Fortinet FCSS_EFW_AD-7.4 Exam Practice Questions (P. 2)
- Full Access (57 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #6
- AFortiGate has a predefined list of all IPs and ports for specific applications downloaded from FortiGuard.
- BThe ISDB blocks the IP addresses and ports of an application predefined by FortiGuard.
- CThe ISDB works in proxy mode, allowing the analysis of packets in layers 3 and 4 of the OSI model.
- DThe ISDB limits access by URL and domain.

Hi! Do you need help with this question ?
- Why isn't the A the right answer?
- Traducir la pregunta al español
Contributor get free access to an augmented ChatGPT 4 trained with the latest IT Questions.
Question #7


The Administrators section of a root FortiGate device and the Security Fabric Settings section of a downstream FortiGate device are shown.
When prompted to sign in with Security Fabric in the downstream FortiGate device, a user enters the AdminSSO credentials.
What is the next status for the user?
- AThe user is prompted to create an SSO administrator account for AdminSSO.
- BThe user receives an authentication failure message.
- CThe user accesses the downstream FortiGate with super_admin_readonly privileges.
- DThe user accesses the downstream FortiGate with super_admin privileges.

Hi! Do you need help with this question ?
- Why isn't the A the right answer?
- Traducir la pregunta al español
Contributor get free access to an augmented ChatGPT 4 trained with the latest IT Questions.
Question #8
How can an administrator ensure that FortiGate can analyze encrypted HTTPS traffic on a website?
- AThe administrator must enable reputable websites to allow only SSL/TLS websites rated by FortiGuard web filter.
- BThe administrator must enable URL extraction from SNI on the SSL certificate inspection to ensure the TLS three-way handshake is correctly analyzed by FortiGate.
- CThe administrator must enable DNS over TLS to protect against fake Server Name Indication (SNI) that cannot be analyzed in common DNS requests on HTTPS websites.
- DThe administrator must enable full SSL inspection in the SSL/SSH Inspection Profile to decrypt packets and ensure they are analyzed as expected.

Hi! Do you need help with this question ?
- Why isn't the A the right answer?
- Traducir la pregunta al español
Contributor get free access to an augmented ChatGPT 4 trained with the latest IT Questions.
Question #9

The client behind Spoke-1 generates traffic to the device located behind Spoke-2.
What is the first message that the hub sends to Spoke-1 to bring up the dynamic tunnel?

Hi! Do you need help with this question ?
- Why isn't the A the right answer?
- Traducir la pregunta al español
Contributor get free access to an augmented ChatGPT 4 trained with the latest IT Questions.
Question #10
- AInstallation of the session key in the network processor (NP)
- BData encryption and decryption
- CSecurity inspections such as ACL, HPE, and IP integrity header checking
- DOffloading the packets directly to the content processor (CP)

Hi! Do you need help with this question ?
- Why isn't the A the right answer?
- Traducir la pregunta al español
Contributor get free access to an augmented ChatGPT 4 trained with the latest IT Questions.
All Pages