Fortinet FCSS_EFW_AD-7.4 Übungsprüfungen
Zuletzt aktualisiert am 29.08.2025- Prüfungscode: FCSS_EFW_AD-7.4
- Prüfungsname: FCSS - Enterprise Firewall 7.4 Administrator
- Zertifizierungsanbieter: Fortinet
- Zuletzt aktualisiert am: 29.08.2025
Refer to the exhibit, which shows a FortiGate configuration.
An administrator is troubleshooting a web filter issue on FortiGate. The administrator has configured a web filter profile and applied it to a policy; however, the web filter is not inspecting any traffic that is passing through the policy.
What must the administrator change to fix the issue?
- A . The administrator must increase webfilter-timeout.
- B . The administrator must change protocol to TCP.
- C . The administrator must enable fortiguard-anycast.
- D . The administrator must disable webfilter-force-off.
View the exhibit, which contains the partial output of an IKE real time debug, and then answer the question below.
The administrator does not have access to the remote gateway.
Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1 negotiation error?
- A . Change phase 1 encryption to AESCBC and authentication to SHA128.
- B . Change phase 1 encryption to 3DES and authentication to CBC.
- C . Change phase 1 encryption to AES128 and authentication to SHA512.
- D . Change phase 1 encryption to 3DES and authentication to SHA256.
An administrator has been assigned the task of creating a set of firewall policies which must be evaluated before any custom policies defined within the policy packages of managed FortiGate devices, across all 25 ADOMSs in FortiManager.
How should the administrator accomplish this task?
- A . Create a footer policy in the Global ADOM containing the firewall policies that must be evaluated first, and then assign this footer policy to all other ADOMs.
- B . Create a header policy in the Global ADOM containing the firewall policies that must be evaluated first, and then assign this header policy to all other ADOMs.
- C . Move the FortiGate devices into a single globally scoped ADOM, and merge policy packages, inserting the new firewall policies at the top.
- D . Use a CLI script from the root ADOM on FortiManager to push these new policies to all FortiGate devices, through the FGFM tunnel.
Which two events can trigger an HA failover? (Choose two.)
- A . The failure of a solid-state drive
- B . The physical disconnection of a heartbeat interface
- C . A configuration sync failure
- D . A session sync failure
Examine the output of the ‘get router info ospf interface’ command shown in the exhibit; then answer the question below.
Which statements are true regarding the above output? (Choose two.)
- A . The port4 interface is connected to the OSPF backbone area.
- B . The local FortiGate has been elected as the OSPF backup designated router.
- C . There are at least 5 OSPF routers connected to the port4 network.
- D . Two OSPF routers are down in the port4 network.
View the exhibit, which contains a hub-and-spoke VPN topology with two hubs, then answer the question below.
An administrator wants to configure ADVPN.
Which ADVPN setting needs to be enabled in the tunnel between Hub1 and Hub2 FortiGates?
- A . set auto-discovery-forwarder enabled
- B . set auto-discovery-receiver enabled
- C . set auto-discovery-sender enabled
- D . set auto-discovery-ipsec enabled
Which two statements about OCVPN are true? (Choose two.)
- A . Only root vdom supports OCVPN.
- B . OCVPN supports static and dynamic IPs in WAN interface.
- C . OCVPN offers only Hub-Spoke VPNs.
- D . FortiGate devices under different FortiCare accounts can be used to form OCVPN.
Which of the following conditions must be met for a static route to be active in the routing table? (Choose three.)
- A . The next-hop IP address is up.
- B . There is no other route, to the same destination, with a higher distance.
- C . The link health monitor (if configured) is up.
- D . The next-hop IP address belongs to one of the outgoing interface subnets.
- E . The outgoing interface is up.
Which two conditions must be met for a statistic route to be active in the routing table? (Choose two.)
- A . The link health monitor (if configured) is up.
- B . There is no other route, to the same destination, with a higher distance.
- C . The outgoing interface is up.
- D . The next-hop IP address is up.
Refer to the exhibit, which contains the debug output of diagnose dvm device list.
Which two statements about the output shown in the exhibit are correct? (Choose two.)
- A . ADOMs are disabled on the FortiManager
- B . The FortiGate configuration is in sync with latest running revision history.
- C . There are pending device-level changes yet to be installed on Local-FortiGate.
- D . The policy package has been modified for Local-FortiGate.