ERASED TEST, YOU MAY BE INTERESTED ON FCP_FGT_AD-7.4: Fortinet FCP 4/6
COMMENTS |
STATISTICS |
RECORDS
|
|---|
TAKE THE TEST
|
Title of test:
FCP_FGT_AD-7.4: Fortinet FCP 4/6 Description: FCP Fortinet test Author: tereusmatheus Other tests from this author Creation Date: 05/09/2024 Category: Competitive Exam Number of questions: 25 |
Share the Test:
New Comment
No comments about this test.
Content:
|
Which statements about IPsec and SSL VPNs are true? IPsec VPNs cannot be established between an end-user workstation and a FortiGate device. SSL-VPNs are not supported between two FortiGate devices. Either an SSL-VPN or an IPsec VPN can be established between an end-user workstation and a FortiGate device. Either an SSL-VPN or an IPsec VPN can be established between two FortiGate devices. Which document should you consult to increase the chances of success before upgrading or downgrading firmware? Technical Specification Document Release Notes System Administration guide User Manual. Which of the following statements is true regarding SSL VPN settings for an SSL VPN portal? By default, split tunneling is enabled. By default, the SSL VPN portal requires the installation of a client's certificate. By default, FortiGate uses WINS servers to resolve names. By default, the admin GUI and SSL VPN portal use the same HTTPS port. Which of the following statements are best practices for troubleshooting FSSO? (Choose two.) Extend timeout timers. Guarantee at least 34 Kbps bandwidth between FortiGate and domain controllers. Ensure all firewalls allow the FSSO required port. Include the group of guest users in a policy. What TCP port is used to contact to FortiGuard servers for antivirus updates? 443 53 80 25. Which statement about the document fingerprinting feature in DLP is true? Document fingerprinting is primarily used for image-based content. Changing the chunk size will flush the entire database of document fingerprinting. You can manually upload files to FortiGate for document fingerprinting. Document fingerprinting only supports text-based documents. Which VPN topology does not allow direct communication between spokes? Dynamic mesh Partial mesh Fully connected mesh Hub-and-spoke. Which of the following static routes are not maintained in the routing table? (Choose two.) Policy routes Named Address routes ISDB routes Dynamic routes. Given the routing database shown in the exhibit, which two statements are correct? (Choose two.) The port1 and port2 default routes are active in the routing table There will be eight routes active in the routing table The port3 default route has the highest distance The port3 default route has the lowest metric. What does a VPN do? Increases the data processing speed of a network Acts as a primary firewall for network security Protects a network from external attacks Extends a private network across a public network. In which operating mode is the software switch function supported? NAT mode Monitor mode Access Point mode Transparent mode. When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request? The public IP address of the FortiGate device. remote user’s public IP address The internal IP address of the FortiGate device. The remote user’s virtual IP address. The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address. An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies. The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication. How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.0.1.10 to the destination http:// www.fortinet.com? (Choose two.) If a Mozilla Firefox browser is used with User-A credentials, the HTTP request will be allowed. If a Google Chrome browser is used with User-B credentials, the HTTP request will be allowed. If a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed. If a Mozilla Firefox browser is used with User-B credentials, the HTTP request will be allowed. Which of the following configuration tasks is correct when implementing SD-WAN? Assign a static IP address to the SD-WAN interface. Configure a default route using the sd-wan virtual interface. Enable DHCP server on SD-WAN member interfaces Configure firewall policies for each individual member interfaces. Refer to the exhibit. The exhibit contains a network diagram, virtual IP, IP pool, and firewall policies configuration. The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port3) interface has the IP address 10.0.1.254./24. The first firewall policy has NAT enabled using IP Pool. The second firewall policy is configured with a VIP as the destination address. Which IP address will be used to source NAT the internet traffic coming from a workstation with the IP address 10.0.1.10? 10.200.1.10 10.200.3.1 10.200.1.100 10.200.1.1. What are two benefits of flow-based inspection compared to proxy-based inspection? (Choose two.) FortiGate uses fewer resources. FortiGate allocates two sessions per connection. FortiGate performs a more exhaustive inspection on traffic. FortiGate adds less latency to traffic. Which two statements about FortiGate FSSO agentless polling mode are true? (Choose two.) FortiGate does not support workstation check. FortiGate directs the collector agent to use a remote LDAP server. FortiGate uses the SMB protocol to read the event viewer logs from the DCs. FortiGate uses the AD server as the collector agent. Which two statements about DNS filter profiles are true? (Choose two.) They can block DNS requests to known botnet command and control servers They can inspect HTTP traffic. They must be applied in firewall policies with SSL inspection enabled They can redirect blocked requests to a specific portal. Which statement about the configuration settings is true? The settings are invalid. The administrator settings and the SSL-VPN settings cannot use the same port. When a remote user accesses https://10.200.1.1:443, the FortiGate login page opens. When a remote user accesses http://10.200.1.1:443, the SSL-VPN login page opens. When a remote user accesses https://10.200.1.1:443, the SSL-VPN login page opens. A web-mode SSL-VPN user connects to a remote web server. What's the source IP address of the HTTP request the web server receives? The FortiGate device's internal IP address The IP address of an unrelated external proxy server The remote user's IP address The IP address of the web server itself. Which statement about SSL-VPN realms is correct? Allow access to different SSL-VPN portals by user groups. SSL-VPN realms are configured at the global level, not per user group. Allow unlimited unament SSL-VPN users. SSL-VPN realms require additional licensing. Which is the correct description of a hash result as it relates to digital certificates? An obfuscation used to mask the input data. An output value that is used to identify the person or deduce that authored the input data. A unique value used to verify the input data An encrypted output value used to safe-guard the input data. What information is synchronized between two FortiGate devices that belong to the same HA cluster? Individual user login sessions Local traffic logs stored on each device Firewall policies and objects FortiGate hostname. To form an HA cluster, all FortiGate devices that will be included in the cluster must have which of the following? The same firmware Different firmware versions The same FortiGate hostname Different FortiGate hostnames. Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.) The client FortiGate requires a manually added route to remote subnets. The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN. Server FortiGate requires a CA certificate to verify the client FortiGate certificate. The client FortiGate requires a client certificate signed by the CA on the server FortiGate. |
Report abuse