FCP_FGT_AD-7.4問題集PDFでFCP_FGT_AD-7.4リアル試験問題解答
時間限定!今すぐ試そうFCP_FGT_AD-7.4試験 [2025] 問題集でFortinetのPDF問題
質問 # 16
Refer to the exhibit.
Review the intrusion prevention system (IPS) profile signature settings shown in the exhibit.
What do you conclude when adding the FTP.Login.Failed signature to the IPS sensor profile?
- A. The signature setting includes a group of other signatures.
- B. The signature setting uses a custom rating threshold.
- C. Traffic matching the signature will be allowed and logged.
- D. Traffic matching the signature will be silently dropped and logged.
正解:C
解説:
The exhibit shows that the "FTP.Login.Failed" IPS signature is set with the action "Pass" and packet logging enabled. This means that any traffic matching this signature will be allowed through the FortiGate, and the traffic details will be logged for monitoring and analysis purposes.
References:
* FortiOS 7.4.1 Administration Guide: IPS Signature Actions
質問 # 17
Refer to the exhibit to view the authentication rule configuration.
In this scenario, which statement is true?
- A. Session-based authentication is enabled
- B. IP-based authentication is enabled
- C. Policy-based authentication is enabled
- D. Route-based authentication is enabled
正解:A
解説:
The correct statement is:
A. Session-based authentication is enabled
The configuration specifies the use of web authentication cookies (set web-auth-cookie enable), which is a form of session-based authentication. NTLM authentication = session-based
質問 # 18
Refer to the exhibit.
FortiGate has two separate firewall policies for Sales and Engineering to access the same web server with the same security profiles.
Which action must the administrator perform to consolidate the two policies into one?
- A. Select port1and port2 subnets in a single firewall policy.
- B. Enable Multiple Interface Policies to select port1and port2 in the same firewall policy
- C. Replace port1and port2with the any interface in a single firewall policy.
- D. Create an Interface Group that includes port1 and port2 to create a single firewall policy
正解:B
質問 # 19
Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)
- A. Lookup is done on the first packet from the session originator
- B. Lookup is done on the last packet sent from the responder
- C. Lookup is done on the first reply packet from the responder
- D. Lookup is done on every packet, regardless of direction
正解:A、C
解説:
FortiGate performs route lookup based on the trust packet. The trust packet is the first packet of the session that is sent by the session originator.
This is the packet that initiates the communication. The route lookup is also done on the trust reply packet, which is the first reply packet received from the responder.
In summary, FortiGate looks at the initial packet from the session originator and the first reply packet from the responder when performing route lookup to determine the suitable gateway.
質問 # 20
Which two statements are correct regarding FortiGate HA cluster virtual IP addresses? (Choose two.)
- A. Virtual IP addresses are used to distinguish between cluster members.
- B. A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster.
- C. Heartbeat interfaces have virtual IP addresses that are manually assigned.
- D. The primary device in the cluster is always assigned IP address 169.254.0.1.
正解:A、B
解説:
A). A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster: When a FortiGate device joins or leaves the High Availability (HA) cluster, there can be a change in the virtual IP address. The virtual IP address is typically associated with the primary unit in the cluster, and if there's a change in the cluster composition, the virtual IP may be reassigned to the new primary unit.
B). Virtual IP addresses are used to distinguish between cluster members:
Virtual IP addresses are indeed used to distinguish between cluster members. In an HA cluster, there is a virtual IP address that is associated with the primary unit. This virtual IP address serves as the gateway for devices on the network, and it helps ensure seamless failover in the event of a primary unit failure.
The other statements (C and D) are not accurate:
C). Heartbeat interfaces have virtual IP addresses that are manually assigned:
This statement is not correct. Heartbeat interfaces are used for communication between cluster members to monitor each other's status. Virtual IP addresses are typically associated with the cluster and are automatically assigned or reassigned based on the cluster configuration.
