[Certification]/[FCA] Fortinet Certified Associate

[FCA] FortiGate 7.4 Operator Exam - Question & Answer

starterr 2024. 5. 27. 14:44

Q. In addition to central processing unit (CPU) and memory usage, what are two other key performance parameters you should monitor on FortiGate? (Choose two.)
Select one or more:

- Number of days for licenses to expire
- Number of active VPN tunnels
- Number of SSL sessions
- Number of local users and user groups

Q. Which inspection mode processes and forwards each packet, without waiting for the complete file or web page?
Select one:

- Stateful inspection
- Application-level inspection
- Flow-based inspection
- Proxy-based inspection

Q. What are some of the features provided by IPSec VPNs?
Select one:

- Data encryption and load balancing
- Network segmentation and packet inspection
- Data authentication and data integrity
- Bandwidth optimization and antireplay protection

Q. Excluding the steps for tuning the sensors, what is the last step involved in configuring IPS on FortiGate?
Select one:

- Applying the sensor to a firewall policy
- Blocking malicious URLs and botnet command-and-control (C&C) traffic
- Enabling SSL inspection for the traffic of interest
- Editing the sensor's signature and filters

Q. When is remote authentication preferred over local authentication?
Select one:

- When multiple FortiGate devices need to authenticate the same users or user groups
- When FortiGate needs to give lower priority to the traffic from local user accounts
- When FortiGate does not support local user accounts
- When the network does not have an available authentication server

Q. What are the three key categories of services provided by FortiGuard Labs?
Select one:

- Artificial intelligence, real-time threat protection, and outbreak alerts
- Threat hunting, intrusion detection, and firewall management
- Data encryption, network segmentation, and access control
- Machine learning, antivirus, and network monitoring

Q. What is the purpose of creating a firewall address object?
Select one:

- To enable web filtering for a specific address
- To specify the source and destination interfaces
- To define the action for a firewall policy
- To match the source or destination IP subnet

Q. Which two items should you configure as the source of a firewall policy, to allow all internal users in a small office to access the internet? (Choose two.)
Select one or more:

- Security profiles
- Users or user groups
- Application signatures
- The IP subnet of the LAN

Q. How does the FortiGate intrusion prevention system (IPS) use signatures to detect malicious traffic?
Select one:

- By blocking all network traffic
- By monitoring user activity on websites
- By decrypting Secure Sockets Layer (SSL)-encrypted traffic
- By comparing network packets to known threats


Q. Which piece of information does FortiGate know about the user without firewall authentication?
Select one:

- The originating domain name
- The user login name
- The source IP address
- The application being used

Q. What is the recommended process to configure FortiGate for remote authentication for user identification?
Select one:

- Create a user group and configure a firewall policy with the group as the source.
- Create a user account, configure a firewall policy with the user account as the source, and verify the configuration using logs.
- Create a user group, map authenticated remote users to the group, and configure a firewall policy with the user group as the source.
- Connect FortiGate to a remote authentication server and configure its IP addresses as the source.

Q. What are two reasons why organizations and individuals use web filtering? (Choose two.)
Select one or more:

- To enhance their users’ experience
- To preserve employee productivity
- To prevent network congestion
- To increase network bandwidth

Q. What causes a web browser to display a certificate warning when using Secure Sockets Layer (SSL) deep inspection with the FortiGate CA certificate?
Select one:

- FortiGate is unable to decrypt the SSL-encrypted traffic.
- The temporary certificate makes FortiGate behave like a man-in-the-middle (MITM) attack.
- The browser does not support SSL deep inspection.
- FortiGate is using a CA that is not trusted by the web browser.

Q. How does FortiGate handle blocked websites in web filtering using FortiGuard category filters?
Select one:

- Users are allowed to access the website, but their activity is recorded in the FortiGate logs.
- Users are redirected to a replacement message indicating the website is blocked.
- Users are prompted to provide a valid username and password for access.
- Users receive a warning message but can choose to continue accessing the website.

Q. How does FortiGate application control address evasion techniques used by peer-to-peer protocols?
Select one:

- By examining a URL block list
- By monitoring traffic for known patterns
- By allowing traffic from only well-known ports.
- By analyzing flow-based inspection

Q. You need to examine the logs related to local users watching YouTube videos. Where can you find those logs?
Select one:

- Log and Report > Security Events > Application Control
- Log and Report > Security Events > Antivirus
- Log and Report > Security Events > WebFilter
- Log and Report > Security Events > Intrusion Prevention

Q. Which condition could prevent a configured route from being added to the FortiGate routing table?
Select one:

- The presence of a better route for the same destination
- The DHCP server associated with the route being disabled
- The absence of administrative access protocols on the interface
- The incorrect distance being set for the default gateway IP address

Q. When configuring a static route on FortiGate, what does the destination represent?
Select one:

- The IP address of the remote DNS server
- The local interface on FortiGate for the outgoing traffic
- The IP address of the next-hop router
- The network or host to which traffic will be forwarded

