Fortinet FCSS - Enterprise Firewall 7.4 Administrator - FCSS_EFW_AD-7.4 Practice Questions

What is the initial step performed by FortiGate when handling the first packets of a session?

A. Installation of the session key in the network processor (NP)

B. Data encryption and decryption

C. Security inspections such as ACL, HPE, and IP integrity header checking

D. Offloading the packets directly to the content processor (CP)

Refer to the exhibit, which contains a partial command output.

The administrator has configured BGP on FortiGate. The status of this new BGP configuration is shown in the exhibit.
What configuration must the administrator consider next?

A. Configure a static route to 100.65.4.1.

B. Configure the local AS to 65300.

C. Contact the remote peer administrator to enable BGP

D. Enable ebgp-enforce-multihop.

An administrator is extensively using VXLAN on FortiGate.
Which specialized acceleration hardware does FortiGate need to improve its performance?

A. NP7

B. SP5

C. 9

D. NTurbo

Refer to the exhibit, which shows the FortiGuard Distribution Network of a FortiGate device. FortiGuard Distribution Network on FortiGate

An administrator is trying to find the web filter database signature on FortiGate to resolve issues with websites not being filtered correctly in a flow-mode web filter profile. Why is the web filter database version not visible on the GUI, such as with IPS definitions?

A. The web filter database is stored locally, but the administrator must run over CLI diagnose autoupdate versions.

B. The web filter database is stored locally on FortiGate, but it is hidden behind the GUI. It requires enabling debug mode to make it visible.

C. The web filter database is not hosted on FortiGate: FortiGate queries FortiGuard or FortiManager for web filter ratings on demand.

D. The web filter database is only accessible after manual syncing with a valid FDS server using diagnose test update info.

What does the command set forward-domain in a transparent VDOM interface do?

A. It configures the interface to prioritize traffic based on the domain ID, enhancing quality of service for specified VLANs.

B. It isolates traffic within a specific VLAN by assigning a broadcast domain to an interface based on the VLAN ID.

C. It restricts the interface to managing traffic only from the specified VLAN, effectively segregating network traffic.

D. It assigns a unique domain ID to the interface, allowing it to operate across multiple VLANs within the same VDOM.

Refer to the exhibit, which contains a partial VPN configuration.

What can you conclude from this VPN IPsec phase 1 configuration?

A. This configuration is the best for networks with regular traffic intervals, providing a balance between connectivity assurance and resource utilization.

B. Peer IDs are unencrypted and exposed, creating a security risk.

C. FortiGate will not add a route to its routing or forwarding information base when the dynamic tunnel is negotiated.

D. A separate interface is created for each dial-up tunnel, which can be slower and more resource intensive, especially in large networks.

Refer to the exhibit, which shows a network diagram showing the addition of site 2 with an overlapping network segment to the existing VPN IPsec connection between the hub and site 1.

Which IPsec phase 2 configuration must an administrator make on the FortiGate hub to enable equal-cost multi-path (ECMP) routing when multiple remote sites connect with overlapping subnets?

A. Set route-overlap to either use-new or use-old

B. Set net-device to ecmp

C. Set single-source to enable

D. Set route-overlap to allow