Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Fortinet
  3. FCP_FGT_AD-7.4

Fortinet FCP_FGT_AD-7.4 Exam (page: 1)
Fortinet FCP - FortiGate 7.4 Administrator
Updated on: 13-Dec-2025

Viewing Page 1 of 19
FCP_FGT_AD-7.4 PDF 89 Questions

Refer to the exhibit.



Which two statements are true about the routing entries in this database table? (Choose two.)

  1. All of the entries in the routing database table are installed in the FortiGate routing table.
  2. The port2 interface is marked as inactive.
  3. Both default routes have different administrative distances.
  4. The default route on porc2 is marked as the standby route.

Answer(s): C,D

Explanation:

The routing table in the exhibit shows two default routes (0.0.0.0/0) with different administrative distances:
The default route through port2 has an administrative distance of 20. The default route through port1 has an administrative distance of 10. Administrative distance determines the priority of the route; a lower value is preferred. Here, the route through port1 with an administrative distance of 10 is the preferred route. The route through port2 with an administrative distance of 20 acts as a standby or backup route. If the primary route (port1) fails or is unavailable, traffic will then be routed through port2. Regarding the statement that the port2 interface is marked as inactive, there is no indication in the routing table that port2 is inactive. Similarly, all the routes displayed are not necessarily installed in the FortiGate routing table, as the table could include both active and backup routes.


Reference:

FortiOS 7.4.1 Administration Guide: Default route configuration FortiOS 7.4.1 Administration Guide: Routing table explanation



Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

  1. The host field in the HTTP header.
  2. The server name indication (SNI) extension in the client hello message.
  3. The subject alternative name (SAN) field in the server certificate.
  4. The subject field in the server certificate.
  5. The serial number in the server certificate.

Answer(s): B,C,D

Explanation:

When SSL certificate inspection is enabled on a FortiGate device, the system uses the following three pieces of information to identify the hostname of the SSL server:
Server Name Indication (SNI) extension in the client hello message (B): The SNI is an extension in the client hello message of the SSL/TLS protocol. It indicates the hostname the client is attempting to connect to. This allows FortiGate to identify the server's hostname during the SSL handshake. Subject Alternative Name (SAN) field in the server certificate (C): The SAN field in the server certificate lists additional hostnames or IP addresses that the certificate is valid for. FortiGate inspects this field to confirm the identity of the server.

Subject field in the server certificate (D): The Subject field contains the primary hostname or domain name for which the certificate was issued. FortiGate uses this information to match and validate the server's identity during SSL certificate inspection.
The other options are not used in SSL certificate inspection for hostname identification:
Host field in the HTTP header (A): This is part of the HTTP request, not the SSL handshake, and is not used for SSL certificate inspection.
Serial number in the server certificate (E): The serial number is used for certificate management and revocation, not for hostname identification.


Reference:

FortiOS 7.4.1 Administration Guide - SSL/SSH Inspection, page 1802. FortiOS 7.4.1 Administration Guide - Configuring SSL/SSH Inspection Profile, page 1799.



Refer to the exhibit.



Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?

  1. All traffic from a source IP to a destination IP is sent to the same interface.
  2. Traffic is sent to the link with the lowest latency.
  3. Traffic is distributed based on the number of sessions through each interface.
  4. All traffic from a source IP is sent to the same interface

Answer(s): A

Explanation:

For traffic that does not match any of the defined SD-WAN rules, the default implicit SD-WAN rule is applied. By default, the FortiGate uses a "source-destination IP-based" algorithm, which means all traffic from a specific source IP to a specific destination IP is sent through the same interface. This ensures that a consistent path is used for traffic between the same source and destination IP addresses. Options B, C, and D do not apply because the default algorithm does not prioritize by latency, session count, or source IP alone.


Reference:

FortiOS 7.4.1 Administration Guide: SD-WAN Load Balancing Algorithms



A network administrator is configuring an IPsec VPN tunnel for a sales employee travelling abroad.
Which IPsec Wizard template must the administrator apply?

  1. Remote Access
  2. Site to Site
  3. Dial up User
  4. iHub-and-Spoke

Answer(s): A

Explanation:

For configuring an IPsec VPN tunnel for a sales employee traveling abroad, the "Remote Access" template is the most appropriate choice. This template is designed to allow remote users to securely connect to the internal network of an organization from any location using FortiClient or a compatible client. The other options, such as "Site to Site," "Dial up User," and "iHub-and-Spoke," are used for connecting different networks or sites, not individual remote users.


Reference:

FortiOS 7.4.1 Administration Guide: IPsec Wizard Template Types



Refer to the exhibits, which show the system performance output and the default configuration of high memory usage thresholds in a FortiGate.





Based on the system performance output, what can be the two possible outcomes? (Choose two.)

  1. FortiGate will start sending all files to FortiSandbox for inspection.
  2. FortiGate has entered conserve mode.
  3. Administrators cannot change the configuration.
  4. Administrators can access FortiGate onlythrough the console port.

