Boost up Your Certification Score

Fortinet
FCP_FGT_AD-7.4
FCP - FortiGate 7.4 Administrator

For More Information – Visit link below:

https://www.examsboost.com/
Product Version
 Up to Date products, reliable and verified.
 Questions and Answers in PDF Format.

Visit us at: https://www.examsboost.com/test/fcp-fgt-ad-7-4

 Latest Version: 7.0
Question: 1
Refer to the exhibit.

Which two statements are true about the routing entries in this database table? (Choose two.)

A. All of the entries in the routing database table are installed in the FortiGate routing table.
B. The port2 interface is marked as inactive.
C. Both default routes have different administrative distances.
D. The default route on porc2 is marked as the standby route.

Answer: C, D
Explanation:
The routing table in the exhibit shows two default routes (0.0.0.0/0) with different administrative
distances:
The default route through port2 has an administrative distance of 20.
The default route through port1 has an administrative distance of 10.
Administrative distance determines the priority of the route; a lower value is preferred. Here, the route
through port1 with an administrative distance of 10 is the preferred route. The route through port2 with
an administrative distance of 20 acts as a standby or backup route. If the primary route (port1) fails or is
unavailable, traffic will then be routed through port2.
Regarding the statement that the port2 interface is marked as inactive, there is no indication in the

Visit us at: https://www.examsboost.com/test/fcp-fgt-ad-7-4

routing table that port2 is inactive. Similarly, all the routes displayed are not necessarily installed in the
FortiGate routing table, as the table could include both active and backup routes.
Reference:
FortiOS 7.4.1 Administration Guide: Default route configuration
FortiOS 7.4.1 Administration Guide: Routing table explanation

Question: 2
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when
SSL certificate inspection is enabled? (Choose three.)

A. The host field in the HTTP header.

B. The server name indication (SNI) extension in the client hello message.
C. The subject alternative name (SAN) field in the server certificate.
D. The subject field in the server certificate.
E. The serial number in the server certificate.

Answer: B, C, D
Explanation:
When SSL certificate inspection is enabled on a FortiGate device, the system uses the following three
pieces of information to identify the hostname of the SSL server:
Server Name Indication (SNI) extension in the client hello message (B): The SNI is an extension in the
client hello message of the SSL/TLS protocol. It indicates the hostname the client is attempting to
connect to. This allows FortiGate to identify the server's hostname during the SSL handshake.
Subject Alternative Name (SAN) field in the server certificate (C): The SAN field in the server certificate
lists additional hostnames or IP addresses that the certificate is valid for. FortiGate inspects this field to
confirm the identity of the server.
Subject field in the server certificate (D): The Subject field contains the primary hostname or domain
name for which the certificate was issued. FortiGate uses this information to match and validate the
server’s identity during SSL certificate inspection.
The other options are not used in SSL certificate inspection for hostname identification:
Host field in the HTTP header (A): This is part of the HTTP request, not the SSL handshake, and is not
used for SSL certificate inspection.
Serial number in the server certificate (E): The serial number is used for certificate management and
revocation, not for hostname identification.
Reference
FortiOS 7.4.1 Administration Guide - SSL/SSH Inspection, page 1802.
FortiOS 7.4.1 Administration Guide - Configuring SSL/SSH Inspection Profile, page 1799.

Question: 3
Refer to the exhibit.

Visit us at: https://www.examsboost.com/test/fcp-fgt-ad-7-4

Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?

A. All traffic from a source IP to a destination IP is sent to the same interface.

B. Traffic is sent to the link with the lowest latency.
C. Traffic is distributed based on the number of sessions through each interface.
D. All traffic from a source IP is sent to the same interface

Answer: A
Explanation:
For traffic that does not match any of the defined SD-WAN rules, the default implicit SD-WAN rule is
applied. By default, the FortiGate uses a "source-destination IP-based" algorithm, which means all traffic
from a specific source IP to a specific destination IP is sent through the same interface. This ensures that
a consistent path is used for traffic between the same source and destination IP addresses. Options B, C,
and D do not apply because the default algorithm does not prioritize by latency, session count, or source
IP alone.
Reference:
FortiOS 7.4.1 Administration Guide: SD-WAN Load Balancing Algorithms

Question: 4
A network administrator is configuring an IPsec VPN tunnel for a sales employee travelling abroad.
Which IPsec Wizard template must the administrator apply?

A. Remote Access
B. Site to Site
C. Dial up User
D. iHub-and-Spoke

Answer: A
Explanation:
For configuring an IPsec VPN tunnel for a sales employee traveling abroad, the "Remote Access"
template is the most appropriate choice. This template is designed to allow remote users to securely

Visit us at: https://www.examsboost.com/test/fcp-fgt-ad-7-4

connect to the internal network of an organization from any location using FortiClient or a compatible
client. The other options, such as "Site to Site," "Dial up User," and "iHub-and-Spoke," are used for
connecting different networks or sites, not individual remote users.
Reference:
FortiOS 7.4.1 Administration Guide: IPsec Wizard Template Types

Question: 5
Refer to the exhibits, which show the system performance output and the default configuration of high
memory usage thresholds in a FortiGate.

Based on the system performance output, what can be the two possible outcomes? (Choose two.)

A. FortiGate will start sending all files to FortiSandbox for inspection.

B. FortiGate has entered conserve mode.
C. Administrators cannot change the configuration.
D. Administrators can access FortiGate onlythrough the console port.

Answer: B, D
Explanation:

Visit us at: https://www.examsboost.com/test/fcp-fgt-ad-7-4

Based on the system performance output provided, the memory usage on the FortiGate device is at
90%, which is above the green threshold (82%) but below the red threshold (88%). Given this high
memory usage, the FortiGate device will enter "conserve mode" to prevent further resource exhaustion.
In conserve mode:
B . FortiGate has entered conserve mode: When the memory usage reaches or exceeds certain
thresholds (in this case, the green and red thresholds), the FortiGate enters conserve mode to protect
itself from running out of memory entirely. This mode limits some functionalities to reduce memory
usage and avoid a potential system crash.
D . Administrators can access FortiGate only through the console port: During conserve mode,
administrative access might be restricted, and administrators may only be able to connect to the device
via the console port. This restriction is in place to ensure that the FortiGate can be managed directly,
even under low resource conditions.
The other options are not correct:
A . FortiGate will start sending all files to FortiSandbox for inspection: This is unrelated to memory usage
and conserve mode.
C . Administrators cannot change the configuration: While access may be limited, configuration changes
can still be made via the console port.
Reference
FortiOS 7.4.1 Administration Guide - Monitoring System Resources and Performance, page 325.
FortiOS 7.4.1 Administration Guide - Conserve Mode, page 330.

Visit us at: https://www.examsboost.com/test/fcp-fgt-ad-7-4

 Thank You for Trying Our Product

For More Information – Visit link below:

https://www.examsboost.com/
15 USD Discount Coupon Code:
G74JA8UF

FEATURES

 90 Days Free Updates

 Money Back Pass Guarantee
 Instant Download or Email Attachment
 24/7 Live Chat Support
 PDF file could be used at any Platform
 50,000 Happy Customer

Visit us at: https://www.examsboost.com/test/fcp-fgt-ad-7-4