Login
Login

Fortinet FCSS_EFW_AD-7.4 Practice Questions

Total 57 Questions


Last Updated On : 26-Nov-2025


undraw-questions

Think You're Ready? Prove It Under Real Fortinet Exam Conditions

Take Exam

An administrator must minimize CPU and RAM use on a FortiGate firewall while also enabling essential security features, such as web filtering and application control for HTTPS traffic. Which SSL inspection setting helps reduce system load while also enabling security features, such as web filtering and application control for encrypted HTTPS traffic?



A. Use full SSL inspection to thoroughly inspect encrypted payloads.


B. Disable SSL inspection entirely to conserve resources.


C. Configure SSL inspection to handle HTTPS traffic efficiently.


D. Enable SSL certificate inspection mode to perform basic checks without decrypting traffic.





D.   Enable SSL certificate inspection mode to perform basic checks without decrypting traffic.

Refer to the exhibit, which shows a partial troubleshooting command output.

An administrator is extensively using IPsec on FortiGate. Many tunnels show information similar to the output shown in the exhibit. What can the administrator conclude?



A. IPsec SAs cannot be offloaded.


B. The two IPsec SAs, inbound and outbound, are copied to the NPU.


C. Only the outbound IPsec SA is copied to the NPU.


D. Only the inbound IPsec SA is copied to the NPU.





B.   The two IPsec SAs, inbound and outbound, are copied to the NPU.

What action can be taken on a FortiGate to block traffic using IPS protocol decoders, focusing on network transmission patterns and application signatures?



A. Use the DNS filter to block application signatures and protocol decoders.


B. Use application control to limit non-URL-based software handling.


C. Enable application detection-based SD-WAN rules.


D. Configure a web filter profile in flow mode.





B.   Use application control to limit non-URL-based software handling.

A vulnerability scan report has revealed that a user has generated traffic to the website example.com (10.10.10.10) using a weak SSL/TLS version supported by the HTTPS web server. What can the firewall administrator do to block all outdated SSL/TLS versions on any HTTPS web server to prevent possible attacks on user traffic?



A. Configure the unsupported SSL version and set the minimum allowed SSL version in the HTTPS settings of the SSL/SSH inspection profile.


B. Enable auto-detection of outdated SSL/TLS versions in the SSL/SSH inspection profile to block vulnerable websites.


C. Install the required certificate in the client's browser or use Active Directory policies to block specific websites as defined in the SSL/SSH inspection profile.


D. Use the latest certificate, Fortinet_SSL_ECDSA256, and replace the CA certificate in the SSL/SSH inspection profile.





A.   Configure the unsupported SSL version and set the minimum allowed SSL version in the HTTPS settings of the SSL/SSH inspection profile.

Refer to the exhibit, which shows the HA status of an active-passive cluster.

An administrator wants FortiGate_B to handle the Core2 VDOM traffic. Which modification must the administrator apply to achieve this?



A. The administrator must disable override on FortiGate_A.


B. The administrator must change the priority from 100 to 160 for FortiGate_B.


C. The administrator must change the load balancing method on FortiGate_B.


D. The administrator must change the priority from 128 to 200 for FortiGate_B.





D.   The administrator must change the priority from 128 to 200 for FortiGate_B.

Refer to the exhibit, which shows a revision history window in the FortiManager device layer.

The IT team is trying to identify the administrator responsible for the most recent update in the FortiGate device database.
Which conclusion can you draw about this scenario?



A. This retrieved process was automatically triggered by a Remote FortiGate Directly (via CLI) script.


B. The user script_manager is an API user from the Fortinet Developer Network (FDN) retrieving a configuration.


C. To identify the user who created the event, check it on the Configuration and Installation widget on FortiGate within the FortiManager device layer.


D. Find the user in the FortiManager system logs and use the type=script command to find the administrator user in the user field.





D.   Find the user in the FortiManager system logs and use the type=script command to find the administrator user in the user field.

Refer to the exhibit, which shows an enterprise network connected to an internet service provider.

The administrator must configure the BGP section of FortiGate A to give internet access to the enterprise network.
Which command must the administrator use to establish a connection with the internet service provider?



A. config neighbor


B. config redistribute bgp


C. config router route-map


D. config redistribute ospf





A.   config neighbor

Page 2 out of 9 Pages
FCSS_EFW_AD-7.4 Practice Test Home

Your Official Fortinet FCSS_EFW_AD-7.4 Exam Rehearsal

Our new Timed FCSS_EFW_AD-7.4 Exam Simulation replicates the exact format, question count, and strict time limit of the real test.

We don't just test your knowledge; we build your Fortinet exam-day stamina and speed, so you can answer with confidence when it matters most.



Stop the clock-watching. Start your simulation now!
  • At prepforti.com, our practice tests are engineered to transform your theoretical knowledge into real-world, practical skills. Don't just earn a certificate; build the expertise to confidently manage and secure complex Fortinet environments.

Copyright © - All Rights Reserved