Answer(s): B,D

Explanation:

Based on the system performance output provided, the memory usage on the FortiGate device is at 90%, which is above the green threshold (82%) but below the red threshold (88%). Given this high memory usage, the FortiGate device will enter "conserve mode" to prevent further resource exhaustion. In conserve mode:
B . FortiGate has entered conserve mode: When the memory usage reaches or exceeds certain thresholds (in this case, the green and red thresholds), the FortiGate enters conserve mode to protect itself from running out of memory entirely. This mode limits some functionalities to reduce memory usage and avoid a potential system crash.
D . Administrators can access FortiGate only through the console port: During conserve mode, administrative access might be restricted, and administrators may only be able to connect to the device via the console port. This restriction is in place to ensure that the FortiGate can be managed directly, even under low resource conditions.
The other options are not correct:
A . FortiGate will start sending all files to FortiSandbox for inspection: This is unrelated to memory usage and conserve mode.
C . Administrators cannot change the configuration: While access may be limited, configuration changes can still be made via the console port.


Reference:

FortiOS 7.4.1 Administration Guide - Monitoring System Resources and Performance, page 325. FortiOS 7.4.1 Administration Guide - Conserve Mode, page 330.



Viewing Page 1 of 19



Share your comments for Fortinet FCP_FGT_AD-7.4 exam with other users:

Simmi 8/24/2023 7:25:00 AM

hi there, i would like to get dumps for this exam
AUSTRALIA


johnson 10/24/2023 5:47:00 AM

i studied for the microsoft azure az-204 exam through it has 100% real questions available for practice along with various mock tests. i scored 900/1000.
GERMANY


Manas 9/9/2023 1:48:00 AM

please upload 1z0-1072-23 exam dups
UNITED STATES


SB 9/12/2023 5:15:00 AM

i was hoping if you could please share the pdf as i’m currently preparing to give the exam.
Anonymous


Jagjit 8/26/2023 5:01:00 PM

i am looking for oracle 1z0-116 exam
UNITED STATES


S Mallik 11/27/2023 12:32:00 AM

where we can get the answer to the questions
Anonymous


PiPi Li 12/12/2023 8:32:00 PM

nice questions
NETHERLANDS


Dan 8/10/2023 4:19:00 PM

question 129 is completely wrong.
UNITED STATES


gayathiri 7/6/2023 12:10:00 AM

i need dump
UNITED STATES


Deb 8/15/2023 8:28:00 PM

love the site.
UNITED STATES


Michelle 6/23/2023 4:08:00 AM

can you please upload it back?
Anonymous


Ajay 10/3/2023 12:17:00 PM

could you please re-upload this exam? thanks a lot!
Anonymous


him 9/30/2023 2:38:00 AM

great about shared quiz
Anonymous


San 11/14/2023 12:46:00 AM

goood helping
Anonymous


Wang 6/9/2022 10:05:00 PM

pay attention to questions. they are very tricky. i waould say about 80 to 85% of the questions are in this exam dump.
UNITED STATES


Mary 5/16/2023 4:50:00 AM

wish you would allow more free questions
Anonymous


thomas 9/12/2023 4:28:00 AM

great simulation
Anonymous


Sandhya 12/9/2023 12:57:00 AM

very g inood
Anonymous


Agathenta 12/16/2023 1:36:00 PM

q35 should be a
Anonymous


MD. SAIFUL ISLAM 6/22/2023 5:21:00 AM

sap c_ts450_2021
Anonymous


Satya 7/24/2023 3:18:00 AM

nice questions
UNITED STATES


sk 5/13/2023 2:10:00 AM

ecellent materil for unserstanding
INDIA


Gerard 6/29/2023 11:14:00 AM

good so far
Anonymous


Limbo 10/9/2023 3:08:00 AM

this is way too informative
BOTSWANA


Tejasree 8/26/2023 1:46:00 AM

very helpfull
UNITED STATES


Yolostar Again 10/12/2023 3:02:00 PM

q.189 - answers are incorrect.
Anonymous


Shikha Bakra 9/10/2023 5:16:00 PM

awesome job in getting these questions
AUSTRALIA


Kevin 10/20/2023 2:01:00 AM

i cant find aws certified practitioner clf-c01 exam in aws website but i found aws certified practitioner clf-c02 exam. can everyone please verify the difference between the two clf-c01 and clf-c02? thank you
UNITED STATES


D Mario 6/19/2023 10:38:00 PM

grazie mille. i got a satisfactory mark in my exam test today because of this exam dumps. sorry for my english.
ITALY


Bharat Kumar Saraf 10/31/2023 4:36:00 AM

some of the answers are incorrect. need to be reviewed.
HONG KONG


JP 7/13/2023 12:21:00 PM

so far so good
Anonymous


Kiky V 8/8/2023 6:32:00 PM

i am really liking it
Anonymous


trying 7/28/2023 12:37:00 PM

thanks good stuff
UNITED STATES


exampei 10/4/2023 2:40:00 PM

need dump c_tadm_23
Anonymous