9/29/24, 5:13 PM FortiGate 7.

4 Operator Exam: Attempt review

 FCA - FortiGate 7.4 Operator Self-Paced

Started on Sunday, September 29, 2024, 3:23 PM
State Finished
Completed on Sunday, September 29, 2024, 4:11 PM
Time taken 48 mins 1 sec
Points 38/40
Grade 95 out of 100
Feedback Congratulations, you passed!

Question 1

Correct

1 points out of 1

Which two options can you use for centralized logging when you configure the Fortinet Security Fabric? (Choose two.)

Select one or more:

FortiGate Cloud
FortiSOAR
FortiAnalyzer
Syslog server

Question 2

Correct

1 points out of 1

Which category of services does FortiGuard Labs provide as part of FortiGuard Security Services?

Select one:
Endpoint protection and vulnerability management
Network segmentation and access control
Advanced threat intelligence and prevention
Data encryption and secure communications

Question 3

Correct

1 points out of 1

What is the main advantage of using Secure Socket Layer Virtual Private Network (SSL VPN) in web mode?

Select one:
No need to install client software
Ability to perform client integrity checks
Access to all network resources for remote users
Support for a wide range of applications and protocols

https://training.fortinet.com/mod/quiz/review.php?attempt=20192519&cmid=485066 1/11
9/29/24, 5:13 PM FortiGate 7.4 Operator Exam: Attempt review

Question 4
Correct

1 points out of 1

What is a scenario where automation is used in the Fortinet Security Fabric?

Select one:
Monitoring disk space utilization on FortiAnalyzer
Generating weekly reports for management review
Assigning security ratings to newly added devices
Automatically quarantining a computer with malicious activity

Question 5
Correct

1 points out of 1

What are two activities that cybercriminals can perform using malware? (Choose two.)

Select one or more:

Damage physical ports
Steal intellectual property
Extort money
Trigger a high availability (HA) failover

Question 6
Correct

1 points out of 1

Why is it recommended that you use user groups instead of individual user accounts in a firewall policy?

Select one:
User groups make it easier to monitor authenticated users.
User groups provide stronger encryption for authentication.
User groups simplify the firewall configuration.
User groups contain all individual user accounts by default.

Question 7

Correct

1 points out of 1

How does FortiGate application control address evasion techniques used by peer-to-peer protocols?

Select one:
By allowing traffic from only well-known ports.
By examining a URL block list
By analyzing flow-based inspection
By monitoring traffic for known patterns

https://training.fortinet.com/mod/quiz/review.php?attempt=20192519&cmid=485066 2/11
9/29/24, 5:13 PM FortiGate 7.4 Operator Exam: Attempt review

Question 8
Correct

1 points out of 1

How can you modify the security settings of a VPN tunnel created from a template in FortiGate?

Select one:
Convert the template to a custom tunnel
Choose a different template for the tunnel
Use the custom tunnel creation option
Edit the template directly

Question 9

Correct

1 points out of 1

When upgrading the FortiGate firmware, why is it important to follow the recommended upgrade path?

Select one:
It ensures the compatibility and stability of the device.
It guarantees a faster upgrade process.
It provides access to new major features.
It minimizes the need for configuration backups.

Question 10
Correct

1 points out of 1

Which scan technique detects known malware by matching signatures in the FortiGuard Labs database?

Select one:
Machine learning (ML)/artificial intelligence (AI) scan
Antivirus scan
Behavioral analysis scan
Grayware scan

Question 11
Correct

1 points out of 1

What is grayware?

Select one:
Known malware with existing signatures
New and unknown malware variants
Unsolicited programs installed without user consent
Malicious files sent to the sandbox for inspection

https://training.fortinet.com/mod/quiz/review.php?attempt=20192519&cmid=485066 3/11
9/29/24, 5:13 PM FortiGate 7.4 Operator Exam: Attempt review

Question 12
Incorrect

0 points out of 1

What are two consequences of allowing a FortiGate license to expire? (Choose two.)

Select one or more:

Reduced FortiGate performance and increased vulnerability to security threats 
Inability to monitor system logs and generate network reports
Disruption of network services and potential legal issues
Loss of access to software updates and technical support

Question 13
Incorrect

0 points out of 1

In which architecture is the need to control application traffic becoming increasingly relevant?

Select one:
Traditional client-server architecture
Peer-to-peer architecture
Cloud-based architecture 
Distributed architecture

Question 14
Correct

1 points out of 1

Which inspection mode examines traffic as a whole before determining an action?

