CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. FCP_FGT_AD-7.4

Free FCP_FGT_AD-7.4 Exam Braindumps (page: 7)

Page 6 of 23
PDF with 89 Questions

Which three strategies are valid SD-WAN rule strategies for member selection? (Choose three.)

  1. Manual with load balancing
  2. Lowest Cost (SLA) with load balancing
  3. Best Quality with load balancing
  4. Lowest Quality (SLA) with load balancing
  5. Lowest Cost (SLA) without load balancing

Answer(s): A,B,C

Explanation:

FortiGate's SD-WAN rule strategies for member selection include the following:
Manual with load balancing: This strategy allows an administrator to manually configure which SD- WAN member interfaces to use for specific traffic.
Lowest Cost (SLA) with load balancing: This strategy prioritizes the link with the lowest cost that meets the SLA requirements.
Best Quality with load balancing: This strategy selects the link with the best performance metrics, such as latency, jitter, or packet loss.
Options D and E are incorrect because "Lowest Quality" is not a valid strategy, and "Lowest Cost without load balancing" contradicts the requirement for load balancing in the strategy name.


Reference:

FortiOS 7.4.1 Administration Guide: SD-WAN Rule Strategies



Which two features of IPsec IKEv1 authentication are supported by FortiGate? (Choose two.)

  1. Pre-shared key and certificate signature as authentication methods
  2. Extended authentication (XAuth)to request the remote peer to provide a username and password
  3. Extended authentication (XAuth) for faster authentication because fewer packets are exchanged
  4. No certificate is required on the remote peer when you set the certificate signature as the authentication method

Answer(s): A,B

Explanation:

FortiGate supports both pre-shared key and certificate signature methods for IKEv1 authentication. These methods provide flexibility depending on the security requirements of the network. Additionally, FortiGate supports Extended Authentication (XAuth), which requests a username and password from the remote peer, enhancing security by adding an extra layer of authentication. The XAuth method does not necessarily make the authentication faster; it is an additional security measure.


Reference:

FortiOS 7.4.1 Administration Guide: IPsec VPN Configuration



Which two statements are true regarding FortiGate HA configuration synchronization? (Choose two.)

  1. Checksums of devices are compared against each other to ensure configurations are the same.
  2. Incremental configuration synchronization can occur only from changes made on the primary FortiGate device.
  3. Incremental configuration synchronization can occur from changes made on any FortiGate device within the HA cluster
  4. Checksums of devices will be different from each other because some configuration items are not synced to other HA members.

Answer(s): A,B

Explanation:

In FortiGate HA (High Availability) configuration, checksums of device configurations are compared to ensure they are synchronized and identical across the cluster. Incremental synchronization can only happen from changes made on the primary device to ensure consistency and integrity across the cluster members. Changes made on non-primary devices do not initiate synchronization.


Reference:

FortiOS 7.4.1 Administration Guide: HA Configuration Synchronization



What are two features of the NGFW profile-based mode? (Choose two.)

  1. NGFW profile-based mode can only be applied globally and not on individual VDOMs.
  2. NGFW profile-based mode must require the use of central source NAT policy
  3. NGFW profile-based mode policies support both flow inspection and proxy inspection.
  4. NGFW profile-based mode supports applying applications and web filtering profiles in a firewall policy.

Answer(s): C,D

Explanation:

NGFW (Next Generation Firewall) profile-based mode in FortiGate allows policies to use both flow- based and proxy-based inspection modes, providing flexibility depending on security and performance requirements. Additionally, profile-based mode supports applying applications and web filtering profiles directly in a firewall policy, allowing granular control over the traffic.


Reference:

FortiOS 7.4.1 Administration Guide: NGFW Mode Configuration






Post your Comments and Discuss Fortinet FCP_FGT_AD-7.4 exam with other Community members:

FCP_FGT_AD-7.4 Discussions & Posts