Practice Free FCP_FGT_AD-7.6 Exam Online Questions
Question #21
An administrator manages a FortiGate model that supports NTurbo.
How does NTurbo enhance performance for flow-based inspection?
- A . NTurbo offloads traffic to the content processor.
- B . NTurbo creates two inspection sessions on the FortiGate device.
- C . NTurbo buffers the whole file and then sends it to the antivirus engine.
- D . NTurbo creates a special data path to redirect traffic between the IPS engine its ingress and egress interfaces.
Correct Answer: A
A
Explanation:
NTurbo enhances performance for flow-based inspection by offloading traffic to the content processor.
A
Explanation:
NTurbo enhances performance for flow-based inspection by offloading traffic to the content processor.
Question #22
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?
- A . NetAPI polling can increase bandwidth usage in large networks.
- B . The NetSessionEnum function is used to track user logouts.
- C . The collector agent must search security event logs.
- D . The collector agent uses a Windows API to query DCs for user logins.
Correct Answer: B
B
Explanation:
The NetSessionEnum function is used to track user logouts.
Study Guide C FSSO C FSSO with Windows Active Directory C Collector Agent-Based Polling Mode Options.
Collector agent-based polling mode has three methods (or options) for collecting logon info: NetAPI, WinSecLog and WMI.
NetAPI: Polls temporary sessions created on the DC when a user logs on or logs off and calls the NetSessionEnum function on Windows. It’s faster than the WinSec and WMI methods; however, it can miss some logon events if a DC is under heavy system load. This is because sessions can be quickly created and purged form RAM, before the agent has a chance to poll and notify FG.
NetAPI: polls temporary sessions created on the DC when a user logs in or logs out and calls the NetSessionEnum function on Windows. It’s faster than the WinSec and WMI methods; however, it can miss some login events if a DC is under heavy system load. This is because sessions can be quickly created and purged from RAM, before the agent has a chance to poll and notify FortiGate.
Incorrect:
B
Explanation:
The NetSessionEnum function is used to track user logouts.
Study Guide C FSSO C FSSO with Windows Active Directory C Collector Agent-Based Polling Mode Options.
Collector agent-based polling mode has three methods (or options) for collecting logon info: NetAPI, WinSecLog and WMI.
NetAPI: Polls temporary sessions created on the DC when a user logs on or logs off and calls the NetSessionEnum function on Windows. It’s faster than the WinSec and WMI methods; however, it can miss some logon events if a DC is under heavy system load. This is because sessions can be quickly created and purged form RAM, before the agent has a chance to poll and notify FG.
NetAPI: polls temporary sessions created on the DC when a user logs in or logs out and calls the NetSessionEnum function on Windows. It’s faster than the WinSec and WMI methods; however, it can miss some login events if a DC is under heavy system load. This is because sessions can be quickly created and purged from RAM, before the agent has a chance to poll and notify FortiGate.
Incorrect:
Question #23
What are two benefits of flow-based inspection compared to proxy-based inspection? (Choose two.)
- A . FortiGate uses fewer resources.
- B . FortiGate performs a more exhaustive inspection on traffic.
- C . FortiGate adds less latency to traffic.
- D . FortiGate allocates two sessions per connection.
Correct Answer: A,C
A,C
Explanation:
A,C
Explanation:
Question #24
Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)
- A . FortiSandbox
- B . FortiCloud
- C . FortiSIEM
- D . FortiCache
- E . FortiAnalyzer
Correct Answer: B,C,E
B,C,E
Explanation:
B. FortiCloud
C. FortiSIEM
E. FortiAnalyzer
You can configure FortiGate to store logs on syslog servers, FortiCloud, FortiSIEM, FortiAnalyzer, or FortiManager. These logging devices can also be used as a backup solution. Whenever possible, it is preferred to store logs externally.
If storing logs locally does not fit your requirements, you can store logs externally. You can configure FG to store logs on syslog servers, FortiCloud, FortiSIEM, FortiAnalyzer or FortiManager. These logging devices can also be used as a backup solution.
B,C,E
Explanation:
B. FortiCloud
C. FortiSIEM
E. FortiAnalyzer
You can configure FortiGate to store logs on syslog servers, FortiCloud, FortiSIEM, FortiAnalyzer, or FortiManager. These logging devices can also be used as a backup solution. Whenever possible, it is preferred to store logs externally.
