• Home
  • Blogs
  • FCP_FCT_AD-7.2 Exam Questions Get Updated [2024] with Correct Answers [Q27-Q43]

FCP_FCT_AD-7.2 Exam Questions Get Updated [2024] with Correct Answers [Q27-Q43]

Share

FCP_FCT_AD-7.2 Exam Questions Get Updated [2024] with Correct Answers

Practice FCP_FCT_AD-7.2 Questions With Certification guide Q&A from Training Expert ExamPrepAway

NEW QUESTION # 27
Refer to the exhibit.

Based on the settings shown in the exhibit, which two actions must the administrator take to make the endpoint compliant? (Choose two.)

  • A. Enable the web filter profile.
  • B. Patch applications that have vulnerability rated as high or above.
  • C. Run Calculator application on the endpoint.
  • D. Integrate FortiSandbox tor infected file analysis

Answer: B,C

Explanation:
* Observation of Compliance Profile:
* The compliance profile shown in the exhibit includes rules for vulnerability severity level and running process (Calculator.exe).
* Evaluating Actions for Compliance:
* To make the endpoint compliant, the administrator needs to ensure that the vulnerability severity level is medium or higher is patched (D).
* Additionally, the Calculator.exe application must be running on the endpoint (B).
* Eliminating Incorrect Options:
* Enabling the web filter profile (A) is not related to the compliance rules shown.
* Integrating FortiSandbox (C) is not a requirement in the given compliance profile.
* Conclusion:
* The correct actions are to run the Calculator application on the endpoint (B) and patch applications with vulnerabilities rated as high or above (D).
References:
* FortiClient EMS compliance profile configuration documentation from the study guides.


NEW QUESTION # 28
What is the function of the quick scan option on FortiClient?

  • A. It allows users to select a specific file folder on their local hard disk drive (HDD), to scan for threats.
  • B. It scans programs and drivers that are currently running, for threats
  • C. It performs a full system scan including all files, executable files. DLLs, and drivers for throats.
  • D. It scans executable files. DLLs, and drivers that are currently running, for threats.

Answer: C

Explanation:
* Understanding Quick Scan Function:
* The quick scan option on FortiClient is designed to scan certain elements of the system quickly for threats.
* Evaluating Scan Scope:
* The quick scan specifically targets executable files, DLLs, and drivers that are currently running, providing a rapid assessment of the active components of the system.
* Conclusion:
* The correct answer is D, as it accurately describes the function of the quick scan option on FortiClient.
References:
* FortiClient scanning options documentation from the study guides.


NEW QUESTION # 29
Refer to the exhibit.

Based on the settings shown in the exhibit, which action will FortiClienttake when users trytoaccess www facebook com?

  • A. FortiClientwill prompt a warning message to wantthe user beforethey can access theFacebook website
  • B. FortiClientwill monitor only the user's web access to the Facebook website
  • C. FortiClientwill block access to Facebook and its subdomains.
  • D. FortiClientwill allow access to Facebook.

Answer: D

Explanation:
* Observation of Web Filter Exclusions:
* The exhibit shows a web filter exclusion for "*.facebook.com" with the action set to "Allow."
* Evaluating Actions:
* This configuration means that FortiClient will allow access to Facebook and its subdomains.
* Conclusion:
* When users try to access "www.facebook.com," FortiClient will allow the access based on the web filter exclusion settings.
References:
* FortiClient web filter configuration and exclusion documentation from the study guides.


NEW QUESTION # 30
Which security fabric component sends a notification to quarantine an endpoint after IOC detection in the automation process?

  • A. FortiClient
  • B. FortiAnalyzer
  • C. ForbClient EMS
  • D. Forti Gate

Answer: D


NEW QUESTION # 31
Refer to the exhibits.


Based on the FortiGate Security Fabric settings shown in the exhibits, what must an administrator do on the EMS server to successfully quarantine an endpoint. when it is detected as a compromised host (loC)?

  • A. The administrator must enable FQDN on EMS.
  • B. The administrator must enable remote HTTPS access to EMS.
  • C. The administrator must authorize FortiGate on FortiAnalyzer.
  • D. The administrator must enable SSH access to EMS.

Answer: B

Explanation:
Based on the FortiGate Security Fabric settings shown in the exhibits, to successfully quarantine an endpoint when it is detected as a compromised host (IOC), the following step is required:
* Enable Remote HTTPS Access to EMS:This setting allows FortiGate to communicate securely with FortiClient EMS over HTTPS. Remote HTTPS access is essential for the quarantine functionality to operate correctly, enabling the EMS server to receive and act upon the quarantine commands from FortiGate.
Therefore, the administrator must enable remote HTTPS access to EMS to allow the quarantine process to function properly.
References
* FortiGate Infrastructure 7.2 Study Guide, Security Fabric and Integration with EMS Sections
* Fortinet Documentation on Enabling Remote HTTPS Access to FortiClient EMS


NEW QUESTION # 32
ZTNA Network Topology

Refer to the exhibits, which show a network topology diagram of ZTNA proxy access and the ZTNA rule configuration.
An administrator runs the diagnose endpoint record list CLI command on FortiGate to check Remote-Client endpoint information, however Remote-Client is not showing up in the endpoint record list.
What is the cause of this issue?

