Fortinet FCP_FGT_AD-7.4 Exam Practice Test Instant Access

Question 1

Which three methods are used by the collector agent for AD polling? (Choose three.)

AWinSecLog

BWMI

CNetAPI

DFSSO REST API

EFortiGate polling

Answer : A, B, C

The Fortinet Single Sign-On (FSSO) Collector Agent supports three primary methods for Active Directory (AD) polling to collect user information:

WinSecLog: Monitors Windows Security Event Logs for login events.

WMI: Uses Windows Management Instrumentation to poll user login sessions.

NetAPI: Utilizes the Netlogon API to query domain controllers for user session data.

These methods allow the FortiGate to gather user logon information and enforce user-based policies effectively.

FortiOS 7.4.1 Administration Guide: FSSO Configuration

Question 2

Which two statements about equal-cost multi-path (ECMP) configuration on FortiGate are true? (Choose two.)

AIf SD-WAN is enabled, you control the load balancing algorithm with the parameter load-balance-mode.

BIf SD-WAN is disabled, you can configure the parameter v4-ecmp-mode to volume-based.

CIf SD-WAN is enabled, you can configure routes with unequal distance and priority values to be part of ECMP

DIf SD-WAN is disabled, you configure the load balancing algorithm in config system settings.

Answer : A, D

When SD-WAN is enabled on FortiGate, the load balancing algorithm for Equal-Cost Multi-Path (ECMP) is configured using the load-balance-mode parameter under SD-WAN settings. However, if SD-WAN is disabled, the ECMP load balancing algorithm can be configured under config system settings. This flexibility allows FortiGate to control traffic routing behavior based on the network configuration and requirements.

FortiOS 7.4.1 Administration Guide: ECMP Configuration

Question 3

Which two statements explain antivirus scanning modes? (Choose two.)

AIn flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.

BIn flow-based inspection mode files bigger than the buffer size are scanned

CIn proxy-based inspection mode files bigger than the buffer size are scanned

DIn proxy-based inspection mode antivirus scanning buffers the whole file for scanning, before sending it to the client

Answer : A, D

In flow-based inspection mode, FortiGate buffers the file, but also simultaneously transmits it to the client.

Flow-based inspection allows real-time scanning of files as they are being transmitted, with minimal impact on performance.

In proxy-based inspection mode antivirus scanning buffers the whole file for scanning, before sending it to the client.

Proxy-based inspection mode holds the file completely, scans it for threats, and only sends the file to the client if no threats are detected.

Question 4

Refer to the exhibit.

The administrator configured SD-WAN rules and set the FortiGate traffic log page to display SD-WAN-specific columns: SD-WAN Quality and SD-WAN Rule Name.

FortiGate allows the traffic according to policy ID 1. This is the policy that allows SD-WAN traffic.

Despite these settings the traffic logs do not show the name of the SD-WAN rule used to steer those traffic flows.

What can be the reason?

AFortiGate load balanced the traffic according to the implicit SD-WAN rule.

BThere is no application control profile applied to the firewall policy.

CDestination in the SD-WAN rules are configured per application but the feature visibility is not enabled.

DSD-WAN rule names do not appear immediately. The administrator needs to refresh the page.

Answer : A

If the SD-WAN traffic logs do not show the specific SD-WAN rule name, it likely means that FortiGate is using the default or implicit SD-WAN rule to balance traffic. The implicit rule comes into effect when no explicit SD-WAN rule is matched, and as a result, the SD-WAN rule name is not displayed in the logs. The default behavior is to load balance the traffic across available interfaces based on SD-WAN strategy.

Question 5

Which two statements are correct when FortiGate enters conserve mode? (Choose two.)

AFortiGate halts complete system operation and requires a reboot to regain available resources

BFortiGate refuses to accept configuration changes

CFortiGate continues to run critical security actions, such as quarantine.

DFortiGate continues to transmit packets without IPS inspection when the fail-open global setting in IPS is enabled

Answer : B, D

Question 6

FortiGate is operating in NAT mode and has two physical interfaces connected to the LAN and DMZ networks respectively.

Which two statements are true about the requirements of connected physical interfaces on FortiGate? (Choose two.)

ABoth interfaces must have the interface role assigned

BBoth interfaces must have directly connected routes on the routing table

CBoth interfaces must have DHCP enabled

DBoth interfaces must have IP addresses assigned

Answer : B, D

Both interfaces must have directly connected routes on the routing table

In NAT mode, each interface must have a corresponding entry in the routing table, typically as a directly connected route, to route traffic between them effectively.

Both interfaces must have IP addresses assigned

In NAT mode, each interface must have an IP address to participate in routing and NAT operations. The IP addresses allow the FortiGate to forward traffic between different network segments.

Question 7

Which statement about the deployment of the Security Fabric in a multi-VDOM environment is true?

ADownstream devices can connect to the upstream device from any of their VDOMs

BEach VDOM in the environment can be part of a different Security Fabric

CVDOMs without ports with connected devices are not displayed in the topology

DSecurity rating reports can be run individually for each configured VDOM

Answer : C

'When you configure FortiGate devices in multi-vdom mode and add them to the Security Fabric, each VDOM with its assigned ports is displayed when one or more devices are detected. Only the ports with discovered and connected devices appear in the Security Fabric view and, because of this, you must enable Device Detection on ports you want to have displayed in the Security Fabric. VDOMs without ports with connected devices are not displayed. All VDOMs configured must be part of a single Security Fabric.'

Fortinet FCP - FortiGate 7.4 Administrator FCP_FGT_AD-7.4 Exam Practice Test