Fortinet FCSS_EFW_AD-7.4 Übungsprüfungen
Zuletzt aktualisiert am 27.08.2025- Prüfungscode: FCSS_EFW_AD-7.4
- Prüfungsname: FCSS - Enterprise Firewall 7.4 Administrator
- Zertifizierungsanbieter: Fortinet
- Zuletzt aktualisiert am: 27.08.2025
Refer to the exhibit, which contains a session table entry.
Which statement about FortiGate inspection of this session is true?
- A . FortiGate applied proxy-based inspection.
- B . FortiGate applied flow-based NGFW policy-based inspection.
- C . FortiGate applied flow-based inspection.
- D . FortiGate forwarded this session without any inspection.
In which two ways does FortiManager function when it is deployed as a local FDS? (Choose two.)
- A . It provides VM license validation services.
- B . It supports rating requests from non-FortiGate devices.
- C . It caches available firmware updates for unmanaged devices.
- D . It can be configured as an update server, a rating server, or both.
View the exhibit, which contains a session entry, and then answer the question below.
What statements are correct regarding this session? (Choose two.)
- A . It is an UDP session that has seen traffic flow both ways.
- B . It is a TCP session in SYN_SENT state.
- C . This session terminates or originates in the FortiGate device.
- D . This is a TCP session that was blocked by firewall policy ID 0.
Examine the output of the ‚diagnose debug rating‘ command shown in the exhibit; then answer the question below.
Which statement are true regarding the output in the exhibit? (Choose two.)
- A . The TZ value represents the delta between each FortiGuard server’s time zone and the FortiGate’s time zone.
- B . FortiGate will send the FortiGuard queries to the server with highest weight.
- C . There are three FortiGuard servers that are not responding to the queries sent by the FortiGate.
- D . A server’s round trip delay (RTT) is not used to calculate its weight.
Which real time debug should an administrator enable to troubleshoot RADIUS authentication problems?
- A . Diagnose debug application radius -1.
- B . Diagnose debug application fnbamd -1.
- C . Diagnose authd console Clog enable.
- D . Diagnose radius console Clog enable.
What are two functions of automation stitches? (Choose two.)
- A . Automation stitches can be configured on any FortiGate device in a Security Fabric environment.
- B . An automation stitch configured to execute actions sequentially can take parameters from previous actions as input for the current action.
- C . Automation stitches can be created to run diagnostic commands and attach the results to an email message when CPU or memory usage exceeds specified thresholds.
- D . An automation stitch configured to execute actions in parallel can be set to insert a specific delay between actions.
View the exhibit, which contains the output of diagnose sys session list, and then answer the question below.
If the HA ID for the primary unit is zero (0), which statement is correct regarding the output?
- A . This session is for HA heartbeat traffic
- B . This session is synced with the slave unit.
- C . The inspection of this session has been offloaded to the slave unit.
- D . This session cannot be synced with the slave unit.
View these partial outputs from two routing debug commands:
Which outbound interface will FortiGate use to route web traffic from internal users to the Internet?
- A . Both port1 and port2
- B . port3
- C . port1
- D . port2
An administrator is deploying APs that are connecting over an IPsec network. All APs have been configured to connect to FortiGate manually. FortiGate can discover the APs and authorize them.
However, FortiGate is unable to establish CAPWAP tunnels to manage the APs.
Which configuration setting can the administrator perform to resolve the problem?
- A . Decrease the CAPWAP tunnel MTU size for APs to prevent fragmentation
- B . Enable CAPWAP administrative access on the IPsec interface
- C . Upgrade the FortiAP firmware image to ensure compatibility with the FortiOS version
- D . Assign a custom AP profile for the remote APs with the set mpls-connection option enabled
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below.
Why didn’t the tunnel come up?
- A . The pre-shared keys do not match.
- B . The remote gateway’s phase 2 configuration does not match the local gateway’s phase 2 configuration.
- C . The remote gateway’s phase 1 configuration does not match the local gateway’s phase 1 configuration.
- D . The remote gateway is using aggressive mode and the local gateway is configured to use man mode.