Q. Why is it important to back up FortiGate system configurations regularly?
Select one:

- To save time and effort in case of a hardware failure
- To ensure optimal performance of FortiGate
- To prevent unexpected configuration changes
- To avoid errors while upgrading FortiOS

반응형

Q. How does FortiGate intrusion prevention system (IPS) detect anomalous traffic patterns that do not conform to established protocol requirements and standards?
Select one:

- By monitoring user behavior
- By decrypting network packets
- By using protocol decoders
- By analyzing Secure Sockets Layer (SSL) certificates

Q. Which protocol is used for the authentication and encryption of the data in an IPSec VPN implementation?
Select one:

- Encapsulation Security Payload (ESP)
- Advanced Encryption Standard (AES)
- Transport Layer Security (TLS)
- Secure Hash Algorithm (SHA)

Q. Why is Secure Socket Layer (SSL) inspection necessary for the intrusion prevention system (IPS) to detect threats in encrypted traffic?
Select one:

- SSL inspection allows the IPS to detect and analyze encrypted threats.
- The IPS engine can inspect only legacy encryption algorithms, by default.
- SSL inspection improves network performance by bypassing encrypted traffic.
- Without SSL inspection, encrypted traffic is automatically blocked by the IPS.

Q. What is a scenario where automation is used in the Fortinet Security Fabric?
Select one:

- Automatically quarantining a computer with malicious activity
- Generating weekly reports for management review
- Monitoring disk space utilization on FortiAnalyzer
- Assigning security ratings to newly added devices

Q. Which two settings are included in a Dynamic Host Configuration Protocol (DHCP) server configuration on FortiGate? (Choose two.)
Select one or more:

- Default gateway
- Subnet object
- Interface Alias
- Address range

반응형


Q. Which action can you take to improve the security rating provided by the Fortinet Security Fabric?
Select one:

- Run the integrity check on all end devices.
- Apply one or more of the suggested best practices.
- Create a configuration revision or back up the configuration.
- Upgrade FortiGate to the latest mature version available.

Q. Which two steps are involved in configuring web filtering based on FortiGuard category filters? (Choose two.)
Select one or more:

- Identify the specific websites to be blocked or allowed.
- Apply the web filter security profile to the appropriate firewall policy.
- Upgrade FortiOS to obtain the latest database from FortiGuard.
- Create a web filtering security profile using FortiGuard category-based filters.

Q. Which inspection mode examines traffic as a whole before determining an action?
Select one:

- Application-level inspection
- Flow-based inspection
- Stateful inspection
- Proxy-based inspection

Q. What is grayware?
Select one:

- Malicious files sent to the sandbox for inspection
- New and unknown malware variants
- Unsolicited programs installed without user consent
- Known malware with existing signatures

Q. What is a characteristic of a firewall policy used to allow the traffic from Secure Socket Layer Virtual Private Network (SSL VPN) connections?
Select one:

- It defines the port number used for the SSL VPN portal.
- It encapsulates the traffic using the VPN settings configured.
- It assigns SSL certificates to user groups trying to connect.
- It uses a virtual tunnel interface in the source field.

Q. What is the purpose of the FortiGuard Labs signature database?
Select one:

- To keep FortiGate firewalls protected against the latest malware variants
- To give FortiGate firewalls the ability to track network traffic and usage patterns
- To identify and correct vulnerabilities in FortiGate firewalls
- To provide secure configuration templates to FortiGate firewalls

Q. What is the purpose of firewall policies on FortiGate?
Select one:

- To monitor network traffic
- To encrypt network traffic
- To control network traffic
- To block all incoming traffic

Q. What is a recommended best practice when configuring Secure Socket Layer Virtual Private Network (SSL VPN)?
Select one:

- Import the self-signed SSL certificate.
- Allow connections from all locations.
- Use local users for authentication.
- Use the principle of least privilege.

Q. What protocol is used to dynamically create IPSec VPN tunnels?
Select one:

- Point-to-Point Tunneling Protocol (PPTP)
- Generic Route Encapsulation (GRE)
- Layer 2 Tunneling Protocol (L2TP)
- Internet Key Exchange Version 2 (IKEv2)

Q. Which two options can you use for centralized logging when you configure the Fortinet Security Fabric? (Choose two.)
Select one or more:

- FortiSOAR
- Syslog server
- FortiGate Cloud
- FortiAnalyzer

Q. Which scan technique detects known malware by matching signatures in the FortiGuard Labs database?
Select one:

- Antivirus scan
- Behavioral analysis scan
- Machine learning (ML)/artificial intelligence (AI) scan
- Grayware scan

Q. What is the key difference between Secure Sockets Layer (SSL) certificate inspection and SSL deep inspection?
Select one:

- SSL certificate inspection requires a trusted certificate authority (CA), while SSL deep inspection uses the FortiGate CA certificate.
- SSL certificate inspection applies to only HTTPS traffic, while SSL deep inspection applies to multiple SSL-encrypted protocols.
- SSL certificate inspection introduces certificate errors, while SSL deep inspection prevents certificate warnings.
- SSL certificate inspection decrypts and inspects encrypted content, while SSL deep inspection verifies the identity of the web server.

