Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Palo Alto Networks
Salesforce
SAP
All Vendors
  1. Home
  2. Fortinet
  3. FCP_FGT_AD-7.4

Fortinet FCP_FGT_AD-7.4 Exam (page: 3)
Fortinet FCP - FortiGate 7.4 Administrator
Updated on: 28-Jul-2025

Viewing Page 3 of 19
FCP_FGT_AD-7.4 PDF 89 Questions

Refer to the exhibits.

The exhibits show the application sensor configuration and the Excessive-Bandwidth and Apple filter details.

Based on the configuration, what will happen to Apple FaceTime if there are only a few calls originating or incoming?

  1. Apple FaceTime will be allowed, based on the Video/Audio category configuration.
  2. Apple FaceTime will be allowed, based on the Apple filter configuration.
  3. Apple FaceTime will be allowed only if the Apple filter in Application and Filter Overrides is set to Allow.
  4. Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration.

Answer(s): D

Explanation:

Based on the application sensor configuration and the filter details:
D . Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration: The "Excessive-Bandwidth" filter is set to block, which includes "FaceTime" under its application signature. As a result, FaceTime will be blocked regardless of the "Apple" filter configuration because the "Excessive-Bandwidth" filter takes precedence due to its block action setting.
The other options are not correct:
A . Apple FaceTime will be allowed, based on the Video/Audio category configuration: The Video/Audio category is not relevant because FaceTime is specifically included in the Excessive- Bandwidth filter, which blocks it.
B . Apple FaceTime will be allowed, based on the Apple filter configuration: Although the Apple filter is set to monitor, the block action of the Excessive-Bandwidth filter will override this. C . Apple FaceTime will be allowed only if the Apple filter in Application and Filter Overrides is set to Allow: The allow setting for the Apple filter is irrelevant in this context, as the block action in the Excessive-Bandwidth filter will prevail.


Reference:

FortiOS 7.4.1 Administration Guide - Application Control and Filtering, page 978. FortiOS 7.4.1 Administration Guide - Application Sensor Configuration, page 982.



An employee needs to connect to the office through a high-latency internet connection.
Which SSL VPN setting should the administrator adjust to prevent SSL VPN negotiation failure?

  1. SSL VPN idle-timeout
  2. SSL VPN login-timeout
  3. SSL VPN dtls-hello-timeout
  4. SSL VPN session-ttl

Answer(s): C

Explanation:

For a high-latency internet connection, the SSL VPN setting that should be adjusted is:
C . SSL VPN dtls-hello-timeout: This setting determines how long the FortiGate will wait for a DTLS hello message from the client. For high-latency connections, increasing this timeout will prevent SSL VPN negotiation failures caused by delays in receiving the DTLS hello message.
The other options are not suitable:
A . SSL VPN idle-timeout: This setting controls the idle time allowed before a session is terminated, which is not relevant to the initial connection establishment. B . SSL VPN login-timeout: This setting controls the maximum time allowed for a user to log in, but does not affect connection negotiation.
D . SSL VPN session-ttl: This setting controls the total time-to-live for an SSL VPN session but does not directly address issues caused by high latency.


Reference:

FortiOS 7.4.1 Administration Guide - SSL VPN Configuration, page 1415.



When FortiGate performs SSL/SSH full inspection, you can decide how it should react when it detects an invalid certificate.
Which three actions are valid actions that FortiGate can perform when it detects an invalid certificate? (Choose three.)

  1. Allow & Warning
  2. Trust & Allow
  3. Allow
  4. Block & Warning
  5. Block

Answer(s): A,D,E

Explanation:

When FortiGate performs SSL/SSH full inspection and detects an invalid certificate, there are three valid actions it can take:
Allow & Warning: This action allows the session but generates a warning. Block & Warning: This action blocks the session and generates a warning. Block: This action blocks the session without generating a warning. Actions such as "Trust & Allow" or just "Allow" without additional configurations are not applicable in the context of handling invalid certificates.


Reference:

FortiOS 7.4.1 Administration Guide: Configuring SSL/SSH inspection profile



Refer to the exhibit, which shows the IPS sensor configuration.



If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)

  1. The sensor will gather a packet log for all matched traffic.
  2. The sensor will reset all connections that match these signatures.
  3. The sensor will allow attackers matching the Microsoft.Windows.iSCSl.Target.DoS signature.
  4. The sensor will block all attacks aimed at Windows servers.

Answer(s): A,C

Explanation:

The IPS sensor configuration shows that:
The Microsoft.Windows.iSCSI.Target.DoS signature is set to "Monitor" with packet logging enabled, meaning that while traffic matching this signature will be allowed, it will also be logged for further analysis.
The generic Windows filter is set to "Block," meaning that all other attacks matching this filter will be blocked. However, the sensor will not reset connections or log packets unless specified. Therefore, the sensor will allow attackers matching the specific DoS signature while blocking other attacks against Windows.


