Fortinet FCP_FGT_AD-7.4 Practice Exams
Last updated on Apr 09,2025- Exam Code: FCP_FGT_AD-7.4
- Exam Name: FCP - FortiGate 7.4 Administrator
- Certification Provider: Fortinet
- Latest update: Apr 09,2025
View the exhibit.
Both VDOMs are operating in NAT/route mode. The subnet 10.0.1.0/24 is connected to VDOM1. The subnet 10.0.2.0/24 is connected to VDOM2. There is an inter-VDOM link between VDOM1 and VDOM2. Also, necessary firewall policies are configured in VDOM1 and VDOM2.
Which two static routes are required in the FortiGate configuration, to route traffic between both subnets through an inter-VDOM link? (Choose two.)
- A . A static route in VDOM1 with the destination subnet matching the subnet assigned to the inter-VDOM link
- B . A static route in VDOM2 for the destination subnet 10.0.1.0/24
- C . A static route in VDOM1 for the destination subnet 10.0.2.0/24
- D . A static route in VDOM2 with the destination subnet matching the subnet assigned to the inter-VDOM link
Which statement correctly describes the use of reliable logging on FortiGate?
- A . Reliable logging is enabled by default in all configuration scenarios.
- B . Reliable logging is required to encrypt the transmission of logs.
- C . Reliable logging can be configured only using the CLI.
- D . Reliable logging prevents the loss of logs when the local disk is full.
A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and does not block the file, allowing it to be downloaded.
The administrator confirms that the traffic matches the configured firewall policy.
What are two reasons for the failed virus detection by FortiGate? (Choose two.)
- A . The website is exempted from SSL inspection.
- B . The EICAR test file exceeds the protocol options oversize limit.
- C . The selected SSL inspection profile has certificate inspection enabled.
- D . The browser does not trust the FortiGate self-signed CA certificate.
A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service.
Which type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to work?
- A . Pre-shared key
- B . Dialup user
- C . Dynamic DNS
- D . Static IP address
Which two statements about FortiGate antivirus databases are true? (Choose two.)
- A . The quick scan database is part of the normal database.
- B . The extreme database is available only on certain FortiGate models.
- C . The extended database is available on all FortiGate models.
- D . The extended database is available only if AI scanning is enabled.
Refer to the exhibits.
The exhibits show the firewall policies and the objects used in the firewall policies.
The administrator is using the Policy Lookup feature and has entered the search criteria shown in the exhibit.
Which policy will be highlighted, based on the input criteria?
- A . Policy with ID 4.
- B . Policy with ID 5.
- C . Policies with ID 2 and 3.
- D . Policy with ID 1.
Which downstream FortiGate VDOM is used to join the Security Fabric when split-task VDOM is enabled on all FortiGate devices?
- A . FG-traffic VDOM
- B . Root VDOM
- C . Customer VDOM
- D . Global VDOM
Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)
- A . udp-echo
- B . DNS
- C . TWAMP
- D . ping
A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded.
What is the reason for the failed virus detection by FortiGate?
- A . Application control is not enabled
- B . SSL/SSH Inspection profile is incorrect
- C . Antivirus profile configuration is incorrect
- D . Antivirus definitions are not up to date
An administrator wants to block https://www.example.com/videos and allow all other URLs on the website.
What are two configuration changes that the administrator can make to satisfy the requirement? (Choose two.)
- A . Configure web override for the URL and select a blocked FortiGuard subcategory
- B . Enable full SSL inspection
- C . Configure a video filter profile to block the URL
- D . Configure a static URL filter entry for the URL and select Block as the action