Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free Fortinet FCP_WCS_AD-7.4 Practice Exam with Questions & Answers

Questions 1

Your organization is deciding between deploying FortiWeb VM or Fortinet Managed Rules for AWS WAF.

What are two benefits of choosing FortiWeb VM? (Choose two.)

Options:
A.

Only pay for what is used.

B.

Up-to-date WAF signatures powered by FortiGuard.

C.

Zero-day protection.

D.

Advanced WAF functionality.

Fortinet FCP_WCS_AD-7.4 Premium Access
Questions 2

AWS native network services offer vast functionality and inter-connectivity between the cloud and on-premises networks.

Which three additional functions can FortiGate for AWS offer to complement the native services offered by AWS? (Choose three.)

Options:
A.

Higher VPN throughput

B.

Web filtering

C.

OSPF over IPSec

D.

Advanced dynamic routing

E.

Secure SD-WAN with application visibility

Questions 3

You are troubleshooting network connectivity issues between two VMs deployed in AWS.

One VM is a FortiGate located on subnet "LAN" that is part of the VPC "Encryption". The other VM is a Windows server located on the subnet "servers" which is also in the "Encryption" VPC. You are unable to ping the Windows server from FortiGate.

What are two reasons for this? (Choose two.)

Options:
A.

The firewall in the Windows VM is blocking the traffic.

B.

The default AWS Network Access Control List (NACL) does not allow this traffic.

C.

By default, AWS does not allow ICMP traffic between subnets.

D.

Add an inbound allow ICMP rule in the security group attached to the windows server.

Questions 4

Which three statements are correct about VPC flow logs? (Choose three.)

Options:
A.

Flow logs do not capture traffic to and from 169.254.169.254 for instance metadata.

B.

Flow logs do not capture DHCP traffic.

C.

Flow logs can capture traffic to the reserved IP address for the default VPC router.

D.

Flow logs can be used as a security tool to monitor the traffic that is reaching the instance.

E.

Flow logs can capture real-time log streams for the network interfaces.

Questions 5

Refer to the exhibit.

FCP_WCS_AD-7.4 Question 5

What occurs during a failover for an active-passive (A-P) cluster that is deployed in two different availability zones? (Choose two.)

Options:
A.

The cluster elastic IP address (EIP) is moved from Port1 of FGT-1 to Port1 of FGT-2.

B.

The secondary IP address of Port2 of FGT-1 is moved to Port2 of FGT-2.

C.

The default static route in the Private-AZ1 subnet route table is modified to forward all traffic to Port2 of FGT2.

D.

An additional route is added to the route table of the HA Sync AZ2 subnet to forward all traffic to the Internet GW.

Questions 6

Refer to the exhibit.

FCP_WCS_AD-7.4 Question 6

An organization deployed the application servers in the AWS VPC that connects to the corporate data center using Transit Gateway Connect. Demand for the applications has grown and the connection requires more bandwidth.

What is required to achieve higher bandwidth?

Options:
A.

Use routable public IP addresses instead of private IP addresses for connectivity.

B.

You cannot increase bandwidth the connection has a fixed limit.

C.

No configuration change is required because GRE tunnels are scaled to provide higher bandwidth.

D.

You add a Transit VPC between the organization's VPCs.

Questions 7

An organization has created a VPC with two subnets and deployed a FortiGate-VM (VM04/c4.xlarge) in AWS.

The EC2 instance is initially configured with two Elastic Network Interfaces (ENIs). The primary ENI is configured on the public subnet, and the secondary ENI is configured on the private subnet. To provide internet access for the FortiGate-VM, they now want to associate an EIP to its primary ENI, but the assignment is failing.

Which action would allow the EIP assignment to be successful?

Options:
A.

Create and associate a public subnet with the primary ENI of the FortiGate VM, and then assign the EIP to the primary ENI.

B.

Shut down the FortiGate VM, if it is running, assign the EIP to the primary ENI, and then power it on.

C.

