 FCA - FortiGate 7.

4 Operator Self-Paced

Started on Tuesday, December 31, 2024, 1:40 PM

State Finished
Completed on Tuesday, December 31, 2024, 2:02 PM
Time taken 22 mins 33 secs
Points 36/40
Grade 90 out of 100
Feedback Congratulations, you passed!

Question 1 How does FortiGate handle blocked websites in web filtering using FortiGuard category filters?
Correct

1 points out of 1 Select one:

Users are prompted to provide a valid username and password for access.
Users are allowed to access the website, but their activity is recorded in the FortiGate logs.
Users receive a warning message but can choose to continue accessing the website.
Users are redirected to a replacement message indicating the website is blocked.

Question 2 Which two criteria can be matched in the Source field of a firewall policy?
Correct

1 points out of 1 Select one:

Interface and service type
MAC address and domain name
IP address and user
Address group and hostname

Question 3 How does an IPS protect networks from threats?

Correct

1 points out of 1 Select one:

By allowing only secure access to network resources
By blocking all incoming network traffic from new sources
By encrypting all network traffic from untrusted IP addresses
By analyzing traffic and identifying potential threats

Question 4 What protocol is used to dynamically create IPSec VPN tunnels?

Correct

1 points out of 1 Select one:

Generic Route Encapsulation (GRE)
Layer 2 Tunneling Protocol (L2TP)
Internet Key Exchange Version 2 (IKEv2)

Point-to-Point Tunneling Protocol (PPTP)
Question 5 Why is the order of firewall policies important?
Correct

1 points out of 1 Select one:

To allow for a faster processing of high priority traffic
To ensure more granular policies are checked and applied before more general policies
To avoid conflicts with other policies in the table with similar parameters
To ensure that the security traffic is logged before the normal traffic

Question 6 How do you configure an internet service as the destination in a firewall policy?
Correct

1 points out of 1 Select one:

Choose the IP subnet of the service.
Select the service from the ISDB.
Configure the service with a virtual IP.
Specify the MAC address of the service.

Question 7 Which inspection mode examines traffic as a whole before determining an action?
Correct

1 points out of 1 Select one:

Application-level inspection
Stateful inspection
Proxy-based inspection
Flow-based inspection

Question 8 Which scan technique detects known malware by matching signatures in the FortiGuard Labs database?
Correct

1 points out of 1 Select one:

Antivirus scan
Machine learning (ML)/artificial intelligence (AI) scan
Behavioral analysis scan
Grayware scan

Question 9 When configuring antivirus scanning on a firewall policy, which antivirus item should you select?
Correct

1 points out of 1 Select one:

Antivirus exclusion list
Antivirus engine version
Antivirus schedule
Antivirus profile


Question 10 What functionality does FortiGate provide to establish secure connections between a main office and its remote branches,
Correct over the internet?
1 points out of 1
Select one:
Firewall authentication
Virtual private networks
Security scanning
Monitoring and logging

Question 11 What is the main advantage of using Secure Socket Layer Virtual Private Network (SSL VPN) in web mode?
Correct

1 points out of 1 Select one:

Ability to perform client integrity checks
Support for a wide range of applications and protocols
Access to all network resources for remote users
No need to install client software

Question 12 What is a scenario where automation is used in the Fortinet Security Fabric?
Correct

1 points out of 1 Select one:

Automatically quarantining a computer with malicious activity
Monitoring disk space utilization on FortiAnalyzer
Assigning security ratings to newly added devices
Generating weekly reports for management review

Question 13 Which inspection mode processes and forwards each packet, without waiting for the complete file or web page?
Correct

1 points out of 1 Select one:

Stateful inspection
Flow-based inspection
Application-level inspection
Proxy-based inspection

Question 14 What is the purpose of the FortiGuard Labs signature database?

