The safer , easier way to help you pass any IT exams. 1 / 10 Fortinet FCSS_EFW_AD-7.4 Exam FCSS - Enterprise Firewall 7.4 Administrator https://www.passquestion.com/fcss_efw_ad-7-4.html 35% OFF on All, Including FCSS_EFW_AD-7.4 Questions and Answers P ass Fortinet FCSS_EFW_AD-7.4 Exam with PassQuestion FCSS_EFW_AD-7.4 questions and answers in the first attempt. https://www.passquestion.com/ The safer , easier way to help you pass any IT exams. 2 / 10 1.An administrator must ensure that users cannot access sites containing malware and spyware, while also protecting them from phishing attempts. What is the most resource-efficient method to block access to these sites? A. Enable antivirus profiles to scan all web traffic and block downloads from these malicious sites. B. Configure FortiGuard Web Filtering and block the categories malware, spyware, and phishing to prevent access to such sites. C. Create a custom IPS policy to monitor and block all outbound traffic related to malware, spyware, and phishing sites. D. Set up a DNS filter and block domains related to these categories to stop users from reaching malicious content. Answer: B 2.What global configuration setting changes the behavior for content-inspected traffic while FortiGate is in system conserve mode? A. av-failopen B. mem-failopen C. utm-failopen D. ips-failopen Answer: A 3.Examine the following traffic log; then answer the question below. date-20xx-02-01 time=19:52:01 devname=masterdevice_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted." What does the log mean? A. There is not enough available memory in the system to create a new entry in the NAT port table. B. The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached. C. FortiGate does not have any available NAT port for a new connection. D. The limit for the maximum number of entries in the NAT port table has been reached. Answer: B 4.Refer to the exhibit, which contains partial output from an IKE real-time debug. The safer , easier way to help you pass any IT exams. 3 / 10 The administrator does not have access to the remote gateway. Based on the debug output, which configuration change can the administrator make to the local gateway to resolve the phase 1 negotiation error? A. In the phase 1 network configuration, set the IKE version to 2. B. In the phase 1 proposal configuration, add AES128-SHA128 to the list of encryption algorithms. C. In the phase 1 proposal configuration, add AESCBC-SHA2 to the list of encryption algorithms. D. In the phase 1 proposal configuration, add AES256-SHA256 to the list of encryption algorithms. Answer: D 5.Refer to the exhibit, which shows a partial web filter profile configuration. The safer , easier way to help you pass any IT exams. 4 / 10 Which action will FortiGate take if a user attempts to access www.dropbox.com, which is categorized as File Sharing and Storage? A. FortiGate will block the connection, based on the FortiGuard category based filter configuration. B. FortiGate will block the connection as an invalid URL. C. FortiGate will exempt the connection, based on the Web Content Filter configuration. D. FortiGate will allow the connection, based onthe URL Filter configuration. Answer: D 6.Refer to the exhibit, which shows partial outputs from two routing debug commands. The safer , easier way to help you pass any IT exams. 5 / 10 Why is the port2 default route not in the second command output? A. The port2 interface is disabled in the FortiGate configuration. B. The port1 default route has a lower distance than the default route using port2. C. The port1 default route has a higher priority value than the default route using port2. D. The port1 default route has a lower priority value than the default route using port2. Answer: B 7.How does FortiManager handle FortiGuard requests from FortiGate devices, when it is configured as a local FDS? A. FortiManager can download and maintain local copies of FortiGuard databases. B. FortiManager supports only FortiGuard push to managed devices. C. FortiManager will respond to update requests only if they originate from a managed device. D. FortiManager does not support rating requests. Answer: A 8.An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug: diagnose debug application ike-1 diagnose debug enable In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN? A. Phase1; IKE mode configuration; XAuth; phase 2. B. Phase1; XAuth; IKE mode configuration; phase2. C. Phase1; XAuth; phase 2; IKE mode configuration. D. Phase1; IKE mode configuration; phase 2; XAuth. Answer: B 9.View the exhibit, which contains the partial output of a diagnose command, and then answer the question below. The safer , easier way to help you pass any IT exams. 