Fortinet FCP_FGT_AD-7.4 Practice Exams
Last updated on Apr 01,2025- Exam Code: FCP_FGT_AD-7.4
- Exam Name: FCP - FortiGate 7.4 Administrator
- Certification Provider: Fortinet
- Latest update: Apr 01,2025
Refer to the exhibit showing a debug flow output.
What two conclusions can you make from the debug flow output? (Choose two.)
- A . The debug flow is for ICMP traffic.
- B . The default route is required to receive a reply.
- C . A new traffic session was created.
- D . A firewall policy allowed the connection.
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
- A . The subject field in the server certificate
- B . The serial number in the server certificate
- C . The server name indication (SNI) extension in the client hello message
- D . The subject alternative name (SAN) field in the server certificate
- E . The host field in the HTTP header
Refer to the exhibit.
The exhibit displays the output of the CLI command: diagnose sys ha dump-by vcluster.
Which two statements are true? (Choose two.)
- A . FortiGate SN FGVM010000065036 HA uptime has been reset.
- B . FortiGate devices are not in sync because one device is down.
- C . FortiGate SN FGVM010000064692 is the primary because of higher HA uptime.
- D . FortiGate SN FGVM010000064692 has the higher HA priority.
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
All traffic must be routed through the primary tunnel when both tunnels are up. The secondary tunnel must be used only if the primary tunnel goes down. In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover.
Which two key configuration changes must the administrator make on FortiGate to meet the requirements? (Choose two.)
- A . Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
- B . Configure a lower distance on the static route for the primary tunnel, and a higher distance on the
static route for the secondary tunnel. - C . Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.
- D . Enable Dead Peer Detection.
Refer to the exhibit.
Which statement about the configuration settings is true?
- A . When a remote user accesses http://10.200.1.1:443, the SSL-VPN login page opens.
- B . When a remote user accesses https://10.200.1.1:443, the SSL-VPN login page opens.
- C . When a remote user accesses https://10.200.1.1:443, the FortiGate login page opens.
- D . The settings are invalid. The administrator settings and the SSL-VPN settings cannot use the same port.
What are two functions of ZTNA? (Choose two.)
- A . ZTNA manages access through the client only.
- B . ZTNA manages access for remote users only.
- C . ZTNA provides a security posture check.
- D . ZTNA provides role-based access.
Refer to the exhibit.
The exhibit shows a diagram of a FortiGate device connected to the network, the firewall policy and VIP configuration on the FortiGate device, and the routing table on the ISP router.
When the administrator tries to access the web server public address (203.0.113.2) from the internet, the connection times out. At the same time, the administrator runs a sniffer on FortiGate to capture incoming web traffic to the server and does not see any output.
Based on the information shown in the exhibit, what configuration change must the administrator make to fix the connectivity issue?
- A . Configure a loopback interface with address 203.0.113.2/32.
- B . In the VIP configuration, enable arp-reply.
- C . Enable port forwarding on the server to map the external service port to the internal service port.
- D . In the firewall policy configuration, enable match-vip.
Which statement is correct regarding the inspection of some of the services available by web applications embedded in third-party websites?
- A . The security actions applied on the web applications will also be explicitly applied on the third-party websites.
- B . The application signature database inspects traffic only from the original web application server.
- C . FortiGuard maintains only one signature of each web application that is unique.
- D . FortiGate can inspect sub-application traffic regardless where it was originated.
FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface.
In this scenario, what are two requirements for the VLAN ID? (Choose two.)
- A . The two VLAN subinterfaces can have the same VLAN ID, only if they have IP addresses in the same subnet.
- B . The two VLAN subinterfaces can have the same VLAN ID, only if they belong to different VDOMs.
- C . The two VLAN subinterfaces must have different VLAN IDs.
- D . The two VLAN subinterfaces can have the same VLAN ID, only if they have IP addresses in
different subnets.
Which two settings must you configure when FortiGate is being deployed as a root FortiGate in a Security Fabric topology? (Choose two.)
- A . FortiManager IP address
- B . FortiAnalyzer IP address
- C . Pre-authorize downstream FortiGate devices
- D . Fabric name