Practice Free FCSS_EFW_AD-7.4 Exam Online Questions
Refer to the exhibit, which contains the output of diagnose sys session list.
If the HA ID for the primary unit is zero (0), which statement about the output is true?
- A . This session cannot be synced with the slave unit.
- B . The inspection of this session has been offloaded to the slave unit.
- C . The master unit is processing this traffic.
- D . This session is for HA heartbeat traffic.
Refer to the exhibit, which shows the FortiGuard Distribution Network of a FortiGate device.
FortiGuard Distribution Network on FortiGate
An administrator is trying to find the web filter database signature on FortiGate to resolve issues with websites not being filtered correctly in a flow-mode web filter profile.
Why is the web filter database version not visible on the GUI, such as with IPS definitions?
- A . The web filter database is stored locally, but the administrator must run over CLI diagnose autoupdate versions.
- B . The web filter database is stored locally on FortiGate, but it is hidden behind the GUI. It requires enabling debug mode to make it visible.
- C . The web filter database is not hosted on FortiGate: FortiGate queries FortiGuard or FortiManager for web filter ratings on demand.
- D . The web filter database is only accessible after manual syncing with a valid FDS server using diagnose test update info.
C
Explanation:
Unlike IPS or antivirus databases,FortiGate does not store a full web filter database locally. Instead, FortiGatequeries FortiGuard (or FortiManager, if configured) dynamicallyto classify and filter web content in real time.
Key points:
#Web filtering works on a cloud-based model:
# When a user requests a website,FortiGate queries FortiGuard servers to check its category and reputation.
# The response is then cached locally for faster lookups on repeated requests.
#No local web filter database version:
# UnlikeIPS and antivirus, which download and store signature updates locally,web filtering relies on cloud-based queries.
# This is whyno database version appears in the GUI.
#Flow mode vs Proxy mode:
# Inproxy mode, FortiGate cancachesome web filter data, improving performance.
# Inflow mode, all queries happen dynamically, with no locally stored database.
When a FortiLink interface is configured on a FortiGate, which VLAN is typically set as the default allowed VLAN on all connected FortiSwitch ports?
- A . Sniffer VLAN
- B . Camera VLAN
- C . Quarantine VLAN
- D . Management VLAN
What action can be taken on a FortiGate to block traffic using IPS protocol decoders, focusing on network transmission patterns and application signatures?
- A . Use the DNS filter to block application signatures and protocol decoders.
- B . Use application control to limit non-URL-based software handling.
- C . Enable application detection-based SD-WAN rules.
- D . Configure a web filter profile in flow mode.
B
Explanation:
FortiGate’sIPS protocol decodersanalyzenetwork transmission patternsandapplication signaturesto identify and block malicious traffic.Application Controlis the feature that allows FortiGate todetect, classify, and block applicationsbased on their behavior and signatures, even when they do not rely on traditional URLs.
#Application Controlworks alongsideIPS protocol decodersto inspect packet payloads and enforce security policies based on recognized application behaviors.
# It enablesgranular control over non-URL-based applicationssuch asP2P traffic, VoIP, messaging apps, and other non-web-based protocolsthat IPS can identify through protocol decoders.
#IPS and Application Control together can detect evasive or encrypted applications that might bypass traditional firewall rules.
Which statement about the designated router (DR) and backup designated router (BDR) in an OSPF multi-access network is true?
- A . Only the DR receives link state information from non-DR routers.
- B . Non-DR and non-BDR routers form full adjacencies to DR only.
- C . Non-DR and non-BDR routers send link state updates and acknowledgements to 224.0.0.6.
- D . FortiGate first checks the OSPF ID to elect a DR.
What does the command set forward-domain <domain_ID> in a transparent VDOM interface do?
- A . It configures the interface to prioritize traffic based on the domain ID, enhancing quality of service for specified VLANs.
- B . It isolates traffic within a specific VLAN by assigning a broadcast domain to an interface based on the
VLAN ID. - C . It restricts the interface to managing traffic only from the specified VLAN, effectively segregating network traffic.
- D . It assigns a unique domain ID to the interface, allowing it to operate across multiple VLANs within the same VDOM.
B
Explanation:
In atransparent mode Virtual Domain (VDOM)configuration, FortiGate operates as aLayer 2 bridgerather than performing Layer 3 routing. Theset forward-domain <domain_ID>command is used to control how traffic is forwarded between interfaces within the sametransparent VDOM.
Aforward-domainacts as abroadcast domain, meaning only interfaces with thesame forward-domain ID can exchange traffic. This setting is commonly used toseparate different VLANs or network segments within the transparent VDOM while still allowing FortiGate to apply security policies.
Which two conditions would prevent a static route from being added to the routing table? (Choose two.)
- A . There is another other route to the same destination, with a lower distance.
- B . The route has a lower priority value than another route to the same destination.
- C . The next-hop IP address is unreachable.
- D . The interface specified in the route configuration is down
A FortiGate’s port1 is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT enabled. An internal web proxy user is downloading a file from the Internet via HTTP.
Which statements are true regarding the two entries in the FortiGate session table related with this traffic? (Choose two.)
- A . Both session have the local flag on.
- B . The destination IP addresses of both sessions are IP addresses assigned to FortiGate’s interfaces.
- C . One session has the proxy flag on, the other one does not.
- D . One of the sessions has the IP address of port2 as the source IP address.
Which real time debug should an administrator enable to troubleshoot RADIUS authentication problems?
- A . Diagnose debug application radius -1.
- B . Diagnose debug application fnbamd -1.
- C . Diagnose authd console Clog enable.
- D . Diagnose radius console Clog enable.
Examine the output of the ‘diagnose sys session list expectation’ command shown in the exhibit; then answer the question below.
Which statement is true regarding the session in the exhibit?
- A . it was created by the FortiGate kernel to allow push updates from FortiGuard.
- B . it is for management traffic terminating at the FortiGate.
- C . it is for traffic originated from the FortiGate.
- D . it was created by a session helper or ALG.