CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. FCP_FGT_AD-7.4

Free FCP_FGT_AD-7.4 Exam Braindumps (page: 2)

Page 1 of 23
PDF with 88 Questions

Refer to the exhibit.



Which two statements are true about the routing entries in this database table? (Choose two.)

  1. All of the entries in the routing database table are installed in the FortiGate routing table.
  2. The port2 interface is marked as inactive.
  3. Both default routes have different administrative distances.
  4. The default route on porc2 is marked as the standby route.

Answer(s): C,D

Explanation:

The routing table in the exhibit shows two default routes (0.0.0.0/0) with different administrative distances:
The default route through port2 has an administrative distance of 20. The default route through port1 has an administrative distance of 10. Administrative distance determines the priority of the route; a lower value is preferred. Here, the route through port1 with an administrative distance of 10 is the preferred route. The route through port2 with an administrative distance of 20 acts as a standby or backup route. If the primary route (port1) fails or is unavailable, traffic will then be routed through port2. Regarding the statement that the port2 interface is marked as inactive, there is no indication in the routing table that port2 is inactive. Similarly, all the routes displayed are not necessarily installed in the FortiGate routing table, as the table could include both active and backup routes.


Reference:

FortiOS 7.4.1 Administration Guide: Default route configuration FortiOS 7.4.1 Administration Guide: Routing table explanation



Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

  1. The host field in the HTTP header.
  2. The server name indication (SNI) extension in the client hello message.
  3. The subject alternative name (SAN) field in the server certificate.
  4. The subject field in the server certificate.
  5. The serial number in the server certificate.

Answer(s): B,C,D

Explanation:

When SSL certificate inspection is enabled on a FortiGate device, the system uses the following three pieces of information to identify the hostname of the SSL server:
Server Name Indication (SNI) extension in the client hello message (B): The SNI is an extension in the client hello message of the SSL/TLS protocol. It indicates the hostname the client is attempting to connect to. This allows FortiGate to identify the server's hostname during the SSL handshake. Subject Alternative Name (SAN) field in the server certificate (C): The SAN field in the server certificate lists additional hostnames or IP addresses that the certificate is valid for. FortiGate inspects this field to confirm the identity of the server.

Subject field in the server certificate (D): The Subject field contains the primary hostname or domain name for which the certificate was issued. FortiGate uses this information to match and validate the server's identity during SSL certificate inspection.
The other options are not used in SSL certificate inspection for hostname identification:
Host field in the HTTP header (A): This is part of the HTTP request, not the SSL handshake, and is not used for SSL certificate inspection.
Serial number in the server certificate (E): The serial number is used for certificate management and revocation, not for hostname identification.


Reference:

FortiOS 7.4.1 Administration Guide - SSL/SSH Inspection, page 1802. FortiOS 7.4.1 Administration Guide - Configuring SSL/SSH Inspection Profile, page 1799.



Refer to the exhibit.



Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?

  1. All traffic from a source IP to a destination IP is sent to the same interface.
  2. Traffic is sent to the link with the lowest latency.
  3. Traffic is distributed based on the number of sessions through each interface.
  4. All traffic from a source IP is sent to the same interface

Answer(s): A

Explanation:

For traffic that does not match any of the defined SD-WAN rules, the default implicit SD-WAN rule is applied. By default, the FortiGate uses a "source-destination IP-based" algorithm, which means all traffic from a specific source IP to a specific destination IP is sent through the same interface. This ensures that a consistent path is used for traffic between the same source and destination IP addresses. Options B, C, and D do not apply because the default algorithm does not prioritize by latency, session count, or source IP alone.


Reference:

FortiOS 7.4.1 Administration Guide: SD-WAN Load Balancing Algorithms



A network administrator is configuring an IPsec VPN tunnel for a sales employee travelling abroad.
Which IPsec Wizard template must the administrator apply?

  1. Remote Access
  2. Site to Site
  3. Dial up User
  4. iHub-and-Spoke

Answer(s): A

Explanation:

For configuring an IPsec VPN tunnel for a sales employee traveling abroad, the "Remote Access" template is the most appropriate choice. This template is designed to allow remote users to securely connect to the internal network of an organization from any location using FortiClient or a compatible client. The other options, such as "Site to Site," "Dial up User," and "iHub-and-Spoke," are used for connecting different networks or sites, not individual remote users.


Reference:

FortiOS 7.4.1 Administration Guide: IPsec Wizard Template Types






Post your Comments and Discuss Fortinet FCP_FGT_AD-7.4 exam with other Community members:

FCP_FGT_AD-7.4 Discussions & Posts