D). The primary device in the cluster is always assigned IP address 169.254.0.1:
This statement is not correct. The primary device in the cluster is assigned the virtual IP address associated with the cluster. The IP address 169.254.0.1 is typically reserved for certain link-local purposes and is not a standard IP address for the primary device in an HA cluster.
The correct statements regarding FortiGate HA cluster virtual IP addresses are:
A). A change in the virtual IP address happens when a FortiGate device joins or leaves the cluster.
B). Virtual IP addresses are used to distinguish between cluster members.
Extra
A). When a FortiGate device joins or leaves the cluster, the virtual IP address associated with the cluster may change. The virtual IP address is assigned to the primary device in the cluster, and if that device fails, the virtual IP address will failover to the secondary device.
B). Virtual IP addresses are used to distinguish between cluster members. Each device in the cluster has a unique physical IP address, but they share a virtual IP address that is used by clients to communicate with the cluster as a whole. The virtual IP address is used to identify the cluster, and clients use it to connect to the cluster rather than connecting to a specific device.
A change in the heartbeat ip addresses might happend when a fortigate device joins or leaves the cluster. In those cases, the cluster renegotiates the heartsbeat ip address assignment, this time taking into account the serial number of any new device, or removing the serial number of any device that left the cluster & cluster uses these virtual ip addressesto: Distinguish the cluster member
質問 # 21
Which statement correctly describes the use of reliable logging on FortiGate?
- A. Reliable logging prevents the loss of logs when the local disk is full.
- B. Reliable logging is required to encrypt the transmission of logs.
- C. Reliable logging can be configured only using the CLI.
- D. Reliable logging is enabled by default in all configuration scenarios.
正解:A
解説:
Reliable logging prevents the loss of logs when the local disk is full.
On a FortiGate device, reliable logging is a feature that helps to prevent the loss of log messages when the local disk is full. When reliable logging is enabled, the FortiGate will store log messages in a buffer until they can be written to the local disk. This helps to ensure that log messages are not lost due to a full disk, allowing administrators to maintain an accurate record of activity on the network.
Reliable logging is not enabled by default in all configuration scenarios, and it does not encrypt the transmission of logs or require the use of the CLI to be configured. However, it is a useful feature to enable in order to maintain a comprehensive record of activity on the network and help with troubleshooting and security analysis.
Reliable logging on FortiGate is used to prevent the loss of logs when the connection between FortiOS and FortiAnalyzer is disrupted. When reliable mode is enabled, logs are cached in a FortiOS memory queue. FortiOS sends logs to FortiAnalyzer, and FortiAnalyzer uses seq_no to track received logs. The other statements are incorrect:
Reliable logging is not enabled by default in all configuration scenarios. It must be enabled explicitly.
Reliable logging is not required to encrypt the transmission of logs. Encryption can be configured separately.
Reliable logging can be configured using the CLI or the FortiGate web interface.
The question is asking what describes the correct use meaning what is the main function of reliable logging wouldn't that be preventing loss of logs since disk is full by sending to Analyzer making D the correct answer.
The question is asking what describes the correct use meaning what is the main function of reliable logging wouldn't that be preventing loss of logs since disk is full by sending to Analyzer making D the correct answer.
You can encrypt the logs if you are sending your logs to cloud, but the main purpose of reliable logging is to make sure that all the logs you send are been received by the server.
You can encrypt the traffic, but it does not require, the most specific option is D.
質問 # 22
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
- A. The serial number in the server certificate
- B. The subject field in the server certificate
- C. The server name indication (SNI) extension in the client hello message
- D. The subject alternative name (SAN) field in the server certificate
- E. The host field in the HTTP header
正解:B、C、D
解説:
When SSL certificate inspection is enabled, FortiGate uses the following three pieces of information to identify the hostname of the SSL server:
A. The subject field in the server certificate
The subject field typically contains the common name (CN) that represents the hostname.
