Fortinet FCSS_EFW_AD-7.4 Übungsprüfungen
Zuletzt aktualisiert am 28.08.2025- Prüfungscode: FCSS_EFW_AD-7.4
- Prüfungsname: FCSS - Enterprise Firewall 7.4 Administrator
- Zertifizierungsanbieter: Fortinet
- Zuletzt aktualisiert am: 28.08.2025
Which two statements about FortiManager is true when it is deployed as a local FDS? (Choose two.)
- A . It supports rating requests from both managed and unmanaged devices.
- B . It caches available firmware updates for unmanaged devices.
- C . It can be configured as an update server, or a rating server, but not both.
- D . It provides VM license validation services.
A FortiGate’s port1 is connected to a private network. Its port2 is connected to the Internet. Explicit web proxy is enabled in port1 and only explicit web proxy users can access the Internet. Web cache is NOT enabled. An internal web proxy user is downloading a file from the Internet via HTTP.
Which statements are true regarding the two entries in the FortiGate session table related with this traffic? (Choose two.)
- A . Both session have the local flag on.
- B . The destination IP addresses of both sessions are IP addresses assigned to FortiGate’s interfaces.
- C . One session has the proxy flag on, the other one does not.
- D . One of the sessions has the IP address of port2 as the source IP address.
A static route is configured for a FortiGate unit from the CLI using the following commands.
config router static
edit 1
set device "wan1"
set distance 20
set gateway 192.168.100.1
next
end
Which of the following conditions are required for this static default route to be displayed in the FortiGate unit’s routing table? (Choose two.)
- A . The administrative status of the wan1 interface is displayed as down.
- B . The link status of the wan1 interface is displayed as up.
- C . All other default routes should have a lower distance.
- D . The wan1 interface address and gateway address are on the same subnet.
Which two tasks are automated using the Import Configuration wizard on FortiManager? (Choose two.)
- A . Importing firewall address objects from managed devices
- B . Importing interface mappings from managed devices
- C . Importing static and dynamic route configurations from managed devices
- D . Importing devices to FortiManager
Refer to the exhibit, which contains a CLI script configuration on FortiManager.
An administrator configured the CLI script on FortiManager, but the script failed to apply any changes to the managed device after being executed.
What are two reasons why the script did not make any changes to the managed device? (Choose two.)
- A . Static routes can be added using only TCL scripts.
- B . The commands that start with the # sign did not run.
- C . CLI scripts must start with #!.
- D . Incomplete commands can cause CLI scripts to fail.
An administrator wants to capture ESP traffic between two FortiGates using the built-in sniffer. If the administrator knows that there is no NAT device located between both FortiGates,
What command should the administrator execute?
- A . diagnose sniffer packet any ‘udp port 500’
- B . diagnose sniffer packet any ‘udp port 4500’
- C . diagnose sniffer packet any ‘esp’
- D . diagnose sniffer packet any ‘udp port 500 or udp port 4500’
Which two configuration changes can be applied to optimize the memory usage on FortiGate? (Choose two.)
- A . Increase TCP session timers.
- B . Reduce the FortiGuard cache TTL.
- C . Use flow-based inspection.
- D . Increase the maximum file size for AV inspection.
- E . Decrease the sessions TTL.
Refer to the exhibit, which shows the output of a debug command.
Which two statements about the output are true? (Choose two.)
- A . In the network connected to port 4, two OSPF routers are down.
- B . Based on the network type of port 4, OSPF hello packets will be sent to 224.0.0.5.
- C . Based on the network type of port 4, OSPF hello packets will be sent to 224.0.0.6.
- D . There are a total of 5 OSPF routers attached to the Port4 network segment.
You have configured FortiManager as a local FDS to provide FortiGate AV and IPS updates, but FortiGate devices are not receiving updates to their AV signature databases, IPS engines, or IPS signature databases.
Which two settings need to be verified for these features to function? (Choose two.)
- A . FortiGate needs to have the server list entry for FortiManager set to server-type update under config system central-management.
- B . FortiManager needs to be the license validation server for FortiGate devices trying to retrieve updated AV and IPS packages.
- C . Service access needs to be enabled on FortiManager under System Settings > Network.
- D . FortiGate needs to have include-default-servers disabled under config system central-management.
Which security feature is most commonly enabled on DCFW firewalls to protect servers in a data center?
- A . Application control
- B . IPS
- C . Antivirus
- D . Web filtering