Q. What are two activities that cybercriminals can perform using malware? (Choose two.)
Select one or more:

- Damage physical ports
- Extort money
- Steal intellectual property
- Trigger a high availability (HA) failover

반응형

Q. What functionality does FortiGate provide to establish secure connections between a main office and its remote branches, over the internet?
Select one:

- Firewall authentication
- Monitoring and logging
- Security scanning
- Virtual private networks

Q. Which two protocols can you use for administrative access on a FortiGate interface?
Select one:

- Simple Mail Transfer Protocol (SMTP) and Secure Sockets Layer (SSL)
- Hypertext Transfer Protocol Secure (HTTPS) and Secure Shell (SSH)
- Remote Desktop Protocol (RDP) and Hypertext Transfer Protocol (HTTP)
- Telnet and Simple Network Management Protocol (SNMP)

Q. Why is the order of firewall policies important?
Select one:

- To ensure that the security traffic is logged before the normal traffic
- To allow for a faster processing of high priority traffic
- To ensure more granular policies are checked and applied before more general policies
- To avoid conflicts with other policies in the table with similar parameters

Q. What are two consequences of allowing a FortiGate license to expire? (Choose two.)
Select one or more:

- Reduced FortiGate performance and increased vulnerability to security threats
- Loss of access to software updates and technical support
- Inability to monitor system logs and generate network reports
- Disruption of network services and potential legal issues

Q. When configuring antivirus scanning on a firewall policy, which antivirus item should you select?
Select one:

- Antivirus profile
- Antivirus schedule
- Antivirus exclusion list
- Antivirus engine version

Q. Which actions can you apply to application categories in the Application Control profile?
Select one:

- Authenticate, log, encrypt, or back up
- Monitor, optimize, redirect, or shape
- Monitor, allow, block, or quarantine
- Allow, encrypt, compress, or redirect

Q. When upgrading the FortiGate firmware, why is it important to follow the recommended upgrade path?
Select one:

- It ensures the compatibility and stability of the device.
- It provides access to new major features.
- It minimizes the need for configuration backups.
- It guarantees a faster upgrade process.

Q. What are two reasons why FortiGate Secure Socket Layer Virtual Private Network (SSL VPN) is considered cost-effective compared to other vendors? (Choose two.)
Select one or more:

- Because it supports a limited number of third-party applications.
- Because it does not require an additional license.
- Because the number of remote users is determined by the model.
- Because it provides full network access to remote users.

Q. To avoid certificate errors, which field settings must be included in a Secure Sockets Layer (SSL) certificate issued by a certificate authority (CA)?
Select one:

- basicConstraints: CA:TRUE and keyUsage: keyCertSign
- subjectAltName: DNS:*.example.com and extendedKeyUsage: serverAuth
- issuer: C=US, O=Fortinet, CN=Verisign
- signatureAlgorithm: SHA256withRSA and validityPeriod: 365 days

Q. What is the main advantage of using Secure Socket Layer Virtual Private Network (SSL VPN) in web mode?
Select one:

- No need to install client software
- Support for a wide range of applications and protocols
- Ability to perform client integrity checks
- Access to all network resources for remote users

Q. What is the potential security risk associated with Hypertext Transfer Protocol Secure (HTTPS)?
Select one:

- Certificate errors during SSL handshake
- Increased network latency
- Incompatibility with certain web browsers
- Encrypted malicious traffic

Q. How do you configure an internet service as the destination in a firewall policy?
Select one:

- Specify the MAC address of the service.
- Choose the IP subnet of the service.
- Configure the service with a virtual IP.
- Select the service from the ISDB.

Q. What is the security rating in the Fortinet Security Fabric, and how is it calculated?
Select one:

- It is calculated based on the number of security logs generated.
- It indicates the level of compatibility with third-party devices.
- It represents the current level of network performance.
- It is a numerical value based on device settings and best practices.

Q. Which two additional features and settings can you apply to traffic after it is accepted by a firewall policy? (Choose two.)
Select one or more:

- Antivirus scanning
- Application control
- User authentication
- Packet filtering

Q. How does an IPS protect networks from threats?
Select one:

- By analyzing traffic and identifying potential threats
- By blocking all incoming network traffic from new sources
- By encrypting all network traffic from untrusted IP addresses
- By allowing only secure access to network resources

Q. In which architecture is the need to control application traffic becoming increasingly relevant?
Select one:

- Traditional client-server architecture
- Distributed architecture
- Peer-to-peer architecture
- Cloud-based architecture

Q. How can administrators track successful authentication attempts in FortiGate?
Select one:

- By analyzing network traffic patterns
- By monitoring security events in real-time
- By utilizing advanced threat intelligence feeds
- By reviewing the logs and dashboards

Q. Which two criteