FortiGate Operator 7.4
Which two settings are included in a Dynamic Host Configuration Protocol (DHCP) server configuration on FortiGate? (Choose two.)
Address range & Default gateway
Which scan technique detects known malware by matching signatures in the FortiGuard Labs database?
Antivirus scan
Which two additional features and settings can you apply to traffic after it is accepted by a firewall policy? (Choose two.)
Antivirus scanning & Application control
Which action can you take to improve the security rating provided by the Fortinet Security Fabric?
Apply one or more of the suggested best practices.
What are two reasons why FortiGate Secure Socket Layer Virtual Private Network (SSL VPN) is considered cost-effective compared to other vendors? (Choose two.)
Because it does not require an additional license. & Because the number of remote users is determined by the model.
How does an IPS protect networks from threats?
By analyzing traffic and identifying potential threats
What protocol is used to dynamically create IPSec VPN tunnels?
Internet Key Exchange Version 2 (IKEv2)
What are two activities that cybercriminals can perform using malware? (Choose two.)
Steal intellectual property & Extort money
How does FortiGate handle blocked websites in web filtering using FortiGuard category filters?
Users are redirected to a replacement message indicating the website is blocked.
When is remote authentication preferred over local authentication?
When multiple FortiGate devices need to authenticate the same users or user groups
Excluding the steps for tuning the sensors, what is the last step involved in configuring IPS on FortiGate?
Wrong answer Enabling SSL inspection for the traffic of interest
To avoid certificate errors, which field settings must be included in a Secure Sockets Layer (SSL) certificate issued by a certificate authority (CA)?
basicConstraints: CA:TRUE and keyUsage: keyCertSign
Which two items should you configure as the source of a firewall policy, to allow all internal users in a small office to access the internet? (Choose two.)
Users or user groups & The IP subnet of the LAN
What functionality does FortiGate provide to establish secure connections between a main office and its remote branches, over the internet?
Virtual private networks
What is the purpose of firewall policies on FortiGate?
To control network traffic
How are websites filtered using FortiGuard category filters?
By blocking access based on the website content
What is the recommended process to configure FortiGate for remote authentication for user identification?
Create a user group, map authenticated remote users to the group, and configure a firewall policy with the user group as the source.
Which two steps are involved in configuring web filtering based on FortiGuard category filters? (Choose two.)
Create a web filtering security profile using FortiGuard category-based filters. & Apply the web filter security profile to the appropriate firewall policy.
What are two consequences of allowing a FortiGate license to expire? (Choose two.)
Disruption of network services and potential legal issues & Loss of access to software updates and technical support
What is the potential security risk associated with Hypertext Transfer Protocol Secure (HTTPS)?
Encrypted malicious traffic
Which inspection mode processes and forwards each packet, without waiting for the complete file or web page?
Flow-based inspection
Which two protocols can you use for administrative access on a FortiGate interface?
Hypertext Transfer Protocol Secure (HTTPS) and Secure Shell (SSH)
When upgrading the FortiGate firmware, why is it important to follow the recommended upgrade path?
It ensures the compatibility and stability of the device.
What is the main advantage of using Secure Socket Layer Virtual Private Network (SSL VPN) in web mode?
It is a numerical value based on device settings and best practices.
What is the security rating in the Fortinet Security Fabric, and how is it calculated?
It is a numerical value based on device settings and best practices.
Which actions can you apply to application categories in the Application Control profile?
Monitor, allow, block, or quarantine
In addition to central processing unit (CPU) and memory usage, what are two other key performance parameters you should monitor on FortiGate?
Number of SSL sessions
What is the key difference between Secure Sockets Layer (SSL) certificate inspection and SSL deep inspection?
SSL certificate inspection applies to only HTTPS traffic, while SSL deep inspection applies to multiple SSL-encrypted protocols.
Which piece of information does FortiGate know about the user without firewall authentication?
The source IP address
Why is the order of firewall policies important?
To ensure more granular policies are checked and applied before more general policies
What is the purpose of creating a firewall address object?
To match the source or destination IP subnet
What are two reasons why organizations and individuals use web filtering? (Choose two.)
To prevent network congestion & To preserve employee productivity
Why is it important to back up FortiGate system configurations regularly?
To save time and effort in case of a hardware failure
Which two options can you use for centralized logging when you configure the Fortinet Security Fabric? (Choose two.)
FortiAnalyzer
When configuring antivirus scanning on a firewall policy, which antivirus item should you select?
Antivirus profile
What are some of the features provided by IPSec VPNs?
Data authentication and data integrity
How does the FortiGate intrusion prevention system (IPS) use signatures to detect malicious traffic?
By comparing network packets to known threats
How does FortiGate application control address evasion techniques used by peer-to-peer protocols?
By monitoring traffic for known patterns
How can administrators track successful authentication attempts in FortiGate?
By reviewing the logs and dashboards
How can you modify the security settings of a VPN tunnel created from a template in FortiGate?
Edit the template directly
You need to examine the logs related to local users watching YouTube videos. Where can you find those logs?
Log and Report > Security Events > Application Control
What are two benefits of performing regular maintenance on FortiGate firewalls? (Choose two.)
Prevent security breaches in your organization.
Why is Secure Socket Layer (SSL) inspection necessary for the intrusion prevention system (IPS) to detect threats in encrypted traffic?
SSL inspection allows the IPS to detect and analyze encrypted threats
When configuring a static route on FortiGate, what does the destination represent?
The network or host to which traffic will be forwarded
Why is it recommended that you use user groups instead of individual user accounts in a firewall policy?
User groups simplify the firewall configuration.
What is grayware?
Unsolicited programs installed without user consent
