FCP_FGT_AD-7.4: Fortinet FCP 1/6

A remote LDAP user is trying to authenticate with a user name and password. How does FortiGate verify the login credentials?. Delegating authentication to a third-party server unrelated to LDAP is not the standard process for LDAP authentication on FortiGate. LDAP authentication is specifically meant to interface with an LDAP server. FortiGate queries its own database for user credentials. FortiGate sends the user entered credentials to the remote server for verification. Authentication performed locally on the user's machine without verification by FortiGate would not be secure. FortiGate needs to verify credentials against an LDAP server or its own database to ensure security and proper access control.

What types of information are stored in the crash log?. User authentication and access control events. Process crashes and conserve mode events. Traffic logs and security logs. Regular configuration changes and updates.

Which two statements about NTLM authentication are correct?. It requires DC agents on every domain controller when used in multidomain environments. It takes over as the primary authentication method when configured alongside FSSO. It is useful when users log in to DCs that are not monitored by a collector agent. It requires NTLM-enabled web browsers.

When does the FortiGate enter into fail-open session mode?. When memory usage goes above the extreme threshold. When memory usage goes above the red threshold. When a proxy (for proxy-based inspection) runs out of connections. When CPU usage goes above the red threshold.

How does FortiGate load balance traffic when using the spillover method in ECMP routing?. Traffic is directed to a single primary interface until it fails. Sessions are distributed randomly without any specific criteria. Sessions are distributed based on interface threshold. Sessions are distributed based on route weight.

How is traffic handled in a virtual wire pair?. Traffic is forwarded based on the destination MAC address. Traffic is inspected and modified by the device before forwarding. Traffic is routed based on IP addresses and routing tables. Incoming traffic to one interface is always forwarded out through the other interface.

What antivirus database does quick scan mode use?. Extended. Custom. Full. Compact.

What is a more accurate description of a modern firewall?. A simple, standalone system used primarily for blocking or allowing specific websites and services. A device solely dedicated to filtering inbound and outbound Internet traffic based on IP addresses and ports. A multi-functional device that inspects network traffic from the perimeter or internally, within a network that has many different entry points. A device that inspects network traffic at an entry point to the Internet and within a simple, easily-defined network perimeter.

Which statement regarding the firewall policy authentication timeout is true?. It is a hard timeout. The FortiGate removes the temporary policy for a user’s source IP address after this timer has expired. It is an idle timeout. The FortiGate considers a user to be "idle" if it does not see any packets coming from the user's source IP. It is a hard timeout. The FortiGate removes the temporary policy for a user’s source MAC address after this timer has expired. It is an idle timeout. The FortiGate considers a user to be “idle” if it does not see any packets coming from the user’s source MA.

Which certificate value can FortiGate use to determine the relationship between the issuer and the Certificate?. Subject Key Identifier value. Subject Alternative Name value. SMMIE Capabilitiesvalue. Subject value.

What will happen to unauthenticated users when an active authentication policy is followed by a fall through policy without authentication?. User authentication happens at an interface level. The user will be denied access to resources without authentication. The user must log in again to authenticate. The user will not be prompted for authentication.

In which encapsulation mode is the original IP header protected?. Hybrid mode. Multiplexing mode. Transport mode. Tunnel mode.

Which FortiGate interface does source device type enable device detection on?. Destination interface of the firewall policy only. Source interface of the firewall policy only. All interfaces of FortiGate. Both source interface and destination interface of the firewall policy.

Which two inspection modes can you use to configure a firewall policy on a profile-based next-generation firewall (NGFW)? (Choose two.). Proxy-based inspection. Flow-based inspection. Certificate inspection. Full Content inspection.

What devices form the core of the security fabric?. Two FortiGate devices and one FortiAnalyzer device. Two FortiGate devices and one FortiManager device. One FortiGate device and one FortiAnalyzer device. One FortiGate device and one FortiManager device.

Which method would be used for advanced application tracking and control?. Application layer gateway. Deep packet inspection. Traffic shaping. Session helper.