  • A. Remote-Client failed the client certificate authentication.
  • B. Remote-Client has not initiated a connection to the ZTNA access proxy.
  • C. Remote-Client provided an empty client certificate to connect to the ZTNA access proxy.
  • D. Remote-Client provided an invalid certificate to connect to the ZTNA access proxy.

Answer: A


NEW QUESTION # 33
Refer to the exhibit, which shows the output of the ZTNA traffic log on FortiGate.

What can you conclude from the log message?

  • A. The remote user connection does not match the ZTNA rule configuration.
  • B. The remote user connection does not match the ZTNA server configuration.
  • C. The remote user connection does not match the ZTNA firewall policy.
  • D. The remote user connection does not match the local-in policy.

Answer: A

Explanation:
Observation of ZTNA Traffic Log:
The log message indicates that the remote user connection was denied due to failure to match a proxy policy.
Evaluating Log Message:
The message suggests that the connection does not match the existing ZTNA rule configuration, leading to the denial.
Conclusion:
The correct conclusion from the log message is that the remote user connection does not match the ZTNA rule configuration (B).
Reference:
ZTNA traffic log analysis and configuration documentation from the study guides.


NEW QUESTION # 34
Which two statements about ZTNA destinations are true? (Choose two.)

  • A. FortiCIient ZTNA destination authentication is enabled by default.
  • B. FottiClient ZTNA destinations use an existing VPN tunnel to create a secure connection.
  • C. FortiClient ZTNA destinations do not support a wildcard FQDN.
  • D. FortiClient ZTNA destinations provides access through TCP forwarding.
  • E. FortiClient ZTNA destination encryption is disabled by default.

Answer: C,E


NEW QUESTION # 35
Refer to the exhibit.

Based on the settings shown in the exhibit which statement about FortiClient behavior is true?

  • A. FortiClient blocks and deletes infected files after scanning them.
  • B. FortiClient quarantines infected files and reviews later, after scanning them.
  • C. FortiClient copies infected files to the Resources folder without scanning them.
  • D. FortiClient scans infected files when the user copies files to the Resources folder

Answer: B

Explanation:
Action On Virus Discovery Warn the User If a Process Attempts to Access Infected Files Quarantine Infected Files. You can use FortiClient to view, restore, or delete the quarantined file, as well as view the virus name, submit the file to FortiGuard, and view logs. Deny Access to Infected Files Ignore Infected Files


NEW QUESTION # 36
An administrator configures ZTNA configuration on theFortiGate. Which statement is true about the firewall policy?

  • A. It redirects the client request to the access proxy.
  • B. It defines ZTNA server.
  • C. It uses the access proxy.
  • D. It only uses ZTNA tags to control access for endpoints.

Answer: A

Explanation:
"The firewall policy matches and redirects client requests to the access proxy VIP"https://docs.fortinet.com/document/fortigate/7.0.0/new-features/194961/basic-ztna-configuration


NEW QUESTION # 37
Refer to the exhibit.

Based on the Security Fabric automation settings, what action will be taken on compromised endpoints?

  • A. Endpoints will be quarantined through FortiSwitch
  • B. Endpoints will be banned on FortiGate
  • C. Endpoints will be quarantined through EMS
  • D. An email notification will be sent for compromised endpoints

Answer: C

Explanation:
Based on the Security Fabric automation settings shown in the exhibit:
The automation stitch is configured with a trigger for a "Compromised Host." The action specified for this trigger is "Quarantine FortiClient via EMS." This indicates that when an endpoint is detected as compromised, FortiClient EMS will quarantine the endpoint as part of the automation process.
Therefore, the action taken on compromised endpoints will be to quarantine them through EMS.
Reference
FortiGate Security 7.2 Study Guide, Automation Stitches and Actions Section Fortinet Documentation on Configuring Automation Stitches and Quarantine Actions


NEW QUESTION # 38
Which three features does FortiClient endpoint security include? (Choose three.)

