ERASED TEST, YOU MAY BE INTERESTED ON FCP_FGT_AD-7.4: Fortinet FCP 6/6
COMMENTS |
STATISTICS |
RECORDS
|
|---|
TAKE THE TEST
|
Title of test:
FCP_FGT_AD-7.4: Fortinet FCP 6/6 Description: teste 25 questões FCP Author: darksider Other tests from this author Creation Date: 31/08/2024 Category: Fans Number of questions: 25 |
Share the Test:
New Comment
No comments about this test.
Content:
|
What will happen when the Action option in the firewall policy is set to Learn? Blocks all traffic through the firewall policy. Hidden security profiles are enabled. All services in firewall policy are enabled. Automatically adjusts firewall rules based on traffic patterns. The exhibit shows a CLI output of firewall policies, proxy policies, and proxy addresses. How does FortiGate process the traffic sent to http://www.fortinet.com? Traffic will not be redirected to the transparent proxy and it will be allowed by firewall policy ID 1. Traffic will be redirected to the transparent proxy and it will be denied by the proxy implicit deny policy. Traffic will be redirected to the transparent proxy and it will be allowed by proxy policy ID 3. Traffic will be redirected to the transparent proxy and It will be allowed by proxy policy ID 1. Which statement is correct regarding the use of application control for inspecting web applications? Application control signatures are organized in a nonhierarchical structure. Application control does not display a replacement message for a blocked web application. Application control does not require SSL inspection to identify web applications. Application control can identify child and parent applications, and perform different actions on them. Which two statements are correct about NGFW Policy-based mode? (Choose two.) NGFW policy-based mode policies support only flow inspection NGFW policy-based mode does not require the use of central source NAT policy NGFW policy-based mode supports creating applications and web filtering categories directly in a firewall policy NGFW policy-based mode can only be applied globally and not on individual VDOMs. Refer to the exhibit, which contains a static route configuration. An administrator created a static route for Amazon Web Services. What CLI command must the administrator use to view the route? get router info routing-table database get internet service route list diagnose firewall proute list get router info routing-table all. What statement is true regarding the Service setting in a firewall policy? Administrators cannot create custom services objects. Only one service object can be added to the firewall policy. It matches the traffic by port number. it is optional to add a service in a firewall policy. Which Security rating scorecard helps identify configuration weakness and best practice violations in your network? Optimization Automated Response Fabric Coverage Security Posture. Which statements about SSL-VPN timers are correct? The login timeout is a non-customizable hard value. SSL-VPN timers reset with each user activity. SSL-VPN timers can avoid logouts when SSL-VPN users experience long network latency. SSL-VPN timers are the same for all users and cannot be adjusted. Which two statements are true about the RPF check? (Choose two.) The RPF check is run on the first sent and reply packet of any new session. The RPF check is run on the first reply packet of any new session. RPF is a mechanism that protects FortiGuard and your network from IP spoofing attacks. The RPF check is run on the first sent packet of any new session. Which statement about the configuration settings is true? When a remote user accesses http://10.200.1.1:443, the SSL-VPN login page opens. When a remote user accesses https://10.200.1.1:443, the SSL-VPN login page opens. The settings are invalid. The administrator settings and the SSL-VPN settings cannot use the same port. When a remote user accesses https://10.200.1.1:443, the FortiGate login page opens. An administrator wants to configure a FortiGate as a DNS server. FotiGate must use a DNS database first, and then relay all irresolvable queries to an external DNS server. Which DNS method must you use? Forward to primary and secondary DNS Forward to system DNS Non-recursive Recursive. Users who use Apple FaceTime video conferences are unable to set up meetings. In this scenario, which statement is true? The category of Apple FaceTime is being monitored. Apple FaceTime belongs to the custom monitored filter. The category of Apple FaceTime is being blocked. Apple FaceTime belongs to the custom blocked filter. The exhibit contains a proxy address that an administrator created to block HTTP uploads. Where must the proxy address be used? As the destination in a proxy policy As the destination in a firewall policy As the source in a proxy policy As the source in a firewall policy. When a firewall policy is created, which attribute is added to the policy to support recording logs to a FortiAnalyzer or a FortiManager and improves functionality when a FortiGate is integrated with these devices? Log ID Universally Unique Identifier Policy ID Sequence ID. Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.) ping DNS TWAMP udp-echo. Which of the following protocols can you use for secure administrative access to a FortiGate? (Choose two.) SSH Telnet HTTPS FortiTelemetry. Which firewall authentication methods does FortiGate support? (Choose three.) Local password authentication Two-factor authentication Biometric authentication Server-based password authentication Out-of-band authentication. What is the expected behavior when the Stop policy routing action is used in a policy route? FortiGate will drop the traffic immediately. FortiGate will skip over this policy route and try to match another in the list. FortiGate will route the traffic based on the regular routing table. FortiGate will reroute the traffic to a predefined backup route. For full SSL inspection, which configuration requires FortiGate to act as a CA? Unencrypted HTTP traffic Multiple clients connecting to multiple servers Direct peer-to-peer file transfers Protecting the SSL server. Which statements about captive portal is true? Captive portal requires an external server to function. Captive portal must be hosted on a FortiGate device. Captive portal can exempt specific devices from authenticating. Captive portal can only be used with wireless networks. The exhibits show the IPS sensor and DoS policy configuration. When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first? IMAP.Login.Brute.Force Location: server Protocol:SMTP ip_src_session SMTP.Login.Brute.Force. Which chipset uses NTurbo to accelerate IPS sessions? NP6 FortiASIC SoC3 CP9. Which three statements about a flow-based antivirus profile are correct? (Choose three.) If the virus is detected, the last packet is delivered to the client. IPS engine handles the process as a standalone. Optimized performance compared to proxy-based inspection. Flow-based inspection uses a hybrid of scanning modes available in proxy-based inspection. FortiGate buffers the whole file but transmits to the client simultaneously. In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit. What should the administrator do next to troubleshoot the problem? Execute a debug flow. Run a sniffer on the web server. Execute another sniffer in the FortiGate, this time with the filter "host 10.0.1.10" Capture the traffic using an external sniffer connected to port1. Which of the following statements about route-based VPN is correct? Route-based VPNs are incompatible with IPsec. It usually requires two firewall policies—one for each direction. One policy controls both traffic directions. Route-based VPNs do not support dynamic routing protocols. |
Report abuse