FCP_FGT_AD-7.4 Exam Details

  • Exam Code
    :FCP_FGT_AD-7.4
  • Exam Name
    :FCP - FortiGate 7.4 Administrator
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :89 Q&As
  • Last Updated
    :Jul 12, 2026

Fortinet FCP_FGT_AD-7.4 Online Questions & Answers

  • Question 1:

    A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy.

    When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the and does not block the file allowing it to be downloaded.

    The administrator confirms that the traffic matches the configured firewall policy.

    What are two reasons for the failed virus detection by FortiGate? (Choose two.)

    A. The selected SSL inspection profile has certificate inspection enabled
    B. The browser does not trust the FortiGate self-siqned CA certificate
    C. The EICAR test file exceeds the protocol options oversize limit
    D. The website is exempted from SSL inspection

  • Question 2:

    A network administrator has enabled full SSL inspection and web filtering on FortiGate. When visiting any HTTPS websites, the browser reports certificate warning errors. When visiting HTTP websites, the browser does not report errors. What is the reason for the certificate warning errors?

    A. The option invalid SSL certificates is set to allow on the SSL/SSH inspection profile
    B. The browser does not trust the certificate used by FortiGate for SSL inspection
    C. The certificate used by FortiGate for SSL inspection does not contain the required certificate extensions.
    D. The matching firewall policy is set to proxy inspection mode

  • Question 3:

    Refer to the exhibit.

    The NOC team connects to the FortiGate GUI with theNOC_Accessadmin profile. They request that their GUI sessions do not disconnect too early during inactivity. What must the administrator configure to answer this specific request from the NOC team?

    A. Enable the parameter Never Timeout in the admin profiles
    B. Increase theadmintimeoutvalue underconfig system accprofile super_admin.
    C. Increase the admintimeout value under config system global
    D. Increase the offline value of the Override idle Timeout parameter in the NOC_Access admin profile

  • Question 4:

    Which two statements about equal-cost multi-path (ECMP) configuration on FortiGate are true? (Choose two.)

    A. If SD-WAN is enabled, you control the load balancing algorithm with the parameter load- balance-mode.
    B. If SD-WAN is disabled, you can configure the parameter v4-ecmp-mode to volume- based.
    C. If SD-WAN is enabled, you can configure routes with unequal distance and priority values to be part of ECMP
    D. If SD-WAN is disabled, you configure the load balancing algorithm in config system settings.

  • Question 5:

    Which two statements are true regarding FortiGate HA configuration synchronization? (Choose two.)

    A. Checksums of devices are compared against each other to ensure configurations are the same.
    B. Incremental configuration synchronization can occur only from changes made on the primary FortiGate device.
    C. Incremental configuration synchronization can occur from changes made on any FortiGate device within the HA cluster
    D. Checksums of devices will be different from each other because some configuration items are not synced to other HA members.

  • Question 6:

    Refer to the exhibit.

    Why did FortiGate drop the packet?

    A. 11 matched an explicitly configured firewall policy with the action DENY
    B. It failed the RPF check.
    C. The next-hop IP address is unreachable.
    D. It matched the default implicit firewall policy

  • Question 7:

    Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI.

    Based on the exhibit, which statement is true?

    A. The underlay zone contains port1 and
    B. The d-wan zone contains no member.
    C. The d-wan zone cannot be deleted.
    D. The virtual-wan-link zone contains no member.

  • Question 8:

    Which two pieces of information are synchronized between FortiGate HA members? (Choose two.)

    A. OSPF adjacencies
    B. IPsec security associations
    C. BGP peerings
    D. DHCP leases

  • Question 9:

    Refer to the exhibits.

    An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW). What must the administrator do to synchronize the address object?

    A. Change the csf setting on Local-FortiGate (root) to sec fabric-object-unification default.
    B. Change the csf setting on both devices to sec downscream-access enable.
    C. Change the csf setting on ISFW (downstream) to sec auchorizacion-requesc-cype certificace.
    D. Change the csf setting on ISFW (downstream) to sec configuration-sync local.

  • Question 10:

    Which statement is correct regarding the use of application control for inspecting web applications?

    A. Application control can identify child and parent applications, and perform different actions on them
    B. Application control signatures are included in Fortinet Antivirus engine
    C. Application control does not display a replacement message for a blocked web application
    D. Application control does not require SSL Inspection to Identity web applications

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your FCP_FGT_AD-7.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.