Reference:

FortiOS 7.4.1 Administration Guide: IPS Configuration



Which statement is a characteristic of automation stitches?

  1. They can be run only on devices in the Security Fabric.
  2. They can be created only on downstream devices in the fabric.
  3. They can have one or more triggers.
  4. They can run multiple actions at the same time.

Answer(s): C

Explanation:

Automation stitches on FortiGate can have one or more triggers, which are conditions or events that activate the automation stitch. The trigger defines when the automation stitch should execute the defined actions. Actions within a stitch can be executed sequentially or in parallel, depending on the configuration.


Reference:

FortiOS 7.4.1 Administration Guide: Automation Stitches



Viewing Page 3 of 19



Share your comments for Fortinet FCP_FGT_AD-7.4 exam with other users:

Sneha 8/17/2023 6:29:00 PM

this is useful
CANADA


sachin 12/27/2023 2:45:00 PM

question 232 answer should be perimeter not netowrk layer. wrong answer selected
Anonymous


tomAws 7/18/2023 5:05:00 AM

nice questions
BRAZIL


Rahul 6/11/2023 2:07:00 AM

hi team, could you please provide this dump ?
INDIA


TeamOraTech 12/5/2023 9:49:00 AM

very helpful to clear the exam and understand the concept.
Anonymous


Curtis 7/12/2023 8:20:00 PM

i think it is great that you are helping people when they need it. thanks.
UNITED STATES


sam 7/17/2023 6:22:00 PM

cannot evaluate yet
Anonymous


nutz 7/20/2023 1:54:00 AM

a laptops wireless antenna is most likely located in the bezel of the lid
UNITED STATES


rajesh soni 1/17/2024 6:53:00 AM

good examplae to learn basic
INDIA


Tanya 10/25/2023 7:07:00 AM

this is useful information
Anonymous


Nasir Mahmood 12/11/2023 7:32:00 AM

looks usefull
Anonymous


Jason 9/30/2023 1:07:00 PM

question 81 should be c.
CANADA


TestPD1 8/10/2023 12:22:00 PM

question 18 : response isnt a ?
EUROPEAN UNION


ally 8/19/2023 5:31:00 PM

plaese add questions
TURKEY


DIA 10/7/2023 5:59:00 AM

is dumps still valid ?
FRANCE


Annie 7/7/2023 8:33:00 AM

thanks for this
EUROPEAN UNION


arnie 9/17/2023 6:38:00 AM

please upload questions
Anonymous


Tanuj Rana 7/22/2023 2:33:00 AM

please upload the question dump for professional machinelearning
Anonymous


Future practitioner 8/10/2023 1:26:00 PM

question 4 answer is c. this site shows the correct answer as b. "adopt a consumption model" is clearly a cost optimization design principle. looks like im done using this site to study!!!
Anonymous


Ace 8/3/2023 10:37:00 AM

number 52 answer is d
UNITED STATES


Nathan 12/17/2023 12:04:00 PM

just started preparing for my exam , and this site is so much help
Anonymous


Corey 12/29/2023 5:06:00 PM

question 35 is incorrect, the correct answer is c, it even states so: explanation: when a vm is infected with ransomware, you should not restore the vm to the infected vm. this is because the ransomware will still be present on the vm, and it will encrypt the files again. you should also not restore the vm to any vm within the companys subscription. this is because the ransomware could spread to other vms in the subscription. the best way to restore a vm that is infected with ransomware is to restore it to a new azure vm. this will ensure that the ransomware is not present on the new vm.
Anonymous


Rajender 10/18/2023 3:54:00 AM

i would like to take psm1 exam.
Anonymous


Blessious Phiri 8/14/2023 9:53:00 AM

cbd and pdb are key to the database
SOUTH AFRICA


Alkaed 10/19/2022 10:41:00 AM

the purchase and download process is very much streamlined. the xengine application is very nice and user-friendly but there is always room for improvement.
NETHERLANDS


Dave Gregen 9/4/2023 3:17:00 PM

please upload p_sapea_2023
SWEDEN


Sarah 6/13/2023 1:42:00 PM

anyone use this? the question dont seem to follow other formats and terminology i have been studying im getting worried
CANADA


Shuv 10/3/2023 8:19:00 AM

good questions
UNITED STATES


Reb974 8/5/2023 1:44:00 AM

hello are these questions valid for ms-102
CANADA


Mchal 7/20/2023 3:38:00 AM

some questions are wrongly answered but its good nonetheless
POLAND


Sonbir 8/8/2023 1:04:00 PM

how to get system serial number using intune
Anonymous


Manju 10/19/2023 1:19:00 PM

is it really helpful to pass the exam
Anonymous


LeAnne Hair 8/24/2023 12:47:00 PM

#229 in incorrect - all the customers require an annual review
UNITED STATES


Abdul SK 9/28/2023 11:42:00 PM

kindy upload
Anonymous