Which two statements about advanced AD access mode for the FSSO collector agent are true? (Choose two.). FortiGate can act as an LDAP client to configure the group filters. It supports monitoring of nested groups. It is only supported if DC agents are deployed. It uses the Windows convention for naming; that is, Domain\Username.

On FortiGate, which type of logs record information about traffic directly to and from the FortiGate management IP addresses?. Forward traffic logs. System event logs. Security logs. Local traffic logs.

Which two types of traffic are managed only by the management VDOM? (Choose two.). FortiGuard web filter queries. PKI. DNS. Traffic shaping.

If Internet Service is already selected as Source in a firewall policy, which other configuration objects can be added to the Source filed of a firewall policy?. IP address. FQDN address. Once Internet Service is selected, no other object can be added. User or User Group.

Which CLI command can be used to diagnose a physical layer problem?. execute ping. get hardware nic. diagnose debug flowtrace. execute traceroute.

Which protocol does FortiGate use to download antivirus and IPS packages?. HTTP. UDP. HTTPS. TCP.

An administrator has a requirement to keep an application session from timing out on port 80. What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.). Set the session TTL on the HTTP policy to maximum. Set the TTL value to never under config system-ttl. Create a new firewall policy with the new HTTP service and place it above the existing HTTP policy. Create a new service object for HTTP service and set the session TTL to never.

Which statement about active authentication is true?. Active authentication does not support HTTPS protocol. Active authentication is used only for VPN connections. Active authentication is always used before passive authentication. The firewall policy must allow the HTTP, HTTPS, FTP, and/or Telnet protocols in order for the user to be prompted for credentials.

Which statement about the document fingerprinting feature in DLP is true?. Document fingerprinting is primarily used for image-based content. You can manually upload files to FortiGate for document fingerprinting. Document fingerprinting only supports text-based documents. Changing the chunk size will flush the entire database of document fingerprinting.

Based on the ZTNA tag, the security posture of the remote endpoint has changed. What will happen to endpoint active ZTNA sessions?. They will be re-evaluated to match the endpoint policy. They will be re-evaluated to match the firewall policy. They will be re-evaluated to match the ZTNA policy. They will be re-evaluated to match the security policy.

Refer to the exhibit. The exhibit shows a diagram of a FortiGate device connected to the network, the firewall policy and VIP configuration on the FortiGate device, and the routing table on the ISP router. When the administrator tries to access the web server public address (203.0.113.2) from the internet, the connection times out. At the same time, the administrator runs a sniffer on FortiGate to capture incoming web traffic to the server and does not see any output. Based on the information shown in the exhibit, what configuration change must the administrator make to fix the connectivity issue?. In the VIP configuration, enable arp-reply. In the firewall policy configuration, enable match-vip. Configure a loopback interface with address 203.0.113.2/32. Enable port forwarding on the server to map the external service port to the internal service port.

A HA failover occurs when the link status of a monitored interface on the goes down. primary FortiGate. non-monitored secondary interface. secondary FortiGate. external backup system.

Which of the following configuration settings are per VDOM settings?. Interface configurations. Inspection mode. Security policies. Host name.

Which three statements are true regarding session-based authentication? (Choose three.). HTTP sessions are treated as a single user. It requires more resources. IP sessions from the same source IP address are treated as a single user. It can differentiate among multiple clients behind the same source IP address. It is not recommended if multiple users are behind the source NAT.

What is the default RPF check method on FortiGate?. Strict. Origin Validation. Loose. Feasible Path.

Examine the exhibit, which shows a firewall policy configured with multiple security profiles. Which two security profiles will be handled by the IPS engine? (Choose two.). Web Filter. AntiVirus. Application Control. IPS.

What TCP port is used to contact to FortiGuard servers for antivirus updates?. 25. 443. 80. 53.

