27/05/2024, 18:05 FortiGate 7.

4 Operator Exam: Attempt review

 FCA - FortiGate 7.4 Operator Self-Paced

Started on Monday, May 27, 2024, 8:47 PM
State Finished
Completed on Monday, May 27, 2024, 10:04 PM
Time taken 1 hour 17 mins
Points 32/40
Grade 80 out of 100
Feedback Congratulations, you passed!

Question 1

Correct

1 points out of 1

What protocol is used to dynamically create IPSec VPN tunnels?

Select one:
Internet Key Exchange Version 2 (IKEv2)
Generic Route Encapsulation (GRE)
Point-to-Point Tunneling Protocol (PPTP)
Layer 2 Tunneling Protocol (L2TP)

Question 2

Correct

1 points out of 1

How can administrators track successful authentication attempts in FortiGate?

Select one:
By monitoring security events in real-time
By reviewing the logs and dashboards
By utilizing advanced threat intelligence feeds
By analyzing network traffic patterns

Question 3

Correct

1 points out of 1

What is the purpose of firewall policies on FortiGate?

Select one:
To control network traffic
To encrypt network traffic
To block all incoming traffic
To monitor network traffic

https://training.fortinet.com/mod/quiz/review.php?attempt=19120771&cmid=485066 1/11
27/05/2024, 18:05 FortiGate 7.4 Operator Exam: Attempt review

Question 4
Incorrect

0 points out of 1

What is the purpose of creating a firewall address object?

Select one:
To specify the source and destination interfaces
To match the source or destination IP subnet
To define the action for a firewall policy
To enable web filtering for a specific address 

Question 5
Correct

1 points out of 1

How are websites filtered using FortiGuard category filters?

Select one:
By blocking access based on the website content
By scanning the website for malware in real time
By examining the HTTP headers from the website
By denying access based on the website IP address

Question 6
Correct

1 points out of 1

When upgrading the FortiGate firmware, why is it important to follow the recommended upgrade path?

Select one:
It provides access to new major features.
It minimizes the need for configuration backups.
It ensures the compatibility and stability of the device.
It guarantees a faster upgrade process.

Question 7

Correct

1 points out of 1

What functionality does FortiGate provide to establish secure connections between a main office and its remote branches, over the internet?

Select one:
Security scanning
Firewall authentication
Virtual private networks
Monitoring and logging

https://training.fortinet.com/mod/quiz/review.php?attempt=19120771&cmid=485066 2/11
27/05/2024, 18:05 FortiGate 7.4 Operator Exam: Attempt review

Question 8
Correct

1 points out of 1

Which inspection mode examines traffic as a whole before determining an action?

Select one:
Application-level inspection
Flow-based inspection
Stateful inspection
Proxy-based inspection

Question 9

Correct

1 points out of 1

How does FortiGate handle blocked websites in web filtering using FortiGuard category filters?

Select one:
Users are allowed to access the website, but their activity is recorded in the FortiGate logs.
Users are redirected to a replacement message indicating the website is blocked.
Users are prompted to provide a valid username and password for access.
Users receive a warning message but can choose to continue accessing the website.

Question 10
Incorrect

0 points out of 1

How does FortiGate application control address evasion techniques used by peer-to-peer protocols?

Select one:
By monitoring traffic for known patterns
By allowing traffic from only well-known ports.
By analyzing flow-based inspection 
By examining a URL block list

Question 11
Correct

1 points out of 1

What is the main advantage of using Secure Socket Layer Virtual Private Network (SSL VPN) in web mode?

Select one:
No need to install client software
Access to all network resources for remote users
Support for a wide range of applications and protocols
Ability to perform client integrity checks

https://training.fortinet.com/mod/quiz/review.php?attempt=19120771&cmid=485066 3/11
27/05/2024, 18:05 FortiGate 7.4 Operator Exam: Attempt review

Question 12
Correct

1 points out of 1

What is the potential security risk associated with Hypertext Transfer Protocol Secure (HTTPS)?

Select one:
Increased network latency
Encrypted malicious traffic
Certificate errors during SSL handshake
Incompatibility with certain web browsers

Question 13
Incorrect

0 points out of 1

What are some of the features provided by IPSec VPNs?

Select one:
Data encryption and load balancing 
Network segmentation and packet inspection
Data authentication and data integrity
Bandwidth optimization and antireplay protection

Question 14
Correct

1 points out of 1

Which category of services does FortiGuard Labs provide as part of FortiGuard Security Services?

Select one:
Network segmentation and access control
Advanced threat intelligence and prevention
Data encryption and secure communications
Endpoint protection and vulnerability management

Question 15
Correct

1 points out of 1

What are two benefits of performing regular maintenance on FortiGate firewalls? (Choose two.)

Select one or more:

Meet compliance and legal requirements.
Prevent security breaches in your organization.
Minimize costs during upgrades.
Ensure you have the latest hardware.

https://training.fortinet.com/mod/quiz/review.php?attempt=19120771&cmid=485066 4/11
27/05/2024, 18:05 FortiGate 7.4 Operator Exam: Attempt review

Question 16
Correct

1 points out of 1

What is a recommended best practice when configuring Secure Socket Layer Virtual Private Network (SSL VPN)?

Select one:
Use local users for authentication.
Import the self-signed SSL certificate.
Allow connections from all locations.
Use the principle of least privilege.

Question 17
Correct

1 points out of 1

Which two settings are included in a Dynamic Host Configuration Protocol (DHCP) server configuration on FortiGate? (Choose two.)

Select one or more:

Interface Alias
Address range
Subnet object
Default gateway

Question 18
Incorrect

0 points out of 1

Why is the order of firewall policies important?

Select one:
To allow for a faster processing of high priority traffic
To ensure that the security traffic is logged before the normal traffic 
To avoid conflicts with other policies in the table with similar parameters
To ensure more granular policies are checked and applied before more general policies

Question 19
Correct

1 points out of 1

To avoid certificate errors, which field settings must be included in a Secure Sockets Layer (SSL) certificate issued by a certificate authority (CA)?

Select one:
issuer: C=US, O=Fortinet, CN=Verisign
signatureAlgorithm: SHA256withRSA and validityPeriod: 365 days
subjectAltName: DNS:*.example.com and extendedKeyUsage: serverAuth
basicConstraints: CA:TRUE and keyUsage: keyCertSign

https://training.fortinet.com/mod/quiz/review.php?attempt=19120771&cmid=485066 5/11
27/05/2024, 18:05 FortiGate 7.4 Operator Exam: Attempt review

Question 20
Correct

1 points out of 1

How does an IPS protect networks from threats?

Select one:
By encrypting all network traffic from untrusted IP addresses
By blocking all incoming network traffic from new sources
By allowing only secure access to network resources
By analyzing traffic and identifying potential threats

Question 21
Correct

1 points out of 1

How does the FortiGate intrusion prevention system (IPS) use signatures to detect malicious traffic?

Select one:
By monitoring user activity on websites
By blocking all network traffic
By decrypting Secure Sockets Layer (SSL)-encrypted traffic
By comparing network packets to known threats

Question 22
Correct

1 points out of 1

Which scan technique detects known malware by matching signatures in the FortiGuard Labs database?

Select one:
Antivirus scan
Machine learning (ML)/artificial intelligence (AI) scan
Behavioral analysis scan
Grayware scan

Question 23
Correct

1 points out of 1

Why is Secure Socket Layer (SSL) inspection necessary for the intrusion prevention system (IPS) to detect threats in encrypted traffic?

Select one:
SSL inspection improves network performance by bypassing encrypted traffic.
SSL inspection allows the IPS to detect and analyze encrypted threats.
Without SSL inspection, encrypted traffic is automatically blocked by the IPS.
The IPS engine can inspect only legacy encryption algorithms, by default.

https://training.fortinet.com/mod/quiz/review.php?attempt=19120771&cmid=485066 6/11
27/05/2024, 18:05 FortiGate 7.4 Operator Exam: Attempt review

Question 24
Correct

1 points out of 1

Why is it recommended that you use user groups instead of individual user accounts in a firewall policy?

Select one:
User groups provide stronger encryption for authentication.
User groups make it easier to monitor authenticated users.
User groups contain all individual user accounts by default.
User groups simplify the firewall configuration.

Question 25
Correct

1 points out of 1

Which action can you take to improve the security rating provided by the Fortinet Security Fabric?

Select one:
Apply one or more of the suggested best practices.
Create a configuration revision or back up the configuration.
Upgrade FortiGate to the latest mature version available.
Run the integrity check on all end devices.

Question 26
Correct

1 points out of 1

What is a scenario where automation is used in the Fortinet Security Fabric?

Select one:
Generating weekly reports for management review
Automatically quarantining a computer with malicious activity
Assigning security ratings to newly added devices
Monitoring disk space utilization on FortiAnalyzer

Question 27
Incorrect

0 points out of 1

How can you modify the security settings of a VPN tunnel created from a template in FortiGate?

Select one:
Use the custom tunnel creation option 
Convert the template to a custom tunnel
Edit the template directly
Choose a different template for the tunnel

https://training.fortinet.com/mod/quiz/review.php?attempt=19120771&cmid=485066 7/11
27/05/2024, 18:05 FortiGate 7.4 Operator Exam: Attempt review

Question 28
Incorrect

0 points out of 1

In which architecture is the need to control application traffic becoming increasingly relevant?

Select one:
Traditional client-server architecture
Distributed architecture
Peer-to-peer architecture
Cloud-based architecture 

Question 29

Correct

1 points out of 1

Which two protocols can you use for administrative access on a FortiGate interface?

Select one:
Hypertext Transfer Protocol Secure (HTTPS) and Secure Shell (SSH)
Remote Desktop Protocol (RDP) and Hypertext Transfer Protocol (HTTP)
Simple Mail Transfer Protocol (SMTP) and Secure Sockets Layer (SSL)
Telnet and Simple Network Management Protocol (SNMP)

Question 30
Correct

1 points out of 1

What are the three key categories of services provided by FortiGuard Labs?

Select one:
Data encryption, network segmentation, and access control
Machine learning, antivirus, and network monitoring
Artificial intelligence, real-time threat protection, and outbreak alerts
Threat hunting, intrusion detection, and firewall management

Question 31
Correct

1 points out of 1

What is grayware?

Select one:
Known malware with existing signatures
New and unknown malware variants
Malicious files sent to the sandbox for inspection
Unsolicited programs installed without user consent

https://training.fortinet.com/mod/quiz/review.php?attempt=19120771&cmid=485066 8/11
27/05/2024, 18:05 FortiGate 7.4 Operator Exam: Attempt review

Question 32
Correct

1 points out of 1

How does FortiGate intrusion prevention system (IPS) detect anomalous traffic patterns that do not conform to established protocol
requirements and standards?

Select one:
By decrypting network packets
By using protocol decoders
By monitoring user behavior
By analyzing Secure Sockets Layer (SSL) certificates

Question 33

Correct

1 points out of 1

In addition to central processing unit (CPU) and memory usage, what are two other key performance parameters you should monitor on
FortiGate? (Choose two.)

Select one or more:

Number of SSL sessions
Number of days for licenses to expire
Number of active VPN tunnels
Number of local users and user groups

Question 34
Correct

1 points out of 1

Which inspection mode processes and forwards each packet, without waiting for the complete file or web page?

Select one:
Stateful inspection
Application-level inspection
Proxy-based inspection
Flow-based inspection

Question 35
Correct

1 points out of 1

You need to examine the logs related to local users watching YouTube videos. Where can you find those logs?

Select one:
Log and Report > Security Events > Application Control
Log and Report > Security Events > Intrusion Prevention
Log and Report > Security Events > WebFilter
Log and Report > Security Events > Antivirus

https://training.fortinet.com/mod/quiz/review.php?attempt=19120771&cmid=485066 9/11
27/05/2024, 18:05 FortiGate 7.4 Operator Exam: Attempt review

Question 36
Correct

1 points out of 1

Which piece of information does FortiGate know about the user without firewall authentication?

Select one:
The user login name
The originating domain name
The source IP address
The application being used

Question 37
Correct

1 points out of 1

What is the key difference between Secure Sockets Layer (SSL) certificate inspection and SSL deep inspection?

Select one:
SSL certificate inspection decrypts and inspects encrypted content, while SSL deep inspection verifies the identity of the web server.
SSL certificate inspection applies to only HTTPS traffic, while SSL deep inspection applies to multiple SSL-encrypted protocols.
SSL certificate inspection requires a trusted certificate authority (CA), while SSL deep inspection uses the FortiGate CA certificate.
SSL certificate inspection introduces certificate errors, while SSL deep inspection prevents certificate warnings.

Question 38
Incorrect

0 points out of 1

Which two criteria can be matched in the Source field of a firewall policy?

Select one:
Interface and service type 
Address group and hostname
MAC address and domain name
IP address and user

Question 39
Incorrect

0 points out of 1

What are two consequences of allowing a FortiGate license to expire? (Choose two.)

Select one or more:

Loss of access to software updates and technical support
Inability to monitor system logs and generate network reports
Reduced FortiGate performance and increased vulnerability to security threats 
Disruption of network services and potential legal issues

https://training.fortinet.com/mod/quiz/review.php?attempt=19120771&cmid=485066 10/11
27/05/2024, 18:05 FortiGate 7.4 Operator Exam: Attempt review

Question 40
Correct

1 points out of 1

Excluding the steps for tuning the sensors, what is the last step involved in configuring IPS on FortiGate?

Select one:
Blocking malicious URLs and botnet command-and-control (C&C) traffic
Enabling SSL inspection for the traffic of interest
Editing the sensor's signature and filters
Applying the sensor to a firewall policy

https://training.fortinet.com/mod/quiz/review.php?attempt=19120771&cmid=485066 11/11