C. The server name indication (SNI) extension in the client hello message SNI is an extension to the TLS protocol that indicates the hostname to which the client is attempting to connect.
D. The subject alternative name (SAN) field in the server certificate
The SAN field can include additional hostnames (alternative names) that are valid for the certificate.
So, the correct choices are A, C, and D.
Fortigate firtsly uses SNI, if there is no SNI it uses Subject or Subject Alternatives.
During the exchange of hello messages at the beginning of an SSL handshake, FortiGate parses server name indication (SNI) from client Hello, which is an extension of the TLS protocol. The SNI tells FortiGate the hostname of the SSL server, which is validated against the DNS name before receipt of the server certificate. If there is no SNI exchanged, then FortiGate identifies the server by the value in the Subject field or SAN (subject alternative name) field in the server certificate.
質問 # 23
An administrator configured a FortiGate to act as a collector for agentless polling mode.
What must the administrator add to the FortiGate device to retrieve AD user group information?
- A. RADIUS server
- B. Windows server
- C. LDAP server
- D. DHCP server
正解:C
解説:
To retrieve AD user group information in agentless polling mode, the administrator must add an LDAP server to the FortiGate device.
質問 # 24
Which three strategies are valid SD-WAN rule strategies for member selection? (Choose three.)
- A. Lowest Cost (SLA) without load balancing
- B. Lowest Quality (SLA) with load balancing
- C. Best Quality with load balancing
- D. Manual with load balancing
- E. Lowest Cost (SLA) with load balancing
正解:C、D、E
質問 # 25
What is the primary FortiGate election process when the HA override setting is disabled?
- A. Connected monitored ports > Priority > HA uptime > FortiGate serial number
- B. Connected monitored ports > System uptime > Priority > FortiGate serial number
- C. Connected monitored ports > Priority > System uptime > FortiGate serial number
- D. Connected monitored ports > HA uptime > Priority > FortiGate serial number
正解:C
解説:
When the HA override setting is disabled, FortiGate uses the primary election process based on the following criteria:
* Connected monitored ports: The unit with the most monitored ports up is preferred.
* Priority: The unit with the highest priority is preferred.
* System uptime: The unit with the longest uptime is preferred.
* FortiGate serial number: Used as the final criterion to break any remaining ties.
References:
* FortiOS 7.4.1 Administration Guide: HA election process
質問 # 26
Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?
- A. diagnose wad session list | grep hook=pre&&hook=out
- B. diagnose wad session list | grep hook-pre&&hook-out
- C. diagnose wad session list | grep "hook=pre"&"hook=out"
- D. diagnose wad session list
正解:D
解説:
diagnose wad session list
Running the diagnose wad session list command will indeed display the sessions managed by the Web Application Firewall (WAF) module, and you can review the information in the output to analyze traffic from the client to the proxy and from the proxy to the servers.
質問 # 27
Examine the two static routes shown in the exhibit, then answer the following question.
Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?
- A. FortiGate will use the port1 route as the primary candidate.
- B. FortiGate will route twice as much traffic to the port2 route
- C. FortiGate will load balance all traffic across both routes.
- D. FortiGate will only actuate the port1 route in the routing table
正解:A
解説:
B. FortiGate will use the port1 route as the primary candidate.
FortiGate will use the port1 route as the primary candidate. It has better priority.
質問 # 28
Refer to the exhibit.
Based on the ZTNA tag, the security posture of the remote endpoint has changed.
What will happen to endpoint active ZTNA sessions?
- A. They will be re-evaluated to match the ZTNA policy.
- B. They will be re-evaluated to match the endpoint policy.
- C. They will be re-evaluated to match the security policy.
- D. They will be re-evaluated to match the firewall policy.
正解:A
解説:
C: They will be re-evaluated to match the ZTNA policy.
Endpoint posture changes trigger active ZTNA proxy sessions to be re-verified and terminated if the endpoint is no longer compliant with the ZTNA policy.
質問 # 29
Which three methods are used by the collector agent for AD polling? (Choose three.)