Which of the following statements correctly describes FortiGate’s route lookup behavior when searching for a suitable gateway? (Choose two.). Lookup is done on the last packet sent from the responder. Lookup is done on the trust packet from the session originator. Lookup is done on every packet, regardless of direction. Lookup is done on the trust reply packet from the responder.

How can an administrator configure FortiGate to have four interfaces in the same broadcast domain? Choose one: Create a firewall policy on each of the four interfaces. Assign different VLANs to each of the four interfaces. Set each interface to a different IP subnet. Configure the operation mode as transparent and use the same forward domain ID.

Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.). FortiGate queries AD by using the LDAP to retrieve user group information. FortiGate uses the SMB protocol to read the event viewer logs from the DCs. FortiGate points the collector agent to use a remote LDAP server. FortiGate uses the AD server as the collector agent.

What setting on your firewall policy must you enable to generate logs on traffic sent through that firewall policy?. Real-Time Monitoring. Log Allowed Traffic. Event Logging. Intrusion Prevention System (IPS) logging.

With email alerts, you can trigger alert emails based on ____ or log severity level. User activity. Network traffic volume. event. threat weight.

In FSSO, FortiGate allows network access based on _________. Passive user identification by user ID, IP address, and group membership. Biometric verification. Active user authentication with username and password. Device MAC address filtering.

The exhibit shows the IPS sensor configuration. If traffic matches this IPS sensor, which two actions is the sensor expected to take?. The sensor will block all attacks aimed at Windows servers. The sensor will reset all connections that match these signatures. The sensor will gather a packet log for all matched traffic. The sensor will allow attackers matching the NTP.Spoofed.KoD.DoS signature.

Which method of load balancing is supported by SD-WAN but not supported by ECMP routing?. Sessions. Bandwidth-based. Interface-based. Volume.

Which two statements about IPsec authentication on FortiGate are correct?. Enabling XAuth results in a faster authentication because fewer packets are exchanged. A certificate is not required on the remote peer when you set the signature as the authentication method. FortiGate supports pre-shared key and signature as authentication methods. For a stronger authentication, you can also enable extended authentication (XAuth) to request the remote peer to provide a username and password.

What are two benefits of flow-based inspection compared to proxy-based inspection?. FortiGate allocates two sessions per connection. FortiGate adds less latency to traffic. FortiGate performs a more exhaustive inspection on traffic. FortiGate uses fewer resources.

If antivirus, grayware, and heuristic scans are enabled, in what order are they performed?. Grayware scan, followed by heuristic scan, followed by antivirus scan. Antivirus scan, followed by grayware scan, followed by heuristic scan. All scans are performed simultaneously without any specific order. Heuristic scan, followed by grayware scan, followed by antivirus scan.

How does FortiGate act when using SSL VPN in web mode?. FortiGate acts as an HTTP reverse proxy. FortiGate acts as router. FortiGate acts as an FDS server. FortiGate acts as DNS server.

Which of the following statements about web profile overrides is true?. Overrides are applicable for all users by default. It is used to change the website category. Configured users can activate this setting through an override link on the FortiGuard block page. Web profile overrides are used to temporarily disable web filtering.

If you enable reliable logging, which transport protocol will FortiGate use?. HTTP. TCP. ICMP. UDP.

Consider the topology: Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server. An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout. The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN. What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.). Set the maximum session TTL value for the TELNET service object. Create a new firewall policy and place it above the existing SSLVPN policy for the SSL VPN traffic, and set the new TELNET service object in the policy. Set the session TTL on the SSLVPN policy to maximum, so the idle session timeout will not happen after 90 minutes. Create a new service object for TELNET and set the maximum session TTL.

Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.). The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN. The client FortiGate requires a client certificate signed by the CA on the server FortiGate. The client FortiGate requires a manually added route to remote subnets. Server FortiGate requires a CA certificate to verify the client FortiGate certificate.

Which two statements are correct about a software switch on FortiGate?. It can be configured only when FortiGate is operating in NAT mode. Can act as a Layer 2 switch as well as a Layer 3 router. All interfaces in the software switch share the same IP address. It can group only physical interfaces.