  • A. L2TP
  • B. DLP
  • C. Vulnerability management
  • D. Real-lime protection
  • E. lPsec

Answer: C,D,E

Explanation:
Understanding FortiClient Features:
FortiClient endpoint security includes several features aimed at protecting and managing endpoints.
Evaluating Feature Set:
Vulnerability management is a key feature of FortiClient, helping to identify and address vulnerabilities (B).
IPsec is supported for secure VPN connections (D).
Real-time protection is crucial for detecting and preventing threats in real-time (E).
Eliminating Incorrect Options:
Data Loss Prevention (DLP) (A) is typically managed by FortiGate or FortiMail.
L2TP (C) is a protocol used for VPNs but is not specifically a feature of FortiClient endpoint security.
Reference:
FortiClient endpoint security features documentation from the study guides.


NEW QUESTION # 39
Refer to the exhibit, which shows the Zero Trust Tagging Rule Set configuration.

Which two statements about the rule set are true? (Choose two.)

  • A. The endpoint must satisfy that only Windows Server 2012 R2 is running.
  • B. The endpoint must satisfy that only AV software is installed and running.
  • C. The endpoint must satisfy that antivirus is installed and running and Windows 10 is running.
  • D. The endpoint must satisfy that only Windows 10 is running.

Answer: A,C

Explanation:
Based on the Zero Trust Tagging Rule Set configuration shown in the exhibit:
The rule set includes two conditions:
AV Software is installed and running
OS Version is Windows Server 2012 R2 or Windows 10
The Rule Logic is specified as "(1 and 3) or 2," meaning:
The endpoint must have antivirus software installed and running and must be running Windows 10.
Alternatively, the endpoint must be running Windows Server 2012 R2.
Therefore, the endpoint must satisfy either:
Antivirus is installed and running and Windows 10 is running.
Windows Server 2012 R2 is running.
Reference
FortiClient EMS 7.2 Study Guide, Zero Trust Tagging Rule Set Configuration Section Fortinet Documentation on Configuring Zero Trust Tagging Rules and Logic


NEW QUESTION # 40
When site categories are disabled in FortiClient web filter, which feature can be used to protect the endpoint from malicious web access?

  • A. Real-time protection list
  • B. FortiSandbox URL list
  • C. Block malicious websites on antivirus
  • D. Web exclusion list

Answer: D

Explanation:
Web Filter Functionality:
When site categories are disabled in the FortiClient web filter, the endpoint still requires protection from malicious web access.
Alternative Protection Features:
The web exclusion list can be used to manage and block specific URLs that are known to be malicious, providing a way to control and secure web access even without site categories being enabled.
Conclusion:
The correct feature that can be used to protect the endpoint in this scenario is the web exclusion list (D).
Reference:
FortiClient web filter configuration and features from the study guides.


NEW QUESTION # 41
Refer to the exhibit.

Based on The settings shown in The exhibit, which statement about FortiClient behaviour is Hue?

  • A. FortiClient blocks and deletes infected files after scanning them.
  • B. FortiClient scans infected files when the user copies files to the Resources folder.
  • C. FortiClient quarantines infected ties and reviews later, after scanning them.
  • D. FortiClient copies infected files to the Resources folder without scanning them.

Answer: B

Explanation:
Based on the settings shown in the exhibit, FortiClient is configured to scan files as they are downloaded or copied to the system. This means that if a user copies files to the "Resources" folder, which is not listed under exclusions, FortiClient will scan these files for infections. The exclusion path mentioned in the settings, "C:\Users\Administrator\Desktop\Resources", indicates that any files copied to this specific folder will not be scanned, but since the question implies that the "Resources" folder is not the same as the excluded path, FortiClient will indeed scan the files for infections.


NEW QUESTION # 42
Refer to the exhibit, which shows the endpoint summary information on FortiClient EMS.

What two conclusions can you make based on the Remote-Client status shown above? (Choose two.)

  • A. The endpoint is currently off-net.
  • B. The endpoint is classified as at risk.
  • C. The endpoint has been assigned the Default endpoint policy.
  • D. The endpoint is configured to support FortiSandbox.

Answer: A,C

Explanation:
Based on the Remote-Client status shown in the exhibit:
* Endpoint Policy:The "Policy" field shows "Default," indicating that the endpoint has been assigned the Default endpoint policy.
* Connection Status:The "Location" field shows "Off-Fabric," meaning that the endpoint is currently off the corporate network (off-net).
Therefore, the two conclusions that can be made are:
* The endpoint has been assigned the Default endpoint policy.
* The endpoint is currently off-net.
References
* FortiClient EMS 7.2 Study Guide, Endpoint Summary Information Section
* Fortinet Documentation on Endpoint Policies and Status Indicators


NEW QUESTION # 43
......

Prepare Top Fortinet FCP_FCT_AD-7.2 Exam Audio Study Guide Practice Questions Edition: https://skillmeup.examprepaway.com/Fortinet/braindumps.FCP_FCT_AD-7.2.ete.file.html

Related Blogs

more
Fortinet FCP_FCT_AD-7.2 Certification Practice Exam