FortiGate 7.4 Administrator Sample Questions: Attempt review https://training.fortinet.com/mod/quiz/review.php?attempt=1928575...

1 of 8 2024/06/13, 15:35
FortiGate 7.4 Administrator Sample Questions: Attempt review https://training.fortinet.com/mod/quiz/review.php?attempt=1928575...

FCP - FortiGate 7.4 Administrator Sample Questions

Started on Thursday, June 13, 2024, 2:28 PM
State Finished
Completed on Thursday, June 13, 2024, 2:35 PM
Time taken 7 mins 5 secs
Points 22/22
Grade 100 out of 100
Feedback Congratulations, you passed!

Question 1
Correct

1 points out of 1

Refer to the exhibit.

A user at 192.168.32.15 is trying to access the web server at 172.16.32.254.

Which two statements best describe how the FortiGate will perform reverse path forwarding (RPF) checks on this traffic? (Choose two.)

Select one or more:

Loose RPF check will deny the traffic.
Loose RPF check will allow the traffic.
Strict RPF check will allow the traffic.
Strict RPF check will deny the traffic.

Question 2
Correct

1 points out of 1

Which three methods can you use to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.)

Select one or more:

FortiToken Mobile
Instant message app
Email
SMS text message
Voicemail message

Question 3
Correct

2 of 8 2024/06/13, 15:35
FortiGate 7.4 Administrator Sample Questions: Attempt review https://training.fortinet.com/mod/quiz/review.php?attempt=1928575...

1 points out of 1

Which statement best describes the role of a DC agent in an FSSO DC agent mode solution?

Select one:
It captures the user IP address and workstation name and forwards them to FortiGate.
It captures the login and logoff events and forwards them to the collector agent.
It captures the login events and forwards them to FortiGate.
It captures the login events and forwards them to the collector agent.

Question 4

Correct

1 points out of 1

What is the common feature shared between IPv4 and SD-WAN ECMP algorithms?

Select one:
Both control ECMP algorithms.
Both support volume algorithms.
Both can be enabled at the same time.
Both use the same physical interface load balancing settings.

Question 5

Correct

1 points out of 1

Which statement about firewall policy NAT is true?

Select one:
DNAT is not supported.
SNAT can automatically apply to multiple firewall policies, based on SNAT policies.
DNAT can automatically apply to multiple firewall policies, based on DNAT rules.
You must configure SNAT for each firewall policy.

Question 6

Correct

1 points out of 1

Which NAT method translates the source IP address in a packet to another IP address?

Select one:
IPPOOL
DNAT
VIP
SNAT

Question 7
Correct

1 points out of 1

3 of 8 2024/06/13, 15:35
FortiGate 7.4 Administrator Sample Questions: Attempt review https://training.fortinet.com/mod/quiz/review.php?attempt=1928575...

Which type of traffic inspection requires FortiGate to act as a CA?

Select one:
SSL traffic inspection when protecting a local SSL server.
SSL traffic inspection when protecting multiple clients connecting to multiple servers.
SSL certificate inspection when protecting a local SSL server.
SSL certificate inspection when protecting multiple clients connecting to multiple servers.

Question 8

Correct

1 points out of 1

Which statement about the HA override setting in FortiGate HA clusters is true?

Select one:
You must configure override settings manually and separately for each cluster member.
It reboots FortiGate.
It enables monitored ports.
It synchronizes device priority on all cluster members.

Question 9
Correct

1 points out of 1

Refer to the exhibit.

Which two behaviours result from this full SSL configuration? (Choose two.)

Select one or more:

A temporary trusted FortiGate certificate replaces the server certificate, even when the server certificate is untrusted.
A temporary trusted FortiGate certificate replaces the server certificate when the server certificate is trusted.
A temporary untrusted FortiGate certificate replaces the server certificate when the server certificate is untrusted.
The browser bypasses all certificate warnings and allows the connection.

Question 10
Correct

1 points out of 1

Which two statements correctly describe the differences between IPsec main mode and IPsec aggressive mode? (Choose two.)

Select one or more:

Aggressive mode supports XAuth, while main mode does not.
Six packets are usually exchanged during main mode, while only three packets are exchanged during aggressive mode.
The first packet of aggressive mode contains the peer ID, while the first packet of main mode does not.

4 of 8 2024/06/13, 15:35
FortiGate 7.4 Administrator Sample Questions: Attempt review https://training.fortinet.com/mod/quiz/review.php?attempt=1928575...

Main mode cannot be used for dialup VPNs, while aggressive mode can.

Question 11

Correct

1 points out of 1

An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to the SSL-VPN.
How can this be achieved?

