Fortinet FCP_FGT_AD-7.4 Practice Exams
Last updated on Mar 31,2025- Exam Code: FCP_FGT_AD-7.4
- Exam Name: FCP - FortiGate 7.4 Administrator
- Certification Provider: Fortinet
- Latest update: Mar 31,2025
NGFW mode allows policy-based configuration for most inspection rules.
Which security profile’s configuration does not change when you enable policy-based inspection?
- A . Web filtering
- B . Antivirus
- C . Web proxy
- D . Application control
View the exhibit.
Which two behaviors result from this full (deep) SSL configuration? (Choose two.)
- A . The browser bypasses all certificate warnings and allows the connection.
- B . A temporary trusted FortiGate certificate replaces the server certificate, even when the server certificate is untrusted.
- C . A temporary trusted FortiGate certificate replaces the server certificate when the server certificate is trusted.
- D . A temporary untrusted FortiGate certificate replaces the server certificate when the server certificate is untrusted.
Which two statements correctly describe the differences between IPsec main mode and IPsec aggressive mode? (Choose two.)
- A . The first packet of aggressive mode contains the peer ID, while the first packet of main mode does not.
- B . Main mode cannot be used for dialup VPNs, while aggressive mode can.
- C . Aggressive mode supports XAuth, while main mode does not.
- D . Six packets are usually exchanged during main mode, while only three packets are exchanged during aggressive mode.
Refer to the exhibit.
The exhibit shows the IPS sensor configuration.
If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)
- A . The sensor will allow attackers matching the NTP.Spoofed.KoD.DoS signature.
- B . The sensor will block all attacks aimed at Windows servers.
- C . The sensor will reset all connections that match these signatures.
- D . The sensor will gather a packet log for all matched traffic.
Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)
- A . FortiSIEM
- B . FortiCloud
- C . FortiCache
- D . FortiSandbox
- E . FortiAnalyzer
Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)
- A . FortiSIEM
- B . FortiCloud
- C . FortiCache
- D . FortiSandbox
- E . FortiAnalyzer
Which three methods are used by the collector agent for AD polling? (Choose three.)
- A . WMI
- B . Novell API
- C . WinSecLog
- D . NetAPI
- E . FortiGate polling
Which two statements about the application control profile mode are true? (Choose two.)
- A . It uses flow-based scanning techniques, regardless of the inspection mode used.
- B . It cannot be used in conjunction with IPS scanning.
- C . It can be selected in either flow-based or proxy-based firewall policy.
- D . It can scan only unsecure protocols.
Which two settings are required for SSL VPN to function between two FortiGate devices? (Choose two.)
- A . The client FortiGate requires a manually added route to remote subnets.
- B . The client FortiGate requires a client certificate signed by the CA on the server FortiGate.
- C . The server FortiGate requires a CA certificate to verify the client FortiGate certificate.
- D . The client FortiGate requires the SSL VPN tunnel interface type to connect SSL VPN.
What is eXtended Authentication (XAuth)?
- A . It is an IPsec extension that forces remote VPN users to authenticate using their local ID.
- B . It is an IPsec extension that forces remote VPN users to authenticate using their credentials (username and password).
- C . It is an IPsec extension that authenticates remote VPN peers using a pre-shared key.
- D . It is an IPsec extension that authenticates remote VPN peers using digital certificates.