FCP_FGT_AD-7.4試験無料問題集（91題）「Fortinet FCP

出題：1

A network administrator has configured an SSL/SSH inspection profile defined for full SSL inspection and set with a private CA certificate. The firewall policy that allows the traffic uses this profile for SSL inspection and performs web filtering. When visiting any HTTPS websites, the browser reports certificate warning errors.
What is the reason for the certificate warning errors?

A. The SSL cipher compliance option is not enabled on the SSL inspection profile. This setting is required when the SSL inspection profile is defined with a private CA certificate.

B. The certificate used by FortiGate for SSL inspection does not contain the required certificate extensions.

C. With full SSL inspection it is not possible to avoid certificate warning errors at the browser level.

D. The browser does not recognize the certificate in use as signed by a trusted CA.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

An administrator configured a FortiGate to act as a collector for agentless polling mode.
What must the administrator add to the FortiGate device to retrieve AD user group information?

A. DHCP server

B. RADIUS server

C. LDAP server

D. Windows server

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.
Based on the phase 2 configuration shown in the exhibit, which two configuration changes will bring phase 2 up? (Choose two.)

A. On Remote-FortiGate, set Seconds to 43200.

B. On HQ-FortiGate, enable Diffie-Hellman Group 2.

C. On Remote-FortiGate, set Remote Address to 10.0.1.0/255.255.255.0.

D. On HQ-FortiGate, set Encryption to AES256.

正解：C,D 解答を投票する

出題：4

Refer to the exhibit.

The exhibit shows a diagram of a FortiGate device connected to the network, the firewall policy and VIP configuration on the FortiGate device, and the routing table on the ISP router.
When the administrator tries to access the web server public address (203.0.113.2) from the internet, the connection times out. At the same time the administrator runs a sniffer on FortiGate to capture incoming web traffic to the server and does not see any output.
Based on the information shown in the exhibit, what configuration change must the administrator make to fix the connectivity issue?

A. In the firewall policy configuration, enable match-vip.

B. In the VIP configuration, enable arp-reply.

C. Configure a loopback interface with address 203.0.113.2/32.

D. Enable port forwarding on the server to map the external service port to the internal service port.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Which statement about the deployment of the Security Fabric in a multi-VDOM environment is true?

A. Downstream devices can connect to the upstream device from any of their VDOMs

B. Each VDOM in the environment can be part of a different Security Fabric

C. VDOMs without ports with connected devices are not displayed in the topology

D. Security rating reports can be run individually for each configured VDOM

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile.
Which order must FortiGate use when the web filter profile has features such as safe search enabled?

A. Static domain filter, SSL inspection filter, and external connectors filters

B. FortiGuard category filter and rating filter

C. Static URL filter, FortiGuard category filter, and advanced filters

D. DNS-based web filter and proxy-based web filter

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Refer to exhibit.

An administrator configured the web filtering profile shown in the exhibit to block access to all social networking sites except Twitter. However, when users try to access twitter.com, they are redirected to a FortiGuard web filtering block page.
Based on the exhibit, which configuration change can the administrator make to allow Twitter while blocking all other social networking sites?

A. On the Static URL Filter configuration set Type to Simple

B. On the FortiGuard Category Based Filter configuration set Action to Warning for Social Networking

C. On the Static URL Filter configuration set Action to Monitor

D. On the Static URL Filter configuration set Action to Exempt

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy.
When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the and does not block the file allowing it to be downloaded.
The administrator confirms that the traffic matches the configured firewall policy.
What are two reasons for the failed virus detection by FortiGate? (Choose two.)

A. The EICAR test file exceeds the protocol options oversize limit

B. The website is exempted from SSL inspection

C. The browser does not trust the FortiGate self-siqned CA certificate

D. The selected SSL inspection profile has certificate inspection enabled

正解：B,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?

A. Application control engine

B. Internet Service Database (ISDB) engine

C. Intrusion prevention system engine

D. Antivirus engine

正解：C 解答を投票する

FCP_FGT_AD-7.4試験無料問題集「Fortinet FCP - FortiGate 7.4 Administrator 認定」