Select one:
Configuring web bookmarks
Disabling split tunneling
Using web-only mode
Assigning public IP addresses to SSL-VPN users

Question 12

Correct

1 points out of 1

Which two IP pool types are useful for carrier-grade NAT deployments? (Choose two.)

Select one or more:

Port block allocation
One-to-one
Overload
Fixed port range

Question 13
Correct

1 points out of 1

What is eXtended Authentication (XAuth)?

Select one:
It is an IPsec extension that forces remote VPN users to authenticate using their local ID.
It is an IPsec extension that authenticates remote VPN peers using a pre-shared key.
It is an IPsec extension that authenticates remote VPN peers using digital certificates.
It is an IPsec extension that forces remote VPN users to authenticate using their credentials (username and password).

Question 14
Correct

1 points out of 1

Which two statements about incoming and outgoing interfaces in firewall policies are true? (Choose two.)

Select one or more:

A zone can be chosen as the outgoing interface.
An incoming interface is mandatory in a firewall policy, but an outgoing interface is optional.
Multiple interfaces can be selected as incoming and outgoing interfaces.
Only the any interface can be chosen as an incoming interface.

5 of 8 2024/06/13, 15:35
FortiGate 7.4 Administrator Sample Questions: Attempt review https://training.fortinet.com/mod/quiz/review.php?attempt=1928575...

Question 15
Correct

1 points out of 1

FortiGate is configured for firewall authentication. When attempting to access an external website, the user is not presented with a login prompt.
What is the most likely reason for this situation?

Select one:
The user is using a super admin account.
The user was authenticated using passive authentication.
No matching user account exists for this user.
The user is using a guest account profile.

Question 16
Correct

1 points out of 1

Which three settings and protocols can be used to provide secure and restrictive administrative access to FortiGate? (Choose three.)

Select one or more:

Trusted authentication
Trusted host
FortiTelemetry
HTTPS
SSH

Question 17
Correct

1 points out of 1

Refer to the exhibit.

Which statement about the configuration settings is true?

Select one:
When a remote user accesses https://10.200.1.1:443, the FortiGate login page opens.

6 of 8 2024/06/13, 15:35
FortiGate 7.4 Administrator Sample Questions: Attempt review https://training.fortinet.com/mod/quiz/review.php?attempt=1928575...

When a remote user accesses https://10.200.1.1:443, the FortiGate login page opens.
The settings are invalid. The administrator settings and the SSL-VPN settings cannot use the same port.
When a remote user accesses https://10.200.1.1:443, the SSL-VPN login page opens.
When a remote user accesses http://10.200.1.1:443, the SSL-VPN login page opens.

Question 18

Correct

1 points out of 1

Which two statements about advanced AD access mode for the FSSO collector agent are true? (Choose two.)

Select one or more:

It uses the Windows convention for naming; that is, Domain\Username.
It supports monitoring of nested groups.
It is only supported if DC agents are deployed.
FortiGate can act as an LDAP client to configure the group filters.

Question 19

Correct

1 points out of 1

What must you configure to enable proxy-based TCP session failover?

Select one:
You do not need to configure anything because all TCP sessions are automatically failed over.
You must configure session-pickup-enable under configure system ha.
You must configure ha-configuration-sync under configure system ha.
You must configure session-pickup-connectionless enable under configure system ha.

Question 20

Correct

1 points out of 1

Which two settings must you configure when FortiGate is being deployed as a root FortiGate in a Security Fabric topology? (Choose two.)

Select one or more:

FortiManager IP address
Fabric name
Pre-authorize downstream FortiGate devices
FortiAnalyzer IP address

Question 21
Correct

1 points out of 1

An administrator needs to create a tunnel mode SSL-VPN to access an internal web server from the internet. The web server is connected to
port1. The internet is connected to port2. Both interfaces belong to the VDOM named Corporation.
What interface must the administrator use as the source for the firewall policy that will allow this traffic?

Select one:
ssl.root

7 of 8 2024/06/13, 15:35
FortiGate 7.4 Administrator Sample Questions: Attempt review https://training.fortinet.com/mod/quiz/review.php?attempt=1928575...

port1

port2

ssl.Corporation

Question 22

Correct

1 points out of 1

Refer to the exhibit.

Which route will be selected when trying to reach 10.20.30.254?

Select one:
10.30.20.0/24 [10/0] via 172.20.121.2, port1, [1/0]

0.0.0.0/0 [10/0] via 172.20.121.2, port1, [1/0]

10.20.30.0/24 [10/0] via 172.20.167.254, port3, [1/0]

10.20.30.0/26 [10/0] via 172.20.168.254, port2, [1/0]

8 of 8 2024/06/13, 15:35