6 / 10 Based on the output, which of the following statements is correct? A. Anti-replay is enabled. B. DPD is disabled. C. Quick mode selectors are disabled. D. Remote gateway IP is 10.200.5.1. Answer: A 10.Which statement about the designated router (DR) and backup designated router (BDR) in an OSPF multi-access network is true? A. Only the DR receives link state information from non-DR routers. B. Non-DR and non-BDR routers form full adjacencies to DR only. C. Non-DR and non-BDR routers send link state updates and acknowledgements to 224.0.0.6. D. FortiGate first checks the OSPF ID to elect a DR. Answer: C 11.Which two statements about application layer test commands are true? (Choose two.) A. They are used to filter real-time debugs. B. They display real-time application debugs. C. Some of them can be used to restart an application. D. Some of them display statistics and configuration information about a feature or process. Answer: CD 12.Refer to the exhibit, which shows the output of a diagnose command. The safer , easier way to help you pass any IT exams. 7 / 10 What can you conclude from the output shown in the exhibit? (Choose two.) A. This is a pinhole session created to allow traffic for a protocol that requires additional sessions to operate through FortiGate. B. This is an expected session created by the IPS engine. C. Traffic in the original direction (coming from the IP address 10.171.121.38) will be routed to the next-hop IP address 10.200.1.1. D. Traffic in the original direction (coming from the IP address 10.171.121.38) will be routed to the next-hop IP address 10.0.1.10. Answer: AD 13.When investigating FortiGuard connectivity issues, which action is a valid troubleshooting step? A. Configure a virtual IP to forward port 443 to the FortiGate external IP. B. Verify management VDOM internet access. C. Use the FortiGuard real-time debug command to verify rating requests. D. Verify that DNS requests are being proxied, if auto-update tunneling is enabled. Answer: B 14.In which two states is a given session categorized as ephemeral? (Choose two.) A. A TCP session waiting to complete the three-way handshake. B. A TCP session waiting for FIN ACK. C. A UDP session with packets sent and received. D. A UDP session with only one packet received. Answer: AD 15.Refer to the exhibit, which contains the partial output of an IKE real-time debug. The safer , easier way to help you pass any IT exams. 8 / 10 Why did the tunnel not come up? A. The pre-shared keys do not match B. The remote gateway phase 1 configuration does not match the local gateway phase 1 configuration. C. The remote gateway phase 2 configuration does not match the local gateway phase 2 configuration. D. The remote gateway is using aggressive mode and the local gateway is configured to use main mode. Answer: B 16.Which statement about administrative domains (ADOMs) on FortiManager is true? A. The number of configurable ADOMs is based on the FortiManager FortiCare service contract. B. The ADOM feature can be enabled by any administrative user. C. FortiGate devices with multiple VDOMs must be assigned to the same ADOM on FortiManager. D. ADOMs allow grouping of managed devices based on management criteria and administrative access. Answer: D 17.Refer to the exhibits. The safer , easier way to help you pass any IT exams. 9 / 10 The exhibits show a network diagram, the output from the command config system ha, and a firewall policy. What source MAC address does the web server detect when a user accesses it? A. The virtual MAC address of FortiGate B. B. The physical MAC address of FortiGate B. The safer , easier way to help you pass any IT exams. 10 / 10 C. The virtual MAC address of FortiGate A. D. The physical MAC address of FortiGate A. Answer: B 18.Which two statements about the Security Fabric are true? (Choose two.) A. Only the root FortiGate collects network information and forwards it to FortiAnalyzer. B. Branch FortiGate devices must be configured first. C. FortiGate uses FortiTelemetry protocol to communicate with FortiAnalyzer. D. All FortiGate devices in the Security Fabric must have bidirectional FortiTelemetry connectivity. Answer: CD 19.Examine the output from the 'diagnose debug authd fsso list' command; then answer the question below. # diagnose debug authd fsso list--FSSO logons-IP: 192.168.3.1 User: STUDENT Groups:TRAININGAD/USERS Workstation: INTERNAL2. TRAINING. LAB The IP address 192.168.3.1 is NOT the one used by the workstation INTERNAL2. TRAINING. LAB. What should the administrator check? A. The IP address recorded in the logon event for the user STUDENT. B. The DNS name resolution for the workstation name INTERNAL2. TRAINING. LAB. C. The source IP address of the traffic arriving to the FortiGate from the workstation INTERNAL2. TRAINING. LAB. D. The reserve DNS lookup forthe IP address 192.168.3.1. Answer: B 20.Four FortiGate devices configured for OSPF connected to the same broadcast domain. The first unit is elected as the designated router. The second unit is elected as the backup designated router. Under normal operation, how many OSPF full adjacencies are formed to each of the other two units? A. 1 B. 2 C. 3 D. 4 Answer: B 21.An administrator has enabled HA session synchronization in a HA cluster with two members. Which flag is added to a primary unit ’ s session to indicate that it has been synchronized to the secondary unit? A. redir. B. dirty. C. synced D. nds. Answer: C