FCP_FGT_AD-7.4

What are two benefits of flow-based inspection compared to proxy-based inspection? (Choose two.) A. FortiGate uses fewer resources. B. FortiGate performs a more exhaustive inspection on traffic. C. FortiGate adds less latency to traffic. D. FortiGate allocates two sessions per connection.View AnswerAnswer: A,C Explanation: A. FortiGate uses fewer resources. C....

Which two statements are true about collector agent standard access mode? (Choose two.) A. Standard mode uses Windows convention-NetBios: DomainUsername. B. Standard mode security profiles apply to organizational units (OU). C. Standard mode security profiles apply to user groups. D. Standard access mode supports nested groups.View AnswerAnswer: A,C Explanation: A....

An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel. Which DPD mode on FortiGate will meet the above requirement?A . DisabledB . On DemandC . EnabledD...

View the exhibit. A user at 192.168.32.15 is trying to access the web server at 172.16.32.254. Which two statements best describe how the FortiGate will perform reverse path forwarding (RPF) checks on this traffic? (Choose two.)A . Strict RPF check will deny the traffic.B . Loose RPF check will allow...

Which three criteria can FortiGate use to look for a matching firewall policy to process traffic? (Choose three.) A. Services defined in the firewall policy B. Highest to lowest priority defined in the firewall policy C. Destination defined as Internet Services in the firewall policy D. Lowest to highest policy...

What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode? A. It limits the scanning of application traffic to the browser-based technology category only. B. It limits the scanning of application traffic to the DNS protocol only. C. It...

How does FortiGate act when using SSL VPN in web mode?A . FortiGate acts as an FDS server.B . FortiGate acts as an HTTP reverse proxy.C . FortiGate acts as DNS server.D . FortiGate acts as router.View AnswerAnswer: B Explanation: B. FortiGate acts as an HTTP reverse proxy. When using...

Refer to the exhibit. Review the Intrusion Prevention System (IPS) profile signature settings. Which statement is correct in adding the FTP .Login.Failed signature to the IPS sensor profile?A . Traffic matching the signature will be silently dropped and logged.B . The signature setting uses a custom rating threshold.C . The...

Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.) A. udp-echo B. DNS C. TWAMP D. pingView AnswerAnswer: A,C Explanation: The correct answers are: A. udp-echo The udp-echo protocol option is available on the CLI for configuring...

Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.) A. The subject field in the server certificate B. The serial number in the server certificate C. The server name indication (SNI) extension in the client...