1. Home
  2. Fortinet
  3. FCP_FGT_AD-7.4

Fortinet FCP_FGT_AD-7.4 Online Practice Questions and Exam Preparation

FCP_FGT_AD-7.4 Exam Details

  • Exam Code
    :FCP_FGT_AD-7.4
  • Exam Name
    :FCP - FortiGate 7.4 Administrator
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :89 Q&As
  • Last Updated
    :Jan 18, 2026

Fortinet FCP_FGT_AD-7.4 Online Questions & Answers

  • Question 1:

    Which three statements about SD-WAN zones are true? (Choose three.)

    A. An SD-WAN zone can contain physical and logical interfaces
    B. You can use an SD-WAN zone in static route definitions
    C. You can define up to three SD-WAN zones per FortiGate device
    D. An SD-WAN zone must contains at least two members
    E. An SD-WAN zone is a logical grouping of members

  • Question 2:

    Refer to the exhibit.

    Which statement about this firewall policy list is true?

    A. The Implicit group can include more than one deny firewall policy.
    B. The firewall policies are listed by ID sequence view.
    C. The firewall policies are listed by ingress and egress interfaces pairing view.
    D. LAN to WAN. WAN to LAN. and Implicit are sequence grouping view lists.

  • Question 3:

    Which statement is a characteristic of automation stitches?

    A. They can be run only on devices in the Security Fabric.
    B. They can be created only on downstream devices in the fabric.
    C. They can have one or more triggers.
    D. They can run multiple actions at the same time.

  • Question 4:

    Refer to the exhibit.

    FortiGate has two separate firewall policies for Sales and Engineering to access the same web server with the same security profiles. Which action must the administrator perform to consolidate the two policies into one?

    A. Enable Multiple Interface Policies to select port1 and port2 in the same firewall policy
    B. Create an Interface Group that includes port1 and port2 to create a single firewall policy
    C. Select port1 and port2 subnets in a single firewall policy.
    D. Replace port1 and port2 with the any interface in a single firewall policy.

  • Question 5:

    A network administrator is configuring an IPsec VPN tunnel for a sales employee travelling abroad. Which IPsec Wizard template must the administrator apply?

    A. Remote Access
    B. Site to Site
    C. Dial up User
    D. iHub-and-Spoke

  • Question 6:

    Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

    A. The NetSessionEnum function is used to track user logouts.
    B. NetAPI polling can increase bandwidth usage in large networks.
    C. The collector agent must search Windows application event logs.
    D. The collector agent uses a Windows API to query DCs for user logins.

  • Question 7:

    Refer to the exhibits.

    The exhibits show a diagram of a FortiGate device connected to the network, VIP configuration, firewall policy. and the sniffer CLI output on the FortiGate device.

    The WAN (port1) interface has the IP address 10.200.1.1 /24.

    The LAN (port3) interface has the IP address 10.0.1.254/24.

    The webserver host (10. 0.1. 10) must use its VIP external IP address as the source NAT (SNAT) when It pings remote server (10.200.3.1).

    Which two statements are valid to achieve this goal? (Choose two.)

    A. Enable NAT on the Allow_access firewall policy.
    B. Create a new firewall policy before lnternet_Access for the webserver and apply the IP pool.
    C. Disable NAT on the lnternet_Access firewall policy.
    D. Disable port forwarding on the VIP object.

  • Question 8:

    Refer to the exhibit.

    A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up. Based on the phase 2 configuration shown in the exhibit, which two configuration changes will bring phase 2 up? (Choose two.)

    A. On Remote-FortiGate, set Seconds to 43200.
    B. On HQ-FortiGate, enable Diffie-Hellman Group 2.
    C. On HQ-FortiGate, set Encryption to AES256.
    D. On Remote-FortiGate, set Remote Address to 10.0.1.0/255.255.255.0.

  • Question 9:

    A FortiGate administrator is required to reduce the attack surface on the SSL VPN portal. Which SSL timer can you use to mitigate a denial of service (DoS) attack?

    A. SSL VPN dcls-hello-timeout
    B. SSL VPN http-request-header-timeout
    C. SSL VPN login-timeout
    D. SSL VPN idle-timeout

  • Question 10:

    The HTTP inspection process in web filtering follows a specific order when multiple features are enabled in the web filter profile. Which order must FortiGate use when the web filter profile has features such as safe search enabled?

    A. FortiGuard category filter and rating filter
    B. Static domain filter, SSL inspection filter, and external connectors filters
    C. DNS-based web filter and proxy-based web filter
    D. Static URL filter, FortiGuard category filter, and advanced filters

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your FCP_FGT_AD-7.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.