If storing logs locally does not fit your requirements, you can store logs externally. You can configure FG to store logs on syslog servers, FortiCloud, FortiSIEM, FortiAnalyzer or FortiManager. These logging devices can also be used as a backup solution.
Question #25
Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)
- A . Firewall policy
- B . Policy rule
- C . Security policy
- D . SSL inspection and authentication policy
Correct Answer: C,D
C,D
Explanation:
NGFW policy based mode, you must configure a few policies to allow traffic:
SSL inspection & Authentication, Security policy.
Security policies work with SSL Inspection & Authentication policies to inspect traffic. To allow traffic from a specific user or user group, both Security and SSL Inspection & Authentication policies must be configured.
If you are using Policy Based Mode, SSL Inspection & Authentication (consolidated) and Security Policy are required to allow traffic.
C,D
Explanation:
NGFW policy based mode, you must configure a few policies to allow traffic:
SSL inspection & Authentication, Security policy.
Security policies work with SSL Inspection & Authentication policies to inspect traffic. To allow traffic from a specific user or user group, both Security and SSL Inspection & Authentication policies must be configured.
If you are using Policy Based Mode, SSL Inspection & Authentication (consolidated) and Security Policy are required to allow traffic.
Question #26
Which statement is correct regarding the use of application control for inspecting web applications?
- A . Application control can identify child and parent applications, and perform different actions on them.
- B . Application control signatures are organized in a nonhierarchical structure.
- C . Application control does not require SSL inspection to identify web applications.
- D . Application control does not display a replacement message for a blocked web application.
Correct Answer: A
A
Explanation:
Application control in FortiGate can identify both parent and child applications within web applications. This allows for granular control and the ability to perform different actions based on the specific application detected.
Application control is a feature that allows FortiGate to inspect and control the use of specific web applications on the network. When application control is enabled, FortiGate can identify child and parent applications, and can perform different actions on them based on the configuration.
The FortiGuard application control signature database is organized in a hierarchical structure. This gives you the ability to inspect the traffic with more granularity. You can block Facebook applications while allowing users to collaborate using Facebook chat.
A
Explanation:
Application control in FortiGate can identify both parent and child applications within web applications. This allows for granular control and the ability to perform different actions based on the specific application detected.
Application control is a feature that allows FortiGate to inspect and control the use of specific web applications on the network. When application control is enabled, FortiGate can identify child and parent applications, and can perform different actions on them based on the configuration.
The FortiGuard application control signature database is organized in a hierarchical structure. This gives you the ability to inspect the traffic with more granularity. You can block Facebook applications while allowing users to collaborate using Facebook chat.
Question #27
A network administrator has enabled SSL certificate inspection and antivirus on FortiGate. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and the file can be downloaded.
What is the reason for the failed virus detection by FortiGate?
- A . Application control is not enabled
- B . SSL/SSH Inspection profile is incorrect
- C . Antivirus profile configuration is incorrect
- D . Antivirus definitions are not up to date
Correct Answer: B
B
Explanation:
B is correct as https traffic requires SSL decryption. Check the ssh inspection profile.
The likely reason for the failed virus detection by FortiGate when downloading the EICAR test file through HTTPS is:
B. SSL/SSH Inspection profile is incorrect
SSL certificate inspection (SSL/SSH inspection) is necessary for FortiGate to inspect encrypted traffic. If the SSL/SSH Inspection profile is not correctly configured or if there are issues with the SSL certificate used for inspection, the FortiGate device may not be able to inspect the contents of the encrypted HTTPS traffic, leading to a failure in virus detection.
So, the correct answer is B. SSL/SSH Inspection profile is incorrect.
"Full inspection is required"
B
Explanation:
B is correct as https traffic requires SSL decryption. Check the ssh inspection profile.
The likely reason for the failed virus detection by FortiGate when downloading the EICAR test file through HTTPS is:
B. SSL/SSH Inspection profile is incorrect
SSL certificate inspection (SSL/SSH inspection) is necessary for FortiGate to inspect encrypted traffic. If the SSL/SSH Inspection profile is not correctly configured or if there are issues with the SSL certificate used for inspection, the FortiGate device may not be able to inspect the contents of the encrypted HTTPS traffic, leading to a failure in virus detection.
