Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

FCSS_EFW_AD-7.4 Exam Dumps - Fortinet Certified Solution Specialist Questions and Answers

Question # 14

Refer to the exhibit, which shows a revision history window in the FortiManager device layer.

The IT team is trying to identify the administrator responsible for the most recent update in the FortiGate device database.

Which conclusion can you draw about this scenario?

Options:

A.

This retrieved process was automatically triggered by a Remote FortiGate Directly (via CLI) script.

B.

The user script_manager is an API user from the Fortinet Developer Network (FDN) retrieving a configuration.

C.

To identify the user who created the event, check it on the Configuration and Installation widget on FortiGate within the FortiManager device layer.

D.

Find the user in the FortiManager system logs and use the type=script command to find the administrator user in the user field.

Buy Now
Question # 15

Refer to the exhibit, which shows an ADVPN network.

The client behind Spoke-1 generates traffic to the device located behind Spoke-2.

What is the first message that the hub sends to Spoke-1 to bring up the dynamic tunnel?

Options:

A.

Shortcut query

B.

Shortcut offer

C.

Shortcut reply

D.

Shortcut forward

Buy Now
Question # 16

What is the initial step performed by FortiGate when handling the first packets of a session?

Options:

A.

Installation of the session key in the network processor (NP)

B.

Data encryption and decryption

C.

Security inspections such as ACL, HPE, and IP integrity header checking

D.

Offloading the packets directly to the content processor (CP)

Buy Now
Question # 17

Refer to the exhibit, which shows an enterprise network connected to an internet service provider.

An administrator must configure a loopback as a BGP source to connect to the ISP.

Which two commands are required to establish the connection? (Choose two.)

Options:

A.

ebgp-enforce-multihop

B.

update-source

C.

ibgp-enforce-multihop

D.

recursive-next-hop

Buy Now
Question # 18

An administrator must minimize CPU and RAM use on a FortiGate firewall while also enabling essential security features, such as web filtering and application control for HTTPS traffic.

Which SSL inspection setting helps reduce system load while also enabling security features, such as web filtering and application control for encrypted HTTPS traffic?

Options:

A.

Use full SSL inspection to thoroughly inspect encrypted payloads.

B.

Disable SSL inspection entirely to conserve resources.

C.

Configure SSL inspection to handle HTTPS traffic efficiently.

D.

Enable SSL certificate inspection mode to perform basic checks without decrypting traffic.

Buy Now
Question # 19

Refer to the exhibit.

An administrator is deploying a hub and spokes network and using OSPF as dynamic protocol.

Which configuration is mandatory for neighbor adjacency?

Options:

A.

Set bfd enable in the router configuration

B.

Set network-type point-to-multipoint in the hub interface

C.

Set rfc1583-compatible enable in the router configuration

D.

Set virtual-link enable in the hub interface

Buy Now
Question # 20

A user reports that their computer was infected with malware after accessing a secured HTTPS website. However, when the administrator checks the FortiGate logs, they do not see that the website was detected as insecure despite having an SSL certificate and correct profiles applied on the policy.

How can an administrator ensure that FortiGate can analyze encrypted HTTPS traffic on a website?

Options:

A.

The administrator must enable reputable websites to allow only SSL/TLS websites rated by FortiGuard web filter.

B.

The administrator must enable URL extraction from SNI on the SSL certificate inspection to ensure the TLS three-way handshake is correctly analyzed by FortiGate.

C.

The administrator must enable DNS over TLS to protect against fake Server Name Indication (SNI) that cannot be analyzed in common DNS requests on HTTPS websites.

D.

The administrator must enable full SSL inspection in the SSL/SSH Inspection Profile to decrypt packets and ensure they are analyzed as expected.

Buy Now
Exam Code: FCSS_EFW_AD-7.4
Exam Name: FCSS - Enterprise Firewall 7.4 Administrator
Last Update: Apr 1, 2025
Questions: 57
FCSS_EFW_AD-7.4 pdf

FCSS_EFW_AD-7.4 PDF

$25.5  $84.99
FCSS_EFW_AD-7.4 Engine

FCSS_EFW_AD-7.4 Testing Engine

$28.5  $94.99
FCSS_EFW_AD-7.4 PDF + Engine

FCSS_EFW_AD-7.4 PDF + Testing Engine

$40.5  $134.99