Practice Free FCP_FGT_AD-7.4 Exam Online Questions
Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.
When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?
- A . SMTP.Login.Brute.Force
- B . IMAP.Login.brute.Force
- C . ip_src_session
- D . Location: server Protocol: SMTP
B
Explanation:
IMAP.Login.brute.Force
Anomalies can be zero-day or denial of service attack
Are Detected by behaivoral analysis:
Rate Based IPS Signatures.
DoS Policies.
Protocol Constraint Inspections.
DoS policy disabled in this scenario.
What are two benefits of flow-based inspection compared to proxy-based inspection? (Choose two.)
- A . FortiGate uses fewer resources.
- B . FortiGate performs a more exhaustive inspection on traffic.
- C . FortiGate adds less latency to traffic.
- D . FortiGate allocates two sessions per connection.
A,C
Explanation:
Which three methods can you use to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.)
- A . Instant message app
- B . FortiToken
- C . Email
- D . Voicemail message
- E . SMS text message
B,C,E
Explanation:
The three methods that can be used to deliver the token code to a user configured to use two-factor authentication are:
B. FortiToken
FortiToken is a physical or software-based token that generates time-based or event-based codes for two-factor authentication.
C. Email
The token code can be delivered to the user via email, where the user has access to the code through their email account.
E. SMS text message
The token code can be sent to the user as a text message (SMS) to their mobile device.
These methods provide flexibility in delivering the token code to users for two-factor authentication.
So, the correct choices are B, C, and E.
You have enabled logging on your FortiGate device for Event logs and all Security logs, and you have set up logging to use the FortiGate local disk.
What is the default behavior when the local disk is full?
- A . Logs are overwritten and the only warning is issued when log disk usage reaches the threshold of 95%.
- B . No new log is recorded until you manually clear logs from the local disk.
- C . Logs are overwritten and the first warning is issued when log disk usage reaches the threshold of 75%.
- D . No new log is recorded after the warning is issued when log disk usage reaches the threshold of 95%.
C
Explanation:
C. Logs are overwritten, and the first warning is issued when log disk usage reaches the threshold of 75%.
When the log disk usage reaches 75%, a warning is issued, and logs are overwritten to make space for new logs. This allows the device to continue logging events while maintaining a threshold to prevent the disk from filling up completely.
First warning 75%, second 90% and final Warning 95%
Only 75% of the disk is available to store logs, this is distributed in the existing vdoms.
Diagnose sys logdisk usage — CLI command to verify this.
An administrator wants to monitor their network for any probing attempts aimed to exploit existing vulnerabilities in their servers.
Which two items must they configure on their FortiGate to accomplish this? (Choose two.)
- A . A web application firewall profile to check protocol constraints
- B . A DoS policy, and log all UDP and TCP scan attempts
- C . An IPS sensor to monitor all signatures applicable to the server
- D . An application control profile, and set all application signatures to monitor
B,C
Explanation:
B. Configure a DoS policy and log all UDP and TCP scan attempts.
A Denial of Service (DoS) policy can help monitor and mitigate scan attempts. By logging UDP and TCP scan attempts, the administrator can identify potential probing activities.
C. Configure an IPS sensor to monitor all signatures applicable to the server.
An Intrusion Prevention System (IPS) sensor is crucial for monitoring and preventing various types of attacks, including those targeting server vulnerabilities. Monitoring all relevant IPS signatures enhances the detection capabilities.
So, the correct choices are indeed B and C.
An administrator has a requirement to keep an application session from timing out on port 80.
What two changes can the administrator make to resolve the issue without affecting any existing services running through FortiGate? (Choose two.)
- A . Create a new firewall policy with the new HTTP service and place it above the existing HTTP policy.
- B . Create a new service object for HTTP service and set the session TTL to never
- C . Set the TTL value to never under config system-ttl
- D . Set the session TTL on the HTTP policy to maximum
A,B
Explanation:
The correct answers are:
An administrator configured the antivirus profile in a firewall policy set to flow-based inspection mode. While testing the configuration, the administrator noticed that eicar.com test files can be downloaded using HTTPS protocol only.
What is causing this issue?
- A . Hardware acceleration is in use.
- B . The test file is larger than the oversize limit.
- C . HTTPS protocol is not enabled under Inspected Protocols.
- D . Full SSL inspection is disabled.
D
Explanation:
The issue is likely caused by:
D. Full SSL inspection is disabled.
In flow-based inspection mode, if full SSL inspection is disabled, the FortiGate device may not be inspecting the contents of the HTTPS traffic, allowing the eicar.com test files to be downloaded without being scanned for viruses. To address this, you would need to enable full SSL inspection to ensure that the antivirus profile can inspect the contents of encrypted traffic.
Refer to the exhibit.
In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.
What should the administrator do next to troubleshoot the problem?
- A . Run a sniffer on the web server.
- B . Capture the traffic using an external sniffer connected to port1.
- C . Execute another sniffer in the FortiGate, this time with the filter “host 10.0.1.10”
- D . Execute a debug flow.
D
Explanation:
Execute a debug flow.
Because sniffer shows the ingressing and egressing packets, but we cannot see dropped packets by fortigate in a sniffer. Debugging can show the packets are not entering for any reasons caused by fortigate. So, if a packed is reached to fortigate and dropped , debug will show us.
Refer to the exhibit to view the authentication rule configuration.
In this scenario, which statement is true?
- A . Session-based authentication is enabled
- B . Policy-based authentication is enabled
- C . IP-based authentication is enabled
- D . Route-based authentication is enabled
A
Explanation:
The correct statement is:
Which three methods are used by the collector agent for AD polling? (Choose three.)
- A . WMI
- B . Novell API
- C . WinSecLog
- D . NetAPI
- E . FortiGate polling
A,C,D
Explanation:
The correct options for the methods used by the collector agent for AD polling are: