Free FCSS – Enterprise Firewall 7.4 Administrator Exam FCSS_EFW_AD-7.4 Exam Practice Test

An administrator received a FortiAnalyzer alert that a 1 ТВ disk filled up in a day. Upon investigation, they found thousands of unusual DNS log requests, such as JHCMQK.website.com, with no answers. They later discovered that DNS exfiltration was occurring through both UDP and TLS.How can the administrator prevent this data theft technique?

• Create an inline-CASB to protect against DNS exfiltration.
• Configure a File Filter profile to prevent DNS exfiltration.
• Enable DNS Filter to protect against DNS exfiltration.
• Use an IPS profile and DNS exfiltration-related signatures.

An administrator must enable direct communication between multiple spokes in a company's network. Each spoke has more than one internet connection.The requirement is for the spokes to connect directly without passing through the hub, and for the links to automatically switch to the best available connection.How can this automatic detection and optimal link utilization between spokes be achieved?

• Set up OSPF routing over static VPN tunnels between spokes.
• Utilize ADVPN 2.0 to facilitate dynamic direct tunnels and automatic link optimization.
• Establish static VPN tunnels between spokes with predefined backup routes.
• Implement SD-WAN policies at the hub to manage spoke link quality.

An administrator applied a block-all IPS profile for client and server targets to secure the server, but the database team reported the application stopped working immediately after.How can an administrator apply IPS in a way that ensures it does not disrupt existing applications in the network?

• Use an IPS profile with all signatures in monitor mode and verify patterns before blocking.
• Limit the IPS profile to server targets only to avoid blocking connections from the server to clients.
• Select flow mode in the IPS profile to accurately analyze application patterns.
• Set the IPS profile signature action to default to discard all possible false positives.

An administrator needs to install an IPS profile without triggering false positives that can impact applications and cause problems with the user's normal traffic flow.Which action can the administrator take to prevent false positives on IPS analysis?

• Use the IPS profile extension to select an operating system, protocol, and application for all the network internal services and users to prevent false positives.
• Enable Scan Outgoing Connections to avoid clicking suspicious links or attachments that can deliver botnet malware and create false positives.
• Use an IPS profile with action monitor, however, the administrator must be aware that this can compromise network integrity.
• Install missing or expired SSUTLS certificates on the client PC to prevent expected false positives.

An administrator configured the FortiGate devices in an enterprise network to join the FortinetSecurity Fabric. The administrator has a list of IP addresses that must be blocked by the data center firewall. This list is updated daily.How can the administrator automate a firewall policy with the daily updated list?

• With FortiNAC
• With FortiAnalyzer
• With a Security Fabric automation
• With an external connector from Threat Feeds

A user reports that their computer was infected with malware after accessing a secured HTTPS website. However, when the administrator checks the FortiGate logs, they do not see that the website was detected as insecure despite having an SSL certificate and correct profiles applied on the policy.How can an administrator ensure that FortiGate can analyze encrypted HTTPS traffic on a website?

• The administrator must enable reputable websites to allow only SSL/TLS websites rated by FortiGuard web filter.
• The administrator must enable URL extraction from SNI on the SSL certificate inspection to ensure the TLS three-way handshake is correctly analyzed by FortiGate.
• The administrator must enable DNS over TLS to protect against fake Server Name Indication (SNI) that cannot be analyzed in common DNS requests on HTTPS websites.
• The administrator must enable full SSL inspection in the SSL/SSH Inspection Profile to decrypt packets and ensure they are analyzed as expected.

An administrator is setting up an ADVPN configuration and wants to ensure that peer IDs are not exposed during VPN establishment.Which protocol can the administrator use to enhance security?

• Use IKEv2, which encrypts peer IDs and prevents exposure.
• Opt for SSL VPN web mode because it does not use peer IDs at all.
• Choose IKEv1 aggressive mode because it simplifies peer identification.
• Stick with IKEv1 main mode because it offers better performance.

What does the command set forward-domain <domain_ID> in a transparent VDOM interface do?

• It configures the interface to prioritize traffic based on the domain ID, enhancing quality of service for specified VLANs.
• It isolates traffic within a specific VLAN by assigning a broadcast domain to an interface based on the VLAN ID.
• It restricts the interface to managing traffic only from the specified VLAN, effectively segregating network traffic.
• It assigns a unique domain ID to the interface, allowing it to operate across multiple VLANs within the same VDOM.

Which two statements about IKEv2 are true if an administrator decides to implement IKEv2 in the VPN topology? (Choose two.)

• It includes stronger Diffie-Hellman (DH) groups, such as Elliptic Curve (ECP) groups.
• It supports interoperability with devices using IKEv1.
• It exchanges a minimum of two messages to establish a secure tunnel.
• It supports the extensible authentication protocol (EAP).

A company's users on an IPsec VPN between FortiGate A and B have experienced intermittent issues since implementing VXLAN. The administrator suspects that packets exceeding the 1500-byte default MTU are causing the problems.In which situation would adjusting the interface’s maximum MTU value help resolve issues caused by protocols that add extra headers to IP packets?

• Adjust the MTU on interfaces only if FortiGate has the FortiGuard enterprise bundle, which allows MTU modification.
• Adjust the MTU on interfaces in all FortiGate devices that support the latest family of Fortinet SPUs: NP7, CP9 and SP5.
• Adjust the MTU on interfaces in controlled environments where all devices along the path allow MTU interface changes.
• Adjust the MTU on interfaces only in wired connections like PPPoE, optic fiber, and ethernet cable.