FCP_FGT_AD-7.4

Refer to the exhibit. A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up. Based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2...

A network administrator is configuring a new IPsec VPN tunnel on FortiGate. The remote peer IP address is dynamic. In addition, the remote peer does not support a dynamic DNS update service. Which type of remote gateway should the administrator configure on FortiGate for the new IPsec VPN tunnel to...

An administrator has configured a strict RPF check on FortiGate. How does strict RPF check work?A . Strict RPF allows packets back to sources with all active routes.B . Strict RPF checks the best route back to the source using the incoming interface.C . Strict RPF checks only for the...

Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?A . Antivirus engineB . Intrusion prevention system engineC . Flow engineD . Detection engineView AnswerAnswer: B Explanation: B. Intrusion prevention system engine. The Intrusion Prevention System (IPS) engine on FortiGate handles application control traffic, along with other functions...

Which statement about the policy ID number of a firewall policy is true? A. It is required to modify a firewall policy using the CLI. B. It represents the number of objects used in the firewall policy. C. It changes when firewall policies are reordered. D. It defines the order...

Which two statements about advanced AD access mode for the FSSO collector, agent are true? (Choose two.) A. FortiGate can act as an LDAP client to configure the group filters. B. It uses the Windows convention for naming; that is, DomainUsername. C. It supports monitoring of nested groups. D. It...

To complete the final step of a Security Fabric configuration, an administrator must authorize all the devices on which device?A . FortiManagerB . Root FortiGateC . FortiAnalyzerD . Downstream FortiGateView AnswerAnswer: C Explanation: The correct answer is C. FortiAnalyzer. Explanation: In a Security Fabric configuration, after the devices are added...

Which three statements explain a flow-based antivirus profile? (Choose three.) A. Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection. B. If a virus is detected, the last packet is delivered to the client. C. The IPS engine handles the process as a standalone. D. FortiGate...

View the exhibit. Both VDOMs are operating in NAT/route mode. The subnet 10.0.1.0/24 is connected to VDOM1. The subnet 10.0.2.0/24 is connected to VDOM2. There is an inter-VDOM link between VDOM1 and VDOM2. Also, necessary firewall policies are configured in VDOM1 and VDOM2. Which two static routes are required in...

Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.) A. The client FortiGate requires a client certificate signed by the CA on the server FortiGate. B. The client FortiGate requires a manually added route to remote subnets. C. The client FortiGate uses the SSL VPN...