Logo ExamsQA
Exit
Official Bank 0/89

FCP - FortiGate 7.4 Administrator (FCP_FGT_AD) - Fortinet Actual Exam Questions

Last updated on May 02, 2026

97% Exam Compliance
89 Total Questions
1
Question

Refer to the exhibit. Which statement about this firewall policy list is true?

Question image
Options
A

The Implicit group can include more than one deny firewall policy.
B

The firewall policies are listed by ID sequence view.
C

The firewall policies are listed by ingress and egress interfaces pairing view.
D

LAN to WAN. WAN to LAN. and Implicit are sequence grouping view lists.
Discussion (0 comments)

to join the discussion

Community Discussion

No discussions yet. Be the first to ask!

2
Question

Refer to the exhibits. The exhibits show a diagram of a FortiGate device connected to the network, as well as the firewall policy and IP pool configuration on the FortiGate device. Two PCs, PC1 and PC2, are connected behind FortiGate and can access the internet successfully. However, when the administrator adds a third PC to the network (PC3), the PC cannot connect to the internet. Based on the information shown in the exhibit, which two configuration options can the administrator use to fix the connectivity issue for PC3? (Choose two.)

Question image Question image Question image
Select 2
Options
A

o. l. 3 as an address object in the source field.
B

In the firewall policy configuration, add
C

In the IP pool configuration, set endig to 192.2.0.12.
D

Configure another firewall policy that matches only the address of PC3 as source, and then place the policy on top of the list.
E

In the IP pool configuration, set cype to overload.
Discussion (0 comments)

to join the discussion

Community Discussion

No discussions yet. Be the first to ask!

3
Question

A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes. All traffic must be routed through the primary tunnel when both tunnels are up. The secondary tunnel must be used only if the primary tunnel goes down. In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover. Which two key configuration changes must the administrator make on FortiGate to meet the requirements? (Choose two.)

Select 2
Options
A

Enable Dead Peer Detection
B

Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.
C

Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
D

Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
Discussion (0 comments)

to join the discussion

Community Discussion

No discussions yet. Be the first to ask!

4
Question

An administrator must enable a DHCP server on one of the directly connected networks on FortiGate. However, the administrator is unable to complete the process on the GUI to enable the service on the interface. In this scenario, what prevents the administrator from enabling DHCP service?

Options
A

The role of the interface prevents setting a DHCP server.
B

The DHCP server setting is available only on the CLI.
C

Another interface is configured as the only DHCP server on FortiGate.
D

The FortiGate model does not support the DHCP server.
Discussion (0 comments)

to join the discussion

Community Discussion

No discussions yet. Be the first to ask!

5
Question

Which two attributes are required on a certificate so it can be used as a CA certificate on SSL inspection? (Choose two.)

Select 2
Options
A

The issuer must be a public CA
B

The CA extension must be set to TRUE
C

The Authority Key Identifier must be of type SSL
D

The keyUsage extension must be set to keyCertSign
Discussion (0 comments)

to join the discussion

Community Discussion

No discussions yet. Be the first to ask!

Finish Practice?

Are you sure you want to finish? This will end your practice session.