Free Fortinet FCP_FGT_AD-7.4 Practice Exam with Questions & Answers | Set: 2

NTurbo enhances performance for flow-based inspection by offloading traffic to the content processor​.

The application control engine on a FortiGate next-generation firewall is responsible for identifying and managing application traffic. It allows administrators to set policies based on application types, regardless of the port or protocol being used.

To retrieve AD user group information in agentless polling mode, the administrator must add an LDAP server to the FortiGate device​.

FortiGate interfaces can be configured in different roles, such as WAN or LAN. If an interface is set as a "WAN" role, you cannot configure it to act as a DHCP server through the GUI. The interface role must be set to "LAN" or "Undefined" to allow DHCP server configuration.

References:

FortiOS 7.4.1 Administration Guide: DHCP Server Configuration

The IPS sensor configuration shows that:

The Microsoft.Windows.iSCSI.Target.DoS signature is set to "Monitor" with packet logging enabled, meaning that while traffic matching this signature will be allowed, it will also be logged for further analysis.

The generic Windows filter is set to "Block," meaning that all other attacks matching this filter will be blocked. However, the sensor will not reset connections or log packets unless specified.

Therefore, the sensor will allow attackers matching the specific DoS signature while blocking other attacks against Windows.

References:

FortiOS 7.4.1 Administration Guide: IPS Configuration

FGCP elects the primary FortiGate device

FGCP is responsible for electing the primary (active) device in a FortiGate HA (High Availability) cluster, ensuring proper role assignment between the primary and secondary devices.

FGCP runs only over the heartbeat links

FGCP runs over the dedicated heartbeat links between FortiGate devices in the HA cluster, ensuring synchronization and communication between the devices for failover and redundancy purposes.

The current setting for the root FortiGate (Local-FortiGate) is fabric-object-unification local, which means that new address objects are not shared across the security fabric. Changing this setting to fabric-object-unification default will allow address objects to be synchronized and shared with downstream devices like the ISFW.

www.example.com

This syntax targets the main domain, which is a common way to configure a web rating override for the home page of a website.

example.com

This syntax also correctly targets the main domain without specifying a subdomain (like "www"), which is valid for configuring a web rating override for the entire site, including the home page.

NAT Configuration: The first firewall policy has NAT enabled using the configured IP pool.

IP Pool Configuration: The IP pool is configured with an external IP range of 10.200.1.100.

Source NAT: When traffic is being NATed, the source IP address is replaced with an IP from the configured pool. In this scenario, the specific IP defined in the pool is 10.200.1.100.

Thus, any internet-bound traffic from the workstation (10.0.1.10) will have its source IP address NATed to 10.200.1.100.

Automation stitches on FortiGate can have one or more triggers, which are conditions or events that activate the automation stitch. The trigger defines when the automation stitch should execute the defined actions. Actions within a stitch can be executed sequentially or in parallel, depending on the configuration.

References:

FortiOS 7.4.1 Administration Guide: Automation Stitches