FCSS_EFW_AD-7.4 무료 덤프문제 온라인 액세스

Which two statements about the Security Fabric are true? (Choose two.)

• A.Each member of the Security Fabric maintains the shared Security Fabric map.
• B.Each FortiGate device in the Security Fabric must have bidirectional FortiTelemetry connectivity.
• C.Only FortiGate devices with configuration-sync sel to Local receive and synchronize the global CMDB objects that the root FortiGate sends.
• D.Only the root FortiGate collects network topology information and forwards it to FortiAnalyzer.
• E.FortiGate uses the FortiTelemetry protocol to communicate with FortiAnalyzer.

An administrator is configuring application control with FortiGate running in next-generation firewall (NGFW) policy-based mode.
Which two actions must the administrator take? (Choose two.)

• A.Create an application control profile and apply the profile to a firewall policy.
• B.Specify an SSLISSH inspection profile on a consolidated policy.
• C.Configure central source network address translation (SNAT), if NAT is required.
• D.Configure the action as quarantine, if an application requires feedback to prevent instability.

Refer to the exhibit, which shows a partial routing table.

What two conclusions can you draw from the FortiGate output shown in the exhibit? (Choose two.)

• A.net-device is disabled in the tunnel IPSec phase 1 configuration.
• B.FortiGate is not using the destination subnets of the quick mode selectors to populate the routing table.
• C.FortiGate creates separate virtual interfaces for each VPN client.
• D.add-route is enabled in the tunnel IPSec phase 1 configuration.

Refer to the exhibit, which shows the HA status of an active-passive cluster.

An administrator wants FortiGate_B to handle the Core2 VDOM traffic.
Which modification must the administrator apply to achieve this?

• A.The administrator must change the load balancing method on FortiGate_B.
• B.The administrator must change the priority from 128 to 200 for FortiGate_B.
• C.The administrator must change the priority from 100 to 160 for FortiGate_B.
• D.The administrator must disable override on FortiGate_A.

Refer to the exhibit, which shows a physical topology and a traffic log.

The administrator is checking on FortiAnalyzer traffic from the device with IP address 10.1.10.1, located behind the FortiGate ISFW device.
The firewall policy in on the ISFW device does not have UTM enabled and the administrator is surprised to see a log with the action Malware, as shown in the exhibit.
What are the two reasons FortiAnalyzer would display this log? (Choose two.)

• A.The firewall policy in NGFW-1 has UTM enabled.
• B.ISFW is in a Security Fabric environment.
• C.Security rating is enabled in ISFW.
• D.ISFW is not connected to FortiAnalyzer and must go through NGFW-1.