Correct

1 points out of 1 Select one:

To give FortiGate firewalls the ability to track network traffic and usage patterns
To keep FortiGate firewalls protected against the latest malware variants
To provide secure configuration templates to FortiGate firewalls
To identify and correct vulnerabilities in FortiGate firewalls


Question 15 Which two settings are included in a Dynamic Host Configuration Protocol (DHCP) server configuration on FortiGate?
Correct (Choose two.)
1 points out of 1
Select one or more:
Address range
Interface Alias
Default gateway
Subnet object

Question 16 Why is Secure Socket Layer (SSL) inspection necessary for the intrusion prevention system (IPS) to detect threats in
Correct encrypted traffic?
1 points out of 1
Select one:
SSL inspection improves network performance by bypassing encrypted traffic.
The IPS engine can inspect only legacy encryption algorithms, by default.
Without SSL inspection, encrypted traffic is automatically blocked by the IPS.
SSL inspection allows the IPS to detect and analyze encrypted threats.

Question 17 What is the security rating in the Fortinet Security Fabric, and how is it calculated?
Correct

1 points out of 1 Select one:

It indicates the level of compatibility with third-party devices.
It represents the current level of network performance.
It is a numerical value based on device settings and best practices.
It is calculated based on the number of security logs generated.

Question 18 Which two options can you use for centralized logging when you configure the Fortinet Security Fabric? (Choose two.)
Incorrect

0 points out of 1 Select one or more:

Syslog server 
FortiAnalyzer
FortiSOAR
FortiGate Cloud

Question 19 To avoid certificate errors, which field settings must be included in a Secure Sockets Layer (SSL) certificate issued by a
Incorrect certificate authority (CA)?
0 points out of 1
Select one:
issuer: C=US, O=Fortinet, CN=Verisign
subjectAltName: DNS:*.example.com and extendedKeyUsage: serverAuth 
basicConstraints: CA:TRUE and keyUsage: keyCertSign
signatureAlgorithm: SHA256withRSA and validityPeriod: 365 days


Question 20 What is the recommended process to configure FortiGate for remote authentication for user identification?
Correct

1 points out of 1 Select one:

Create a user group, map authenticated remote users to the group, and configure a firewall policy with the user 
group as the source.
Create a user group and configure a firewall policy with the group as the source.
Create a user account, configure a firewall policy with the user account as the source, and verify the configuration using
logs.
Connect FortiGate to a remote authentication server and configure its IP addresses as the source.

Question 21 In addition to central processing unit (CPU) and memory usage, what are two other key performance parameters you should
Correct monitor on FortiGate? (Choose two.)
1 points out of 1
Select one or more:
Number of local users and user groups
Number of SSL sessions
Number of active VPN tunnels
Number of days for licenses to expire

Question 22 You need to examine the logs related to local users watching YouTube videos. Where can you find those logs?
Correct

1 points out of 1 Select one:

Log and Report > Security Events > WebFilter
Log and Report > Security Events > Antivirus
Log and Report > Security Events > Intrusion Prevention
Log and Report > Security Events > Application Control

Question 23 What is the key difference between Secure Sockets Layer (SSL) certificate inspection and SSL deep inspection?
Correct

1 points out of 1 Select one:

SSL certificate inspection applies to only HTTPS traffic, while SSL deep inspection applies to multiple SSL-encrypted 
protocols.
SSL certificate inspection decrypts and inspects encrypted content, while SSL deep inspection verifies the identity of the
web server.
SSL certificate inspection requires a trusted certificate authority (CA), while SSL deep inspection uses the FortiGate CA
certificate.
SSL certificate inspection introduces certificate errors, while SSL deep inspection prevents certificate warnings.

Question 24 Which condition could prevent a configured route from being added to the FortiGate routing table?
Correct

1 points out of 1 Select one:

The incorrect distance being set for the default gateway IP address
The presence of a better route for the same destination
The DHCP server associated with the route being disabled 
The absence of administrative access protocols on the interface
Question 25 How does the FortiGate intrusion prevention system (IPS) use signatures to detect malicious traffic?
Correct

1 points out of 1 Select one:

By blocking all network traffic
By decrypting Secure Sockets Layer (SSL)-encrypted traffic
By comparing network packets to known threats
By monitoring user activity on websites

Question 26 Which category of services does FortiGuard Labs provide as part of FortiGuard Security Services?
Correct

1 points out of 1 Select one:

Data encryption and secure communications
Endpoint protection and vulnerability management
Network segmentation and access control
Advanced threat intelligence and prevention

Question 27 Why is it recommended that you use user groups instead of individual user accounts in a firewall policy?
Correct

1 points out of 1 Select one:

User groups contain all individual user accounts by default.
User groups make it easier to monitor authenticated users.
User groups simplify the firewall configuration.
User groups provide stronger encryption for authentication.

