Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

FCP_FGT_AD-7.4Free trial

By fortinet

Verified

25Q per page

Question 1

Refer to the exhibit.

Which two statements are true about the routing entries in this database table? (Choose two.)

A: All of the entries in the routing database table are installed in the FortiGate routing table.
B: The port2 interface is marked as inactive.
C: Both default routes have different administrative distances.
D: The default route on port2 is marked as the standby route.

—

Question 2

A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
All traffic must be routed through the primary tunnel when both tunnels are up. The secondary tunnel must be used only if the primary tunnel goes down. In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover.
Which two key configuration changes must the administrator make on FortiGate to meet the requirements? (Choose two.)

A: Enable Dead Peer Detection.
B: Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.
C: Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
D: Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.

—

Question 3

Refer to the exhibits.

The exhibits show the application sensor configuration and the Excessive-Bandwidth and Apple filter details.
Based on the configuration, what will happen to Apple FaceTime if there are only a few calls originating or incoming?

A: Apple FaceTime will be allowed, based on the Video/Audio category configuration.
B: Apple FaceTime will be allowed, based on the Apple filter configuration.
C: Apple FaceTime will be allowed only if the Apple filter in Application and Filter Overrides is set to Allow.
D: Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration.

—

Question 4

An employee needs to connect to the office through a high-latency internet connection.
Which SSL VPN setting should the administrator adjust to prevent SSL VPN negotiation failure?

A: SSL VPN idle-timeout
B: SSL VPN login-timeout
C: SSL VPN dtls-hello-timeout
D: SSL VPN session-ttl

—

Question 5

When FortiGate performs SSL/SSH full inspection, you can decide how it should react when it detects an invalid certificate.
Which three actions are valid actions that FortiGate can perform when it detects an invalid certificate? (Choose three.)

A: Allow & Warning
B: Trust & Allow
C: Allow
D: Block & Warning
E: Block

—

Question 6

Refer to the exhibit, which shows the IPS sensor configuration.

If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)

A: The sensor will gather a packet log for all matched traffic.
B: The sensor will reset all connections that match these signatures.
C: The sensor will allow attackers matching the Microsoft.Windows.iSCSI.Target.DoS signature.
D: The sensor will block all attacks aimed at Windows servers.

—

Question 7

Which statement is a characteristic of automation stitches?

A: They can be run only on devices in the Security Fabric.
B: They can be created only on downstream devices in the fabric.
C: They can have one or more triggers.
D: They can run multiple actions at the same time.

—

Question 8

What is the primary FortiGate election process when the HA override setting is disabled?

A: Connected monitored ports > Priority > System uptime > FortiGate serial number
B: Connected monitored ports > System uptime > Priority > FortiGate serial number
C: Connected monitored ports > Priority > HA uptime > FortiGate serial number
D: Connected monitored ports > HA uptime > Priority > FortiGate serial number

—

Question 9

Which two settings are required for SSL VPN to function between two FortiGate devices? (Choose two.)

A: The client FortiGate requires the SSL VPN tunnel interface type to connect SSL VPN.
B: The server FortiGate requires a CA certificate to verify the client FortiGate certificate.
C: The client FortiGate requires a client certificate signed by the CA on the server FortiGate.
D: The client FortiGate requires a manually added route to remote subnets.

—

Question 10

Refer to the exhibit.

Which statement about this firewall policy list is true?

A: The Implicit group can include more than one deny firewall policy.
B: The firewall policies are listed by ID sequence view.
C: The firewall policies are listed by ingress and egress interfaces pairing view.
D: LAN to WAN, WAN to LAN, and Implicit are sequence grouping view lists.

—

Question 11

Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI.

Based on the exhibit, which statement is true?

A: The underlay zone contains port1 and port2.
B: The d-wan zone contains no member.
C: The d-wan zone cannot be deleted.
D: The virtual-wan-link zone contains no member.

—

Question 12

Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

A: The host field in the HTTP header.
B: The server name indication (SNI) extension in the client hello message.
C: The subject alternative name (SAN) field in the server certificate.
D: The subject field in the server certificate.
E: The serial number in the server certificate.

—

Question 13

Which two statements describe how the RPF check is used? (Choose two.)

A: The RPF check is run on the first sent packet of any new session.
B: The RPF check is run on the first reply packet of any new session.
C: The RPF check is run on the first sent and reply packet of any new session.
D: The RPF check is a mechanism that protects FortiGate and the network from IP spoofing attacks.

—

Question 14

Which three strategies are valid SD-WAN rule strategies for member selection? (Choose three.)

A: Manual with load balancing
B: Lowest Cost (SLA) with load balancing
C: Best Quality with load balancing
D: Lowest Quality (SLA) with load balancing
E: Lowest Cost (SLA) without load balancing

—

Question 15

Which two features of IPsec IKEv1 authentication are supported by FortiGate? (Choose two.)

A: Pre-shared key and certificate signature as authentication methods
B: Extended authentication (XAuth) to request the remote peer to provide a username and password
C: Extended authentication (XAuth) for faster authentication because fewer packets are exchanged
D: No certificate is required on the remote peer when you set the certificate signature as the authentication method

—

Question 16

Which two statements are true regarding FortiGate HA configuration synchronization? (Choose two.)

A: Checksums of devices are compared against each other to ensure configurations are the same.
B: Incremental configuration synchronization can occur only from changes made on the primary FortiGate device.
C: Incremental configuration synchronization can occur from changes made on any FortiGate device within the HA cluster.
D: Checksums of devices will be different from each other because some configuration items are not synced to other HA members.

—

Question 17

What are two features of the NGFW profile-based mode? (Choose two.)

A: NGFW profile-based mode can only be applied globally and not on individual VDOMs.
B: NGFW profile-based mode must require the use of central source NAT policy.
C: NGFW profile-based mode policies support both flow inspection and proxy inspection.
D: NGFW profile-based mode supports applying applications and web filtering profiles in a firewall policy.

—

Question 18

Refer to the exhibit to view the firewall policy.

Why would the firewall policy not block a well-known virus, for example eicar?

A: The action on the firewall policy is not set to deny.
B: The firewall policy is not configured in proxy-based inspection mode.
C: Web filter is not enabled on the firewall policy to complement the antivirus profile.
D: The firewall policy does not apply deep content inspection.

—

That’s the end of your free questions

You’ve reached the preview limit for FCP_FGT_AD-7.4

Consider upgrading to gain full access!

Page 1 of 4 • Questions 1-25 of 89

1 2 3 4

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!