment Image Comment Image

Which two attributes are required on a certificate so it can be used as a CA certificate on SSL inspection? (Choose two answers)

  • A. The issuer must be a public CA
  • B. The CA extension must be set to TRUE
  • C. The Authority Key Identifier must be of type SSL
  • D. The keyUsage extension must be set to keyCertSign.

Question #69
Comment Image Comment Image Comment Image

Which two statements are true about the FGCP protocol? (Choose two answers)

  • A. FGCP is not used when FortiGate is in transparent mode
  • B. FGCP elects the primary FortiGate device
  • C. FGCP is used to discover FortiGate devices in different HA groups
  • D. FGCP runs only over the heartbeat links

Question #70
Comment Image Comment Image Comment Image

Refer to the exhibit which contains a RADIUS server configuration.

An administrator added a configuration for a new RADIUS server. While configuring, the administrator selected the Include in every user group option.

What is the impact of using the Include in every user group option in a RADIUS configuration? (Choose one answer)

  • A. This option places the RADIUS server, and all users who can authenticate against that server, into every FortiGate user group
  • B. This option places all users into every RADIUS user group, including groups that are used for the LDAP server on FortiGate
  • C. This option places all FortiGate users and groups required to authenticate into the RADIUS server, which, in this case is FortiAuthenticator
  • D. This option places the RADIUS server, and all users who can authenticate against that server, into every RADIUS group