- A. WMI
- B. NetAPI
- C. WinSecLog
- D. FortiGate polling
- E. FSSO REST API
正解:B、D、E
質問 # 30
An administrator has configured two-factor authentication to strengthen SSL VPN access.
Which additional best practice can an administrator implement?
- A. Configure Source IP Pools
- B. Configure host check
- C. Configure split tunneling in tunnel mode
- D. Configure different SSL VPN realms
正解:B
解説:
C is correct. Security check option.
For context, Host Check uses the FortiClient to check that certain conditions on the remote PC are met, such as having AV installed, that there is a specific file located on the PC, that a certain process is running on the PC, or that specific registry entries exist on the PC. Host Check basically ensures that the PC with the VPN Client installed is setup according to your organizations standards.
When implementing two-factor authentication for SSL VPN access, configuring a host check is an additional best practice. A host check involves checking the security posture and compliance of the connecting device before granting access. This can include checking for the presence of antivirus software, ensuring that the device is up-to-date with patches, and verifying other security-related configurations.
This additional layer of security helps ensure that the devices connecting to the SSL VPN meet certain security requirements, reducing the risk of compromised devices gaining access to the network. It adds an extra level of assurance that the connecting devices are not only authenticating through two factors (such as username/password and a token) but also adhering to security policies.
質問 # 31
FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy.
Which two other security profiles can you apply to the security policy? (Choose two.)
- A. File filter
- B. Antivirus scanning
- C. Intrusion prevention
- D. DNS filter
正解:B、C
解説:
Security policy: If the traffic is allowed as per the consolidated policy, FortiGate will then process it based on the security policy to analyze additional criteria, such as URL categories for web filtering and application control. Also, if enabled, the security policy further inspects traffic using security profiles such as IPS and AV.
When FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy, you can also apply Antivirus scanning and Intrusion Prevention security profiles. These additional security profiles enhance the overall security posture of the network.
Extra explanation:
In addition to web filtering and application control, you can apply the following security profiles to the security policy on a FortiGate firewall:
A. Antivirus scanning: This profile scans traffic for viruses, malware, and other malicious content to prevent them from entering the network.
D. Intrusion prevention: This profile protects against network threats by inspecting traffic for known attack patterns and malicious activities, helping to prevent unauthorized access and data breaches. So, the correct answers are A. Antivirus scanning and D. Intrusion prevention
質問 # 32
Refer to the exhibits.

The exhibits show the application sensor configuration and the Excessive-Bandwidth and Apple filter details.
Based on the configuration, what will happen to Apple FaceTime if there are only a few calls originating or incoming?
- A. Apple FaceTime will be allowed, based on the Video/Audio category configuration.
- B. Apple FaceTime will be allowed only if the Apple filter in Application and Filter Overrides is set to Allow.
- C. Apple FaceTime will be allowed, based on the Apple filter configuration.
- D. Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration.
正解:D
解説:
Based on the application sensor configuration and the filter details:
* D. Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration: The
"Excessive-Bandwidth" filter is set to block, which includes "FaceTime" under its application signature.
As a result, FaceTime will be blocked regardless of the "Apple" filter configuration because the
"Excessive-Bandwidth" filter takes precedence due to its block action setting.
The other options are not correct:
* A. Apple FaceTime will be allowed, based on the Video/Audio category configuration: The Video
/Audio category is not relevant because FaceTime is specifically included in the Excessive-Bandwidth filter, which blocks it.
* B. Apple FaceTime will be allowed, based on the Apple filter configuration: Although the Apple filter is set to monitor, the block action of the Excessive-Bandwidth filter will override this.
* C. Apple FaceTime will be allowed only if the Apple filter in Application and Filter Overrides is set to Allow: The allow setting for the Apple filter is irrelevant in this context, as the block action in the Excessive-Bandwidth filter will prevail.
References
* FortiOS 7.4.1 Administration Guide - Application Control and Filtering, page 978.
* FortiOS 7.4.1 Administration Guide - Application Sensor Configuration, page 982.
質問 # 33
NGFW mode allows policy-based configuration for most inspection rules.
Which security profile's configuration does not change when you enable policy-based inspection?
- A. Web proxy
- B. Web filtering
- C. Application control
- D. Antivirus
正解:D
解説:
Antivirus and IPS is enhanced by the IPS Engine, so that is why B is the right answer.
When you enable policy-based inspection in NGFW (Next-Generation Firewall) mode, the security profile configuration that typically does not change is:
B: Antivirus So, the correct answer is B. Antivirus.
質問 # 34
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?
- A. NetAPI polling can increase bandwidth usage in large networks.
- B. The collector agent uses a Windows API to query DCs for user logins.
- C. The NetSessionEnum function is used to track user logouts.
- D. The collector agent must search security event logs.
正解:C
解説:
The NetSessionEnum function is used to track user logouts.
Study Guide - FSSO - FSSO with Windows Active Directory - Collector Agent-Based Polling Mode Options.
Collector agent-based polling mode has three methods (or options) for collecting logon info: NetAPI, WinSecLog and WMI.
NetAPI: Polls temporary sessions created on the DC when a user logs on or logs off and calls the NetSessionEnum function on Windows. It's faster than the WinSec and WMI methods; however, it can miss some logon events if a DC is under heavy system load. This is because sessions can be quickly created and purged form RAM, before the agent has a chance to poll and notify FG.
NetAPI: polls temporary sessions created on the DC when a user logs in or logs out and calls the NetSessionEnum function on Windows. It's faster than the WinSec and WMI methods; however, it can miss some login events if a DC is under heavy system load. This is because sessions can be quickly created and purged from RAM, before the agent has a chance to poll and notify FortiGate.
Incorrect:
A: NetAPI polling can increase bandwidth usage in large networks. (WinSecLog) C: The collector agent must search security event logs. (WinSecLog) D: The collector agent uses a Windows API to query DCs for user logins. (WMI)
- WinSecLog: polis all the security event logs from the DC. It doesn't miss any login events that have been recorded by the DC because events are not normally deleted from the logs. There can be some delay in FortiGate receiving events if the network is large and, therefore, writing to the logs is slow. It also requires that the audit success of specific event IDs is recorded in the Windows security logs. For a full list of supported event IDs, visit the Fortinet Knowledge Base (http://kb.fortinet.com).
- NetAPI: polls temporary sessions created on the DC when a user logs in or logs out and calls the NetSessionEnum function on Windows. It's faster than the WinSec and WMI methods; however, it can miss some login events if a DC is under heavy system load. This is because sessions can be quickly created and purged from RAM, before the agent has a chance to poll and notify FortiGate.
質問 # 35
Which two IP pool types are useful for carrier-grade NAT deployments? (Choose two.)
- A. One-to-one
- B. Fixed port range
- C. Port block allocation
- D. Overload
正解:B、C
解説:
The two IP pool types that are useful for carrier-grade NAT (CGNAT) deployments are:
A. Port block allocation
B. Fixed port range
A. Port block allocation: In this method, a range of ports is allocated to each internal IP address. This allows multiple internal devices to share the same public IP address but use different port ranges, enabling more efficient use of IP addresses.
B. Fixed port range: This method allocates a fixed range of ports to each internal IP address. It is similar to port block allocation but restricts the port range to a fixed set of ports for each internal IP address, which can be useful for certain applications or scenarios.
Both port block allocation and fixed port range allocation are commonly used in CGNAT deployments to manage the mapping of internal private IP addresses to public IP addresses and ports, allowing for efficient use of limited IPv4 addresses.
質問 # 36
......
FCP_FGT_AD-7.4プレミアム試験エンジンとPDFダウンロード:https://jp.fast2test.com/FCP_FGT_AD-7.4-premium-file.html