Question 28 Which two protocols can you use for administrative access on a FortiGate interface?
Correct

1 points out of 1 Select one:

Telnet and Simple Network Management Protocol (SNMP)
Hypertext Transfer Protocol Secure (HTTPS) and Secure Shell (SSH)
Remote Desktop Protocol (RDP) and Hypertext Transfer Protocol (HTTP)
Simple Mail Transfer Protocol (SMTP) and Secure Sockets Layer (SSL)

Question 29 Which piece of information does FortiGate know about the user without firewall authentication?
Correct

1 points out of 1 Select one:

The user login name
The originating domain name
The application being used
The source IP address


Question 30 Which actions can you apply to application categories in the Application Control profile?
Incorrect

0 points out of 1 Select one:

Monitor, optimize, redirect, or shape 
Authenticate, log, encrypt, or back up
Monitor, allow, block, or quarantine
Allow, encrypt, compress, or redirect

Question 31 How are websites filtered using FortiGuard category filters?

Correct

1 points out of 1 Select one:

By examining the HTTP headers from the website
By scanning the website for malware in real time
By blocking access based on the website content
By denying access based on the website IP address

Question 32 What are two consequences of allowing a FortiGate license to expire? (Choose two.)
Incorrect

0 points out of 1 Select one or more:

Inability to monitor system logs and generate network reports
Reduced FortiGate performance and increased vulnerability to security threats 
Loss of access to software updates and technical support
Disruption of network services and potential legal issues

Question 33 When is remote authentication preferred over local authentication?

Correct

1 points out of 1 Select one:

When the network does not have an available authentication server
When multiple FortiGate devices need to authenticate the same users or user groups
When FortiGate does not support local user accounts
When FortiGate needs to give lower priority to the traffic from local user accounts

Question 34 Why is it important to back up FortiGate system configurations regularly?

Correct

1 points out of 1 Select one:

To ensure optimal performance of FortiGate
To save time and effort in case of a hardware failure
To avoid errors while upgrading FortiOS
To prevent unexpected configuration changes


Question 35 What are two reasons why organizations and individuals use web filtering? (Choose two.)
Correct

1 points out of 1 Select one or more:

To increase network bandwidth
To preserve employee productivity
To prevent network congestion
To enhance their users’ experience

Question 36 What is a recommended best practice when configuring Secure Socket Layer Virtual Private Network (SSL VPN)?
Correct

1 points out of 1 Select one:

Use local users for authentication.
Allow connections from all locations.
Use the principle of least privilege.
Import the self-signed SSL certificate.

Question 37 How can you modify the security settings of a VPN tunnel created from a template in FortiGate?
Correct

1 points out of 1 Select one:

Edit the template directly
Choose a different template for the tunnel
Convert the template to a custom tunnel
Use the custom tunnel creation option

Question 38 Which two steps are involved in configuring web filtering based on FortiGuard category filters? (Choose two.)
Correct

1 points out of 1 Select one or more:

Identify the specific websites to be blocked or allowed.
Upgrade FortiOS to obtain the latest database from FortiGuard.
Create a web filtering security profile using FortiGuard category-based filters.
Apply the web filter security profile to the appropriate firewall policy.

Question 39 Excluding the steps for tuning the sensors, what is the last step involved in configuring IPS on FortiGate?
Correct

1 points out of 1 Select one:

Blocking malicious URLs and botnet command-and-control (C&C) traffic
Editing the sensor's signature and filters
Enabling SSL inspection for the traffic of interest
Applying the sensor to a firewall policy


Question 40 What are some of the features provided by IPSec VPNs?
Correct

1 points out of 1 Select one:

Bandwidth optimization and antireplay protection
Data encryption and load balancing
Data authentication and data integrity
Network segmentation and packet inspection