Fortinet FCSS_EFW_AD-7.4 Practice Exams
Last updated on Apr 01,2025- Exam Code: FCSS_EFW_AD-7.4
- Exam Name: FCSS - Enterprise Firewall 7.4 Administrator
- Certification Provider: Fortinet
- Latest update: Apr 01,2025
Which configuration can be used to reduce the number of BGP sessions in an IBGP network?
- A . Neighbor range
- B . Route reflector
- C . Next-hop-self
- D . Neighbor group
How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?
- A . FortiManager can download and maintain local copies of FortiGuard databases.
- B . FortiManager supports only FortiGuard push to managed devices.
- C . FortiManager will respond to update requests only if they originate from a managed device.
- D . FortiManager does not support rating requests.
View the following FortiGate configuration.
All traffic to the Internet currently egresses from port1.
The exhibit shows partial session information for Internet traffic from a user on the internal network:
If the priority on route ID 1 were changed from 5 to 20, what would happen to traffic matching that user’s session?
- A . The session would remain the session table, and its traffic would still egress from port 1.
- B . The session would remain the session table, but its traffic would now egress from both port 1and port2
- C . The session would remain the session table, and its traffic would start to egress from port2.
- D . The session would be deleted, so the client would need to start a new session.
Examine the output of the ‘diagnose debug rating’ command shown in the exhibit; then answer the question below.
Which statement are true regarding the output in the exhibit? (Choose two.)
- A . The TZ value represents the delta between each FortiGuard server’s time zone and the FortiGate’s time zone.
- B . FortiGate will send the FortiGuard queries to the server with highest weight.
- C . There are three FortiGuard servers that are not responding to the queries sent by the FortiGate.
- D . A server’s round trip delay (RTT) is not used to calculate its weight.
Examine the partial output from the IKE real time debug shown in the exhibit; then answer the question below.
Why didn’t the tunnel come up?
- A . IKE mode configuration is not enabled in the remote IPsec gateway.
- B . The remote gateway’s Phase-2 configuration does not match the local gateway’s phase-2 configuration.
- C . The remote gateway’s Phase-1 configuration does not match the local gateway’s phase-1 configuration.
- D . One IPsec gateway is using main mode, while the other IPsec gateway is using aggressive mode.
Refer to the exhibit, which shows the output of a diagnose command.
What can you conclude from the output shown in the exhibit? (Choose two.)
- A . This is a pinhole session created to allow traffic for a protocol that requires additional sessions to operate through FortiGate.
- B . This is an expected session created by the IPS engine.
- C . Traffic in the original direction (coming from the IP address 10.171.121.38) will be routed to the next-hop IP address 10.200.1.1.
- D . Traffic in the original direction (coming from the IP address 10.171.121.38) will be routed to the next-hop IP address 10.0.1.10.
Which two statements about OCVPN are true? (Choose two.)
- A . Only root vdom supports OCVPN.
- B . OCVPN supports static and dynamic IPs in WAN interface.
- C . OCVPN offers only Hub-Spoke VPNs.
- D . FortiGate devices under different FortiCare accounts can be used to form OCVPN.
View the following exhibit, which contains the sniffer output for a passive mode FTP request.
An administrator has created the following custom IPS signature to block all FTP requests for passive mode: F-SBID (–attack_id 1002; –name "Block.FTP "; –protocol tcp; –flow from_client; –pattern "PASV"; –no_case;) Soon after the signature is enabled in an active IPS sensor, some false positive detections are generated.
Which option and value pair will allow more specific detection?
- A . –protocol ftp
- B . –service ftp
- C . –name "Block.FTP.PASV"
- D . –attack_id 1001
A FortiGate is rebooting unexpectedly without any apparent reason.
What troubleshooting tools could an administrator use to get more information about the problem? (Choose two.)
- A . Firewall monitor.
- B . Policy monitor.
- C . Logs.
- D . Crashlogs.
Refer to the exhibit, which shows the output of a diagnose command.
What can be concluded about the debug output in this scenario?
- A . Servers with a negative TZ value are less preferred for rating requests.
- B . There is a natural correlation between the value in the Packets field and the value in the Weight field.
- C . FortiGate used 64.26.151.37 as the initial server to validate its contract.
- D . The first server provided to FortiGate when it performed a DNS query looking for a list of rating servers, was 121.111.236.179.