Create and attach an internet gateway to the VPC, and then assign the EIP to the primary ENI of the FortiGate VM.

D.

Create and attach a public routing table to the public subnet, associate the public subnet with the primary ENI of the FortiGate VM, and then assign the EIP to the primary ENI.

Questions 8

Refer to the exhibit.

FCP_WCS_AD-7.4 Question 8

Which two statements are true about inbound traffic based on the IGW ingress route table and GWLB deployment shown in the exhibit? (Choose two.)

Options:
A.

GWLB forwards traffic to FortiGate without encapsulation in its dedicated subnet.

B.

Inbound traffic is directed to the GWLB through a GWLB endpoint.

C.

Inbound traffic is directed to the application subnet through a GWLB endpoint.

D.

GWLB encapsulates traffic with the GENEVE protocol and sends it to FortiGate.

Questions 9

An administrator is adding a web application to be protected by FortiWeb Cloud.

Which two steps are necessary to successfully onboard the application? (Choose two.)

An administrator is adding a web application to be protected by FortiWeb Cloud.

Which two steps are necessary to successfully onboard the application? (Choose two.)

Options:
A.

Wait for the EC2 instance to be created.

B.

Provide a web application name.

C.

Create DNS records in the domain server that hosts the application.

D.

Enable a content delivery network (CDN) in the same region where your application is located.

Questions 10

An AWS administrator is designing internet connectivity for an organization's virtual public cloud (VPC). The organization has web servers with private addresses that must be reachable from the internet. The web servers must be highly available.

Which two configurations can you use to ensure the web servers are highly available and reachable from the internet? (Choose two.)

Options:
A.

Deploy a network load balancer.

B.

Configure a network address translation (NAT) Gateway in your VPC. Place web servers behind the NAT Gateway.

C.

Add a route to the default virtual public cloud (VPC) route table forwarding all traffic to the internet gateway.

D.

Deploy web servers in multiple availability zones.

Exam Code: FCP_WCS_AD-7.4
Certification Provider: Fortinet
Exam Name: FCP - AWS Cloud Security 7.4 Administrator
Last Update: Jul 12, 2025
Questions: 35

How to Pass FCP_WCS_AD-7.4 Exams

PDF + Testing Engine
$164.99
$66
Add to Cart
Testing Engine
$124.99
$50
Add to Cart
PDF (Q&A)
$104.99
$42
Add to Cart

Fortinet Related Exams

How to pass Fortinet FCP_FWB_AD-7.4 - FCP - FortiWeb 7.4 Administrator Exam
How to pass Fortinet FCP_ZCS_AD-7.4 - FCP - Azure Cloud Security 7.4 Administrator Exam
NSE7_EFW-7.2 - Fortinet NSE 7 - Enterprise Firewall 7.2
NSE8_812 - Network Security Expert 8 Written Exam
NSE7_EFW-7.0 - Fortinet NSE 7 - Enterprise Firewall 7.0
FCP_FAZ_AD-7.4 - FCP - FortiAnalyzer 7.4 Administrator
NSE6_FNC-7.2 - Fortinet NSE 6 - FortiNAC 7.2
FCP_FGT_AD-7.6 - FCP - FortiGate 7.6 Administrator
NSE7_LED-7.0 - Fortinet NSE 7 - LAN Edge 7.0
NSE6_FSR-7.3 - Fortinet NSE 6 - FortiSOAR 7.3 Administrator
NSE7_PBC-7.2 - Fortinet NSE 7 Public Cloud Security 7.2 (FCSS)
FCP_FCT_AD-7.4 - FCP - FortiClient EMS 7.4 Administrator
FCSS_SOC_AN-7.4 - FCSS - Security Operations 7.4 Analyst
Fortinet Free Access
Get Fortinet Full Access

Fortinet Free Exams
Fortinet Free Exams
Access free Fortinet exam study guides and practice tests at Examstrack. Ensure your success with top-notch preparation resources at Examstrack.