Select one:
Flow-based inspection
Stateful inspection
Application-level inspection
Proxy-based inspection

Question 15
Correct

1 points out of 1

Which protocol is used for the authentication and encryption of the data in an IPSec VPN implementation?

Select one:
Encapsulation Security Payload (ESP)
Secure Hash Algorithm (SHA)
Advanced Encryption Standard (AES)
Transport Layer Security (TLS)

https://training.fortinet.com/mod/quiz/review.php?attempt=20192519&cmid=485066 4/11
9/29/24, 5:13 PM FortiGate 7.4 Operator Exam: Attempt review

Question 16
Correct

1 points out of 1

How does the FortiGate intrusion prevention system (IPS) use signatures to detect malicious traffic?

Select one:
By comparing network packets to known threats
By blocking all network traffic
By decrypting Secure Sockets Layer (SSL)-encrypted traffic
By monitoring user activity on websites

Question 17
Correct

1 points out of 1

Which two additional features and settings can you apply to traffic after it is accepted by a firewall policy? (Choose two.)

Select one or more:

Antivirus scanning
Application control
Packet filtering
User authentication

Question 18
Correct

1 points out of 1

What is the security rating in the Fortinet Security Fabric, and how is it calculated?

Select one:
It is a numerical value based on device settings and best practices.
It is calculated based on the number of security logs generated.
It represents the current level of network performance.
It indicates the level of compatibility with third-party devices.

Question 19
Correct

1 points out of 1

Why is the order of firewall policies important?

Select one:
To ensure more granular policies are checked and applied before more general policies
To ensure that the security traffic is logged before the normal traffic
To allow for a faster processing of high priority traffic
To avoid conflicts with other policies in the table with similar parameters

https://training.fortinet.com/mod/quiz/review.php?attempt=20192519&cmid=485066 5/11
9/29/24, 5:13 PM FortiGate 7.4 Operator Exam: Attempt review

Question 20
Correct

1 points out of 1

What are some of the features provided by IPSec VPNs?

Select one:
Bandwidth optimization and antireplay protection
Network segmentation and packet inspection
Data encryption and load balancing
Data authentication and data integrity

Question 21
Correct

1 points out of 1

What protocol is used to dynamically create IPSec VPN tunnels?

Select one:
Layer 2 Tunneling Protocol (L2TP)
Generic Route Encapsulation (GRE)
Point-to-Point Tunneling Protocol (PPTP)
Internet Key Exchange Version 2 (IKEv2)

Question 22
Correct

1 points out of 1

In addition to central processing unit (CPU) and memory usage, what are two other key performance parameters you should monitor on
FortiGate? (Choose two.)

Select one or more:

Number of days for licenses to expire
Number of active VPN tunnels
Number of SSL sessions
Number of local users and user groups

Question 23

Correct

1 points out of 1

What is the purpose of firewall policies on FortiGate?

Select one:
To monitor network traffic
To block all incoming traffic
To encrypt network traffic
To control network traffic

https://training.fortinet.com/mod/quiz/review.php?attempt=20192519&cmid=485066 6/11
9/29/24, 5:13 PM FortiGate 7.4 Operator Exam: Attempt review

Question 24
Correct

1 points out of 1

When configuring antivirus scanning on a firewall policy, which antivirus item should you select?

Select one:
Antivirus engine version
Antivirus profile
Antivirus schedule
Antivirus exclusion list

Question 25
Correct

1 points out of 1

When configuring a static route on FortiGate, what does the destination represent?

Select one:
The IP address of the next-hop router
The local interface on FortiGate for the outgoing traffic
The IP address of the remote DNS server
The network or host to which traffic will be forwarded

Question 26
Correct

1 points out of 1

Which two items should you configure as the source of a firewall policy, to allow all internal users in a small office to access the internet?
(Choose two.)

Select one or more:

Application signatures
Security profiles
Users or user groups
The IP subnet of the LAN

Question 27

Correct

1 points out of 1

How are websites filtered using FortiGuard category filters?

Select one:
By examining the HTTP headers from the website
By denying access based on the website IP address
By blocking access based on the website content
By scanning the website for malware in real time

https://training.fortinet.com/mod/quiz/review.php?attempt=20192519&cmid=485066 7/11
9/29/24, 5:13 PM FortiGate 7.4 Operator Exam: Attempt review

Question 28
Correct

1 points out of 1

When is remote authentication preferred over local authentication?

Select one:
When FortiGate needs to give lower priority to the traffic from local user accounts
When the network does not have an available authentication server
When FortiGate does not support local user accounts
When multiple FortiGate devices need to authenticate the same users or user groups

Question 29

Correct

1 points out of 1

Which condition could prevent a configured route from being added to the FortiGate routing table?

