Practice Free FCSS_EFW_AD-7.4 Exam Online Questions
Refer to the exhibit, which contains the output of a diagnose command.
Which two statements about the output are true? (Choose two.)
- A . This is an expected session created by a session helper
- B . This is an expected session created by an application control profile.
- C . Traffic in the original direction (coming from the IP address 10.171.121.38) will be routed to the next-hop IP address 10.0.1.10.
- D . Traffic in the original direction (coming from the IP address 10.171.121.38) will be routed to the next-hop IP address 10.200.1.1.
Examine the following traffic log; then answer the question below.
date-20xx-02-01 time=19:52:01 devname=masterdevice_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted."
What does the log mean?
- A . There is not enough available memory in the system to create a new entry in the NAT port table.
- B . The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached.
- C . FortiGate does not have any available NAT port for a new connection.
- D . The limit for the maximum number of entries in the NAT port table has been reached.
How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS?
- A . FortiManager can download and maintain local copies of FortiGuard databases.
- B . FortiManager supports only FortiGuard push to managed devices.
- C . FortiManager will respond to update requests only if they originate from a managed device.
- D . FortiManager does not support rating requests.
Which two conditions must be met for a statistic route to be active in the routing table? (Choose two.)
- A . The link health monitor (if configured) is up.
- B . There is no other route, to the same destination, with a higher distance.
- C . The outgoing interface is up.
- D . The next-hop IP address is up.
Which two statements about bulk configuration changes using FortiManager CLI scripts are correct? (Choose two.)
- A . When executed on the Policy Package, ADOM database, changes are applied directly to the managed FortiGate.
- B . When executed on the Device Database, you must use the installation wizard to apply the changes to the managed FortiGate
- C . When executed on the All FortiGate in ADOM, changes are automatically installed without creating a new revision history.
- D . When executed on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.
In which order are firewall policies processed on a FortiGate unit?
- A . From top to down, according with their sequence number.
- B . From top to down, according with their policy ID number.
- C . Based on best match.
- D . Based on the priority value.
Which two statements correctly describe the characteristics of the Fortinet Security Fabric? (Choose two.)
- A . It supports an open API, allowing third-party product integration.
- B . It provides a single pane of glass for reporting for all devices in the Security Fabric.
- C . The core of the Security Fabric includes FortiMail, FortiWeb, and FortiSandbox.
- D . It contains individual management platforms for each device to provide granular control.
An administrator is deploying APs that are connecting over an IPsec network. All APs have been configured to connect to FortiGate manually. FortiGate can discover the APs and authorize them.
However, FortiGate is unable to establish CAPWAP tunnels to manage the APs.
Which configuration setting can the administrator perform to resolve the problem?
- A . Decrease the CAPWAP tunnel MTU size for APs to prevent fragmentation
- B . Enable CAPWAP administrative access on the IPsec interface
- C . Upgrade the FortiAP firmware image to ensure compatibility with the FortiOS version
- D . Assign a custom AP profile for the remote APs with the set mpls-connection option enabled
View the exhibit, which contains the output of a diagnose command, and then answer the question below.
Which statements are true regarding the output in the exhibit? (Choose two.)
- A . FortiGate will probe 121.111.236.179 every fifteen minutes for a response.
- B . Servers with the D flag are considered to be down.
- C . Servers with a negative TZ value are experiencing a service outage.
- D . FortiGate used 209.222.147.36 as the initial server to validate its contract.
An LDAP user cannot authenticate against a FortiGate device.
Examine the real time debug output shown in the exhibit when the user attempted the authentication; then answer the question below.
Based on the output in the exhibit, what can cause this authentication problem?
- A . The FortiGate has been configured with the wrong password for the LDAP administrator.
- B . User student is using a wrong password.
- C . User student is not found in the LDAP server.
- D . The FortiGate has been configured with the wrong authentication schema.