FCA - Operator Exam Q's
How does an IPS protect networks from threats?
By analyzing traffic and identifying potential threats
How are websites filtered using FortiGuard category filters?
By blocking access based on the website content
What are some of the features provided by IPSec VPNs?
Data authentication and data integrity
What is a recommended best practice when configuring Secure Socket Layer Virtual Private Network (SSL VPN)?
Use the principle of least privilege.
How does FortiGate handle blocked websites in web filtering using FortiGuard category filters?
Users are redirected to a replacement message indicating the website is blocked.
To avoid certificate errors, which field settings must be included in a Secure Sockets Layer (SSL) certificate issued by a certificate authority (CA)?
basicConstraints: CA:TRUE and keyUsage: keyCertSign
What functionality does FortiGate provide to establish secure connections between a main office and its remote branches, over the internet?
VPNs
Which inspection mode examines traffic as a whole before determining an action?
Proxy based
Why is it important to back up FortiGate system configurations regularly?
To save time and effort in case of a hardware failure
Which two additional features and settings can you apply to traffic after it is accepted by a firewall policy? (Choose two.)
Antivirus Scanning and
When configuring antivirus scanning on a firewall policy, which antivirus item should you select?
Antivirus profile
Which scan technique detects known malware by matching signatures in the FortiGuard Labs database?
Antivirus scan
Which two steps are involved in configuring web filtering based on FortiGuard category filters? (Choose two.)
Apply the web filter security profile to the appropriate firewall policy AND Create a web filtering security profile using FortiGuard category-based filters.
Excluding the steps for tuning the sensors, what is the last step involved in configuring IPS on FortiGate?
Applying the sensor to a firewall policy
What is a scenario where automation is used in the Fortinet Security Fabric?
Automatically quarantining a computer with malicious activity
What are two reasons why FortiGate Secure Socket Layer Virtual Private Network (SSL VPN) is considered cost-effective compared to other vendors? (Choose two.)
Because it does not require an additional license. Because the number of remote users is determined by the model.
How does FortiGate application control address evasion techniques used by peer-to-peer protocols?
By monitoring traffic for known patterns
How can administrators track successful authentication attempts in FortiGate?
By reviewing the logs and dashboards
What is the recommended process to configure FortiGate for remote authentication for user identification?
Create a user group, map authenticated remote users to the group, and configure a firewall policy with the user group as the source.
What is the potential security risk associated with Hypertext Transfer Protocol Secure (HTTPS)?
Encrypted malicious traffic
What are two activities that cybercriminals can perform using malware? (Choose two.)
Extort Money and Steal Intellectual Property
Which inspection mode processes and forwards each packet, without waiting for the complete file or web page?
Flow-based inspection
Which two options can you use for centralized logging when you configure the Fortinet Security Fabric? (Choose two.)
FortiAnalyzer and FortiGate Cloud
What causes a web browser to display a certificate warning when using Secure Sockets Layer (SSL) deep inspection with the FortiGate CA certificate?
FortiGate is using a CA that is not trusted by the web browser.
When upgrading the FortiGate firmware, why is it important to follow the recommended upgrade path?
It ensures the compatibility and stability of the device.
What is the security rating in the Fortinet Security Fabric, and how is it calculated?
It is a numerical value based on device settings and best practices.
You need to examine the logs related to local users watching YouTube videos. Where can you find those logs?
Log and Report > Security Events > Application Control
What are two consequences of allowing a FortiGate license to expire? (Choose two.)
Loss of access to software updates and technical support and
Which actions can you apply to application categories in the Application Control profile?
Monitor, allow, block, or quarantine
What is the main advantage of using Secure Socket Layer Virtual Private Network (SSL VPN) in web mode?
No need to install client software
In addition to central processing unit (CPU) and memory usage, what are two other key performance parameters you should monitor on FortiGate? (Choose two.)
Number of SSL sessions Number of active VPN tunnels
In which architecture is the need to control application traffic becoming increasingly relevant?
Peer-to-peer architecture
What are two benefits of performing regular maintenance on FortiGate firewalls? (Choose two.)
Prevent security breaches in your organization and Meet
Why is Secure Socket Layer (SSL) inspection necessary for the intrusion prevention system (IPS) to detect threats in encrypted traffic?
SSL inspection allows the IPS to detect and analyze encrypted threats.
How do you configure an internet service as the destination in a firewall policy?
Select the service from the ISDB.
When configuring a static route on FortiGate, what does the destination represent?
The network or host to which traffic will be forwarded
What is the purpose of firewall policies on FortiGate?
To control network traffic
Why is the order of firewall policies important?
To ensure more granular policies are checked and applied before more general policies
What is the purpose of the FortiGuard Labs signature database?
To keep FortiGate firewalls protected against the latest malware variants
What are two reasons why organizations and individuals use web filtering? (Choose two.)
To prevent network congestion and To preserve employee productivity
What protocol is used to dynamically create IPSec VPN tunnels?
Internet Key Exchange Version 2 (IKEv2)
Which two items should you configure as the source of a firewall policy, to allow all internal users in a small office to access the internet? (Choose two.)
User or User groups and The IP subnet of the LAN
What is grayware?
Unsolicited programs installed without user consent
Which two settings are included in a Dynamic Host Configuration Protocol (DHCP) server configuration on FortiGate? (Choose two.)
Address range and Default Gateway
