Fortinet FCSS_EFW_AD-7.4 FCSS – Enterprise Firewall 7.4 Administrator Online Training
Fortinet FCSS_EFW_AD-7.4 Online Training
The questions for FCSS_EFW_AD-7.4 were last updated at May 06,2025.
- Exam Code: FCSS_EFW_AD-7.4
- Exam Name: FCSS - Enterprise Firewall 7.4 Administrator
- Certification Provider: Fortinet
- Latest update: May 06,2025
Which two statements about the use of digital certificates are true?
- A . An intermediate CA can sign server certificates
- B . An intermediate CA can sign another intermediate CA certificate
- C . The end entity’s certificate can only be created by an intermediate C
- D . An intermediate CA can validate the end entity certificate signed by another intermediate CA
An administrator has configured a FortiGate device with two VDOMs: root and internal.
The administrator has also created and inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link.
What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.)
- A . Router ID.
- B . OSPF interface area.
- C . OSPF interface cost.
- D . OSPF interface MTU.
- E . Interface subnet mask.
Which statement is true regarding File description (FD) conserve mode?
- A . IPS inspection is affected when FortiGate enters FD conserve mode.
- B . A FortiGate enters FD conserve mode when the amount of available description is less than 5%.
- C . FD conserve mode affects all daemons running on the device.
- D . Restarting the WAD process is required to leave FD conserve mode.
View the exhibit, which contains the partial output of an IKE real time debug, and then answer the question below.
The administrator does not have access to the remote gateway.
Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1 negotiation error?
- A . Change phase 1 encryption to AESCBC and authentication to SHA128.
- B . Change phase 1 encryption to 3DES and authentication to CBC.
- C . Change phase 1 encryption to AES128 and authentication to SHA512.
- D . Change phase 1 encryption to 3DES and authentication to SHA256.
View the following exhibit, which contains the sniffer output for a passive mode FTP request.
An administrator has created the following custom IPS signature to block all FTP requests for passive mode: F-SBID (–attack_id 1002; –name "Block.FTP "; –protocol tcp; –flow from_client; –pattern "PASV"; –no_case;) Soon after the signature is enabled in an active IPS sensor, some false positive detections are generated.
Which option and value pair will allow more specific detection?
- A . –protocol ftp
- B . –service ftp
- C . –name "Block.FTP.PASV"
- D . –attack_id 1001
Examine these partial outputs from two routing debug commands:
# get router info routing-table database
S 0.0.0.0/0 [20/0] via 100.64.2.254, port2, [10/0]
S *> 0.0.0.0/0 [10/0] via 100.64.1.254, port1
# get router info routing-table all
S* 0.0.0.0/0 [10/0] via 100.64.1.254, port1
Why is the default route that uses port2 not in the output of the second command?
- A . It has a higher distance than the default route using port1.
- B . There can be only one default route present in an active routing table.
- C . It has a higher priority than the default route using port1.
- D . It is disabled in the FortiGate configuration.
View the exhibit, which contains the output of a debug command, and then answer the question below.
Which one of the following statements about this FortiGate is correct?
- A . It is currently in system conserve mode because of high CPU usage.
- B . It is currently in proxy conserve mode because of high memory usage.
- C . It is currently in memory conserve mode because of high memory usage.
- D . It is currently in extreme conserve mode because of high memory usage.
View the following exhibit:
What two statements about this session are correct? (Choose two.)
- A . It is a UDP session that has seen traffic flow both ways.
- B . This is a TCP session that was blocked by firewall policy ID 0.
- C . This session terminates or originates in the FortiGate device.
- D . It is a TCP session in SYN_SENT state.
An administrator wants to capture encrypted phase 2 traffic between two FortiGate devices using the built-in sniffer.
If the administrator knows that there is no NAT device located between both FortiGate devices, which command should the administrator run?
- A . diagnose sniffer packet any ‘ah’
- B . diagnose sniffer packet any ‘ip proto 50’
- C . diagnose sniffer packet any ‘udp port 4500’
- D . diagnose sniffer packet any ‘udp port 500’
Refer to the exhibit, which contains the output of a diagnose command.
Which two statements about the output are true? (Choose two.)
- A . This is an expected session created by a session helper
- B . This is an expected session created by an application control profile.
- C . Traffic in the original direction (coming from the IP address 10.171.121.38) will be routed to the next-hop IP address 10.0.1.10.
- D . Traffic in the original direction (coming from the IP address 10.171.121.38) will be routed to the next-hop IP address 10.200.1.1.
Latest FCSS_EFW_AD-7.4 Dumps Valid Version with 210 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
