Refer to the exhibits.The exhibits show the application sensor configuration and the Excessive-Bandwidth and Apple filter details.Based on the configuration, what will happen to Apple FaceTime if there are only a few calls originating or incoming?
Answer(s): D
Based on the application sensor configuration and the filter details:D . Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration: The "Excessive-Bandwidth" filter is set to block, which includes "FaceTime" under its application signature. As a result, FaceTime will be blocked regardless of the "Apple" filter configuration because the "Excessive-Bandwidth" filter takes precedence due to its block action setting.The other options are not correct:A . Apple FaceTime will be allowed, based on the Video/Audio category configuration: The Video/Audio category is not relevant because FaceTime is specifically included in the Excessive- Bandwidth filter, which blocks it.B . Apple FaceTime will be allowed, based on the Apple filter configuration: Although the Apple filter is set to monitor, the block action of the Excessive-Bandwidth filter will override this. C . Apple FaceTime will be allowed only if the Apple filter in Application and Filter Overrides is set to Allow: The allow setting for the Apple filter is irrelevant in this context, as the block action in the Excessive-Bandwidth filter will prevail.
FortiOS 7.4.1 Administration Guide - Application Control and Filtering, page 978. FortiOS 7.4.1 Administration Guide - Application Sensor Configuration, page 982.
An employee needs to connect to the office through a high-latency internet connection. Which SSL VPN setting should the administrator adjust to prevent SSL VPN negotiation failure?
Answer(s): C
For a high-latency internet connection, the SSL VPN setting that should be adjusted is:C . SSL VPN dtls-hello-timeout: This setting determines how long the FortiGate will wait for a DTLS hello message from the client. For high-latency connections, increasing this timeout will prevent SSL VPN negotiation failures caused by delays in receiving the DTLS hello message.The other options are not suitable:A . SSL VPN idle-timeout: This setting controls the idle time allowed before a session is terminated, which is not relevant to the initial connection establishment. B . SSL VPN login-timeout: This setting controls the maximum time allowed for a user to log in, but does not affect connection negotiation.D . SSL VPN session-ttl: This setting controls the total time-to-live for an SSL VPN session but does not directly address issues caused by high latency.
FortiOS 7.4.1 Administration Guide - SSL VPN Configuration, page 1415.
When FortiGate performs SSL/SSH full inspection, you can decide how it should react when it detects an invalid certificate.Which three actions are valid actions that FortiGate can perform when it detects an invalid certificate? (Choose three.)
Answer(s): A,D,E
When FortiGate performs SSL/SSH full inspection and detects an invalid certificate, there are three valid actions it can take:Allow & Warning: This action allows the session but generates a warning. Block & Warning: This action blocks the session and generates a warning. Block: This action blocks the session without generating a warning. Actions such as "Trust & Allow" or just "Allow" without additional configurations are not applicable in the context of handling invalid certificates.
FortiOS 7.4.1 Administration Guide: Configuring SSL/SSH inspection profile
Refer to the exhibit, which shows the IPS sensor configuration.If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)
Answer(s): A,C
The IPS sensor configuration shows that:The Microsoft.Windows.iSCSI.Target.DoS signature is set to "Monitor" with packet logging enabled, meaning that while traffic matching this signature will be allowed, it will also be logged for further analysis.The generic Windows filter is set to "Block," meaning that all other attacks matching this filter will be blocked. However, the sensor will not reset connections or log packets unless specified. Therefore, the sensor will allow attackers matching the specific DoS signature while blocking other attacks against Windows.
FortiOS 7.4.1 Administration Guide: IPS Configuration
Which statement is a characteristic of automation stitches?
Automation stitches on FortiGate can have one or more triggers, which are conditions or events that activate the automation stitch. The trigger defines when the automation stitch should execute the defined actions. Actions within a stitch can be executed sequentially or in parallel, depending on the configuration.
FortiOS 7.4.1 Administration Guide: Automation Stitches
Share your comments for Fortinet FCP_FGT_AD-7.4 exam with other users:
its required for me, please make it enable to access. thanks
seems good..
took the test last week, i did have about 15 - 20 word for word from this site on the test. (only was able to cram 600 of the questions from this site so maybe more were there i didnt review) had 4 labs, bgp, lacp, vrf with tunnels and actually had to skip a lab due to time. lots of automation syntax questions.
no comments
nice questions bring out the best in you.
really helpful
question #50 and question #81 are exactly the same questions, azure site recovery provides________for virtual machines. the first says that it is fault tolerance is the answer and second says disater recovery. from my research, it says it should be disaster recovery. can anybody explain to me why? thank you
iam thankful for these exam dumps questions, i would not have passed without this exam dumps.
some of the answers seem to be inaccurate. q10 for example shouldnt it be an m custom column?
are the question real or fake?
thank you for providing such assistance.
nice questions
my 3rd purcahse from this site. these exam dumps are helpful. very helpful.
found it good
excellent material
very helpfull
well explained.
i need the pdf, please.
a good source for exam preparation
i need ielts general training audio guide questions
please make this content available
content is good
latest dumps please
aside from pdf the test engine software is helpful. the interface is user-friendly and intuitive, making it easy to navigate and find the questions.
questions and options are correct, but the answers are wrong sometimes. so please check twice or refer some other platform for the right answer
90% of questions was there but i failed the exam, i marked the answers as per the guide but looks like they are not accurate , if not i would have passed the exam given that i saw about 45 of 50 questions from dump
answer to this question "what administrative safeguards should be implemented to protect the collected data while in use by manasa and her product management team? " it should be (c) for the following reasons: this administrative safeguard involves controlling access to collected data by ensuring that only individuals who need the data for their job responsibilities have access to it. this helps minimize the risk of unauthorized access and potential misuse of sensitive information. while other options such as (a) documenting data flows and (b) conducting a privacy impact assessment (pia) are important steps in data protection, implementing a "need to know" access policy directly addresses the issue of protecting data while in use by limiting access to those who require it for legitimate purposes. (d) is not directly related to safeguarding data during use; it focuses on data transfers and location.
password lockout being the correct answer for question 37 does not make sense. it should be geofencing.
for question 4, the righr answer is :recover automatically from failures
question number 4s answer is 3, option c. i
very good questions
i am confused about the answers to the questions. are the answers correct?
very usefull
Keeping this site free takes real effort. We constantly battle automated scraping and unauthorized content copying. A quick account helps us protect the community and keep the site free.
To continue studying for your FCP_FGT_AD-7.4, please sign in or create a free account.