Select one:
The incorrect distance being set for the default gateway IP address
The absence of administrative access protocols on the interface
The DHCP server associated with the route being disabled
The presence of a better route for the same destination

Question 30
Correct

1 points out of 1

Which two protocols can you use for administrative access on a FortiGate interface?

Select one:
Telnet and Simple Network Management Protocol (SNMP)
Remote Desktop Protocol (RDP) and Hypertext Transfer Protocol (HTTP)
Hypertext Transfer Protocol Secure (HTTPS) and Secure Shell (SSH)
Simple Mail Transfer Protocol (SMTP) and Secure Sockets Layer (SSL)

Question 31
Correct

1 points out of 1

Which inspection mode processes and forwards each packet, without waiting for the complete file or web page?

Select one:
Stateful inspection
Flow-based inspection
Proxy-based inspection
Application-level inspection

https://training.fortinet.com/mod/quiz/review.php?attempt=20192519&cmid=485066 8/11
9/29/24, 5:13 PM FortiGate 7.4 Operator Exam: Attempt review

Question 32
Correct

1 points out of 1

What is the potential security risk associated with Hypertext Transfer Protocol Secure (HTTPS)?

Select one:
Incompatibility with certain web browsers
Encrypted malicious traffic
Increased network latency
Certificate errors during SSL handshake

Question 33
Correct

1 points out of 1

What is the key difference between Secure Sockets Layer (SSL) certificate inspection and SSL deep inspection?

Select one:
SSL certificate inspection decrypts and inspects encrypted content, while SSL deep inspection verifies the identity of the web server.
SSL certificate inspection applies to only HTTPS traffic, while SSL deep inspection applies to multiple SSL-encrypted protocols.
SSL certificate inspection introduces certificate errors, while SSL deep inspection prevents certificate warnings.
SSL certificate inspection requires a trusted certificate authority (CA), while SSL deep inspection uses the FortiGate CA certificate.

Question 34
Correct

1 points out of 1

You need to examine the logs related to local users watching YouTube videos. Where can you find those logs?

Select one:
Log and Report > Security Events > Antivirus
Log and Report > Security Events > Application Control
Log and Report > Security Events > WebFilter
Log and Report > Security Events > Intrusion Prevention

Question 35

Correct

1 points out of 1

What functionality does FortiGate provide to establish secure connections between a main office and its remote branches, over the internet?

Select one:
Monitoring and logging
Security scanning
Virtual private networks
Firewall authentication

https://training.fortinet.com/mod/quiz/review.php?attempt=20192519&cmid=485066 9/11
9/29/24, 5:13 PM FortiGate 7.4 Operator Exam: Attempt review

Question 36
Correct

1 points out of 1

Why is Secure Socket Layer (SSL) inspection necessary for the intrusion prevention system (IPS) to detect threats in encrypted traffic?

Select one:
The IPS engine can inspect only legacy encryption algorithms, by default.
SSL inspection allows the IPS to detect and analyze encrypted threats.
Without SSL inspection, encrypted traffic is automatically blocked by the IPS.
SSL inspection improves network performance by bypassing encrypted traffic.

Question 37
Correct

1 points out of 1

How does an IPS protect networks from threats?

Select one:
By allowing only secure access to network resources
By blocking all incoming network traffic from new sources
By encrypting all network traffic from untrusted IP addresses
By analyzing traffic and identifying potential threats

Question 38
Correct

1 points out of 1

What is the purpose of the FortiGuard Labs signature database?

Select one:
To give FortiGate firewalls the ability to track network traffic and usage patterns
To keep FortiGate firewalls protected against the latest malware variants
To identify and correct vulnerabilities in FortiGate firewalls
To provide secure configuration templates to FortiGate firewalls

Question 39
Correct

1 points out of 1

How do you configure an internet service as the destination in a firewall policy?

Select one:
Configure the service with a virtual IP.
Choose the IP subnet of the service.
Specify the MAC address of the service.
Select the service from the ISDB.

https://training.fortinet.com/mod/quiz/review.php?attempt=20192519&cmid=485066 10/11
9/29/24, 5:13 PM FortiGate 7.4 Operator Exam: Attempt review

Question 40
Correct

1 points out of 1

Which actions can you apply to application categories in the Application Control profile?

Select one:
Monitor, allow, block, or quarantine
Monitor, optimize, redirect, or shape
Authenticate, log, encrypt, or back up
Allow, encrypt, compress, or redirect

https://training.fortinet.com/mod/quiz/review.php?attempt=20192519&cmid=485066 11/11