Professional Documents
Culture Documents
FortiGate 7.4 Operator Exam - Attempt Review
FortiGate 7.4 Operator Exam - Attempt Review
Question 1 What is a recommended best practice when configuring Secure Socket Layer Virtual Private Network (SSL VPN)?
Correct
https://training.fortinet.com/mod/quiz/review.php?attempt=18468023&cmid=485066 1/15
15/3/24, 18:55 FortiGate 7.4 Operator Exam: Attempt review
Question 3 How does FortiGate application control address evasion techniques used by peer-to-peer protocols?
Correct
Question 4 When upgrading the FortiGate firmware, why is it important to follow the recommended upgrade path?
Correct
https://training.fortinet.com/mod/quiz/review.php?attempt=18468023&cmid=485066 2/15
15/3/24, 18:55 FortiGate 7.4 Operator Exam: Attempt review
Question 5 Which protocol is used for the authentication and encryption of the data in an IPSec VPN implementation?
Correct
Question 7 Which two protocols can you use for administrative access on a FortiGate interface?
Correct
https://training.fortinet.com/mod/quiz/review.php?attempt=18468023&cmid=485066 3/15
15/3/24, 18:55 FortiGate 7.4 Operator Exam: Attempt review
Question 8 Which two criteria can be matched in the Source field of a firewall policy?
Correct
Question 9 You need to examine the logs related to local users watching YouTube videos. Where can you find those logs?
Correct
Question 10 What are the three key categories of services provided by FortiGuard Labs?
Correct
https://training.fortinet.com/mod/quiz/review.php?attempt=18468023&cmid=485066 4/15
15/3/24, 18:55 FortiGate 7.4 Operator Exam: Attempt review
Question 11 How does the FortiGate intrusion prevention system (IPS) use signatures to detect malicious traffic?
Correct
Question 12 Which two steps are involved in configuring web filtering based on FortiGuard category filters? (Choose two.)
Correct
Question 13 To avoid certificate errors, which field settings must be included in a Secure Sockets Layer (SSL) certificate issued by a certificate
Incorrect authority (CA)?
0 points out of 1
Select one:
issuer: C=US, O=Fortinet, CN=Verisign
subjectAltName: DNS:*.example.com and extendedKeyUsage: serverAuth
signatureAlgorithm: SHA256withRSA and validityPeriod: 365 days
basicConstraints: CA:TRUE and keyUsage: keyCertSign
https://training.fortinet.com/mod/quiz/review.php?attempt=18468023&cmid=485066 5/15
15/3/24, 18:55 FortiGate 7.4 Operator Exam: Attempt review
Question 14 What is a characteristic of a firewall policy used to allow the traffic from Secure Socket Layer Virtual Private Network (SSL VPN)
Incorrect connections?
0 points out of 1
Select one:
It defines the port number used for the SSL VPN portal.
It uses a virtual tunnel interface in the source field.
It encapsulates the traffic using the VPN settings configured.
It assigns SSL certificates to user groups trying to connect.
Question 15 Which condition could prevent a configured route from being added to the FortiGate routing table?
Correct
Question 16 Which two additional features and settings can you apply to traffic after it is accepted by a firewall policy? (Choose two.)
Correct
https://training.fortinet.com/mod/quiz/review.php?attempt=18468023&cmid=485066 6/15
15/3/24, 18:55 FortiGate 7.4 Operator Exam: Attempt review
Question 17 What is the recommended process to configure FortiGate for remote authentication for user identification?
Correct
Question 18 What is the security rating in the Fortinet Security Fabric, and how is it calculated?
Correct
https://training.fortinet.com/mod/quiz/review.php?attempt=18468023&cmid=485066 7/15
15/3/24, 18:55 FortiGate 7.4 Operator Exam: Attempt review
Question 20 What causes a web browser to display a certificate warning when using Secure Sockets Layer (SSL) deep inspection with the
Incorrect FortiGate CA certificate?
0 points out of 1
Select one:
FortiGate is using a CA that is not trusted by the web browser.
The browser does not support SSL deep inspection.
FortiGate is unable to decrypt the SSL-encrypted traffic.
The temporary certificate makes FortiGate behave like a man-in-the-middle (MITM) attack.
Question 21 Which two settings are included in a Dynamic Host Configuration Protocol (DHCP) server configuration on FortiGate? (Choose
Correct two.)
1 points out of 1
Select one or more:
Interface Alias
Address range
Subnet object
Default gateway
Question 22 Which scan technique detects known malware by matching signatures in the FortiGuard Labs database?
Correct
https://training.fortinet.com/mod/quiz/review.php?attempt=18468023&cmid=485066 8/15
15/3/24, 18:55 FortiGate 7.4 Operator Exam: Attempt review
Question 23 What are two reasons why FortiGate Secure Socket Layer Virtual Private Network (SSL VPN) is considered cost-effective
Correct compared to other vendors? (Choose two.)
1 points out of 1
Select one or more:
Because it provides full network access to remote users.
Because it supports a limited number of third-party applications.
Because the number of remote users is determined by the model.
Because it does not require an additional license.
Question 24 How does FortiGate intrusion prevention system (IPS) detect anomalous traffic patterns that do not conform to established
Correct protocol requirements and standards?
1 points out of 1
Select one:
By using protocol decoders
By analyzing Secure Sockets Layer (SSL) certificates
By decrypting network packets
By monitoring user behavior
Question 25 Which actions can you apply to application categories in the Application Control profile?
Correct
https://training.fortinet.com/mod/quiz/review.php?attempt=18468023&cmid=485066 9/15
15/3/24, 18:55 FortiGate 7.4 Operator Exam: Attempt review
Question 27 What is a scenario where automation is used in the Fortinet Security Fabric?
Correct
Question 28 Excluding the steps for tuning the sensors, what is the last step involved in configuring IPS on FortiGate?
Correct
https://training.fortinet.com/mod/quiz/review.php?attempt=18468023&cmid=485066 10/15
15/3/24, 18:55 FortiGate 7.4 Operator Exam: Attempt review
Question 29 What functionality does FortiGate provide to establish secure connections between a main office and its remote branches, over
Correct the internet?
1 points out of 1
Select one:
Firewall authentication
Monitoring and logging
Virtual private networks
Security scanning
Question 31 Why is Secure Socket Layer (SSL) inspection necessary for the intrusion prevention system (IPS) to detect threats in encrypted
Correct traffic?
1 points out of 1
Select one:
SSL inspection allows the IPS to detect and analyze encrypted threats.
The IPS engine can inspect only legacy encryption algorithms, by default.
Without SSL inspection, encrypted traffic is automatically blocked by the IPS.
SSL inspection improves network performance by bypassing encrypted traffic.
https://training.fortinet.com/mod/quiz/review.php?attempt=18468023&cmid=485066 11/15
15/3/24, 18:55 FortiGate 7.4 Operator Exam: Attempt review
Question 32 What are two activities that cybercriminals can perform using malware? (Choose two.)
Correct
Question 33 Which piece of information does FortiGate know about the user without firewall authentication?
Correct
https://training.fortinet.com/mod/quiz/review.php?attempt=18468023&cmid=485066 12/15
15/3/24, 18:55 FortiGate 7.4 Operator Exam: Attempt review
Question 35 Which two options can you use for centralized logging when you configure the Fortinet Security Fabric? (Choose two.)
Incorrect
Question 36 What are two benefits of performing regular maintenance on FortiGate firewalls? (Choose two.)
Correct
Question 37 Why is it recommended that you use user groups instead of individual user accounts in a firewall policy?
Correct
https://training.fortinet.com/mod/quiz/review.php?attempt=18468023&cmid=485066 13/15
15/3/24, 18:55 FortiGate 7.4 Operator Exam: Attempt review
Question 38 What is the key difference between Secure Sockets Layer (SSL) certificate inspection and SSL deep inspection?
Correct
https://training.fortinet.com/mod/quiz/review.php?attempt=18468023&cmid=485066 14/15
15/3/24, 18:55 FortiGate 7.4 Operator Exam: Attempt review
Question 40 Which inspection mode processes and forwards each packet, without waiting for the complete file or web page?
Correct
https://training.fortinet.com/mod/quiz/review.php?attempt=18468023&cmid=485066 15/15