So, the correct answer is B. SSL/SSH Inspection profile is incorrect.
"Full inspection is required"
Question #28
Refer to the exhibit.
Which statement about this firewall policy list is true?
- A . The Implicit group can include more than one deny firewall policy.
- B . The firewall policies are listed by ID sequence view.
- C . The firewall policies are listed by ingress and egress interfaces pairing view.
- D . LAN to WAN. WAN to LAN. and Implicit are sequence grouping view lists.
Correct Answer: C
C
Explanation:
The firewall policy list in the exhibit is arranged in the "Interface Pair View," where policies are grouped by their incoming (ingress) and outgoing (egress) interface pairs. Each section (LAN to WAN, WAN to LAN, etc.) groups policies based on these interface pairings. This view helps administrators quickly identify which policies apply to specific traffic flows between network interfaces.
Options A and D are incorrect because the Implicit group typically does not include more than one deny policy, and there is no "sequence grouping view" in FortiGate. Option B is incorrect as the list is not displayed strictly by ID sequence.
Reference: FortiOS 7.4.1 Administration Guide: Firewall Policy Views
C
Explanation:
The firewall policy list in the exhibit is arranged in the "Interface Pair View," where policies are grouped by their incoming (ingress) and outgoing (egress) interface pairs. Each section (LAN to WAN, WAN to LAN, etc.) groups policies based on these interface pairings. This view helps administrators quickly identify which policies apply to specific traffic flows between network interfaces.
Options A and D are incorrect because the Implicit group typically does not include more than one deny policy, and there is no "sequence grouping view" in FortiGate. Option B is incorrect as the list is not displayed strictly by ID sequence.
Reference: FortiOS 7.4.1 Administration Guide: Firewall Policy Views
Question #29
Which three methods can you use to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.)
- A . Instant message app
- B . FortiToken
- C . Email
- D . Voicemail message
- E . SMS text message
Correct Answer: B,C,E
B,C,E
Explanation:
The three methods that can be used to deliver the token code to a user configured to use two-factor authentication are:
B. FortiToken
FortiToken is a physical or software-based token that generates time-based or event-based codes for two-factor authentication.
C. Email
The token code can be delivered to the user via email, where the user has access to the code through their email account.
E. SMS text message
The token code can be sent to the user as a text message (SMS) to their mobile device.
These methods provide flexibility in delivering the token code to users for two-factor authentication.
So, the correct choices are B, C, and E.
B,C,E
Explanation:
The three methods that can be used to deliver the token code to a user configured to use two-factor authentication are:
B. FortiToken
FortiToken is a physical or software-based token that generates time-based or event-based codes for two-factor authentication.
C. Email
The token code can be delivered to the user via email, where the user has access to the code through their email account.
E. SMS text message
The token code can be sent to the user as a text message (SMS) to their mobile device.
These methods provide flexibility in delivering the token code to users for two-factor authentication.
So, the correct choices are B, C, and E.
Question #30
Refer to the exhibit.
FortiGate has two separate firewall policies for Sales and Engineering to access the same web server with the same security profiles.
Which action must the administrator perform to consolidate the two policies into one?
- A . Enable Multiple Interface Policies to select port1 and port2 in the same firewall policy
- B . Create an Interface Group that includes port1 and port2 to create a single firewall policy
- C . Select port1 and port2 subnets in a single firewall policy.
- D . Replace port1 and port2 with the any interface in a single firewall policy.
Correct Answer: B
B
Explanation:
To consolidate the two separate firewall policies for Sales and Engineering departments accessing the same web server, you can create an Interface Group that includes both port1 (Sales) and port2 (Engineering). Once the Interface Group is created, you can use this group as a single incoming interface in a single firewall policy. This approach reduces the number of policies, making management more efficient.
Reference: FortiOS 7.4.1 Administration Guide: Firewall Policy Configuration
B
Explanation:
To consolidate the two separate firewall policies for Sales and Engineering departments accessing the same web server, you can create an Interface Group that includes both port1 (Sales) and port2 (Engineering). Once the Interface Group is created, you can use this group as a single incoming interface in a single firewall policy. This approach reduces the number of policies, making management more efficient.
Reference: FortiOS 7.4.1 Administration Guide: Firewall Policy Configuration