FCP_FGT_AD-7.4

FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy. Which two other security profiles can you apply to the security policy? (Choose two.) A. Antivirus scanning B. File filter C. DNS filter D. Intrusion preventionView AnswerAnswer: A,D...

Refer to the exhibits. Exhibit A shows a topology for a FortiGate HA cluster that performs proxy-based inspection on traffic. Exhibit B shows the HA configuration and the partial output of the get system ha status command. Based on the exhibits, which two statements about the traffic passing through the...

NGFW mode allows policy-based configuration for most inspection rules. Which security profile's configuration does not change when you enable policy-based inspection?A . Web filteringB . AntivirusC . Web proxyD . Application controlView AnswerAnswer: B Explanation: Antivirus and IPS is enhanced by the IPS Engine, so that is why B is...

An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to the SSL-VPN. How can this be achieved?A . Assigning public IP addresses to SSL-VPN usersB . Configuring web bookmarksC . Disabling split tunnelingD . Using web-only modeView AnswerAnswer: C Explanation: The correct answer...

An administrator needs to increase network bandwidth and provide redundancy. What interface type must the administrator select to bind multiple FortiGate interfaces?A . VLAN interfaceB . Software Switch interfaceC . Aggregate interfaceD . Redundant interfaceView AnswerAnswer: C Explanation: Link aggregation (IEEE 802.3ad) enables you to bind two or more physical...

Which two settings can be separately configured per VDOM on a FortiGate device? (Choose two.)A . FortiGuard update serversB . System timeC . Operating modeD . NGFW modeView AnswerAnswer: C,D Explanation: C: Operating mode is per-VDOM setting. You can combine transparent mode VDOM's with NAT mode VDOMs on the same...

Which two statements about antivirus scanning in a firewall policy set to proxy-based inspection mode, are true? (Choose two.)A . A file does not need to be buffered completely before it is moved to the antivirus engine for scanning.B . The client must wait for the antivirus scan to finish...

Which NAT method translates the source IP address in a packet to another IP address?A . DNATB . SNATC . VIPD . IPPOOLView AnswerAnswer: B Explanation: The correct answer is: B. SNAT SNAT (Source Network Address Translation), also known as MASQUERADE in iptables, translates the source IP address in a...

Refer to the exhibit. The exhibit shows the IPS sensor configuration. If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.) A. The sensor will allow attackers matching the NTP.Spoofed.KoD.DoS signature. B. The sensor will block all attacks aimed at Windows servers. C....

Refer to the exhibits. Exhibit A shows system performance output. Exhibit B shows a FortiGate configured with the default configuration of high memory usage thresholds. Based on the system performance output, which two results are correct? (Choose two.)A . FortiGate will start sending all files to FortiSandbox for inspection.B ....