Fortinet FCSS_EFW_AD-7.4 - FCSS - Enterprise Firewall 7.4 Administrator Exam
Page: 2 / 12
Total 57 questions
Question #6 (Topic: Exam A)
Why does the ISDB block layers 3 and 4 of the OSI model when applying content filtering? (Choose two.)
A. FortiGate has a predefined list of all IPs and ports for specific applications downloaded from FortiGuard.
B. The ISDB blocks the IP addresses and ports of an application predefined by FortiGuard.
C. The ISDB works in proxy mode, allowing the analysis of packets in layers 3 and 4 of the OSI model.
D. The ISDB limits access by URL and domain.
Answer: AB
Question #7 (Topic: Exam A)
Refer to the exhibits.
The Administrators section of a root FortiGate device and the Security Fabric Settings section of a downstream FortiGate device are shown.
When prompted to sign in with Security Fabric in the downstream FortiGate device, a user enters the AdminSSO credentials.
What is the next status for the user?
The Administrators section of a root FortiGate device and the Security Fabric Settings section of a downstream FortiGate device are shown.
When prompted to sign in with Security Fabric in the downstream FortiGate device, a user enters the AdminSSO credentials.
What is the next status for the user?
A. The user is prompted to create an SSO administrator account for AdminSSO.
B. The user receives an authentication failure message.
C. The user accesses the downstream FortiGate with super_admin_readonly privileges.
D. The user accesses the downstream FortiGate with super_admin privileges.
Answer: C
Question #8 (Topic: Exam A)
A user reports that their computer was infected with malware after accessing a secured HTTPS website. However, when the administrator checks the FortiGate logs, they do not see that the website was detected as insecure despite having an SSL certificate and correct profiles applied on the policy.
How can an administrator ensure that FortiGate can analyze encrypted HTTPS traffic on a website?
How can an administrator ensure that FortiGate can analyze encrypted HTTPS traffic on a website?
A. The administrator must enable reputable websites to allow only SSL/TLS websites rated by FortiGuard web filter.
B. The administrator must enable URL extraction from SNI on the SSL certificate inspection to ensure the TLS three-way handshake is correctly analyzed by FortiGate.
C. The administrator must enable DNS over TLS to protect against fake Server Name Indication (SNI) that cannot be analyzed in common DNS requests on HTTPS websites.
D. The administrator must enable full SSL inspection in the SSL/SSH Inspection Profile to decrypt packets and ensure they are analyzed as expected.
Answer: D
Question #9 (Topic: Exam A)
Refer to the exhibit, which shows an ADVPN network.
The client behind Spoke-1 generates traffic to the device located behind Spoke-2.
What is the first message that the hub sends to Spoke-1 to bring up the dynamic tunnel?
The client behind Spoke-1 generates traffic to the device located behind Spoke-2.
What is the first message that the hub sends to Spoke-1 to bring up the dynamic tunnel?
A. Shortcut query
B. Shortcut offer
C. Shortcut reply
D. Shortcut forward
Answer: B
Question #10 (Topic: Exam A)
What is the initial step performed by FortiGate when handling the first packets of a session?
A. Installation of the session key in the network processor (NP)
B. Data encryption and decryption
C. Security inspections such as ACL, HPE, and IP integrity header checking
D. Offloading the packets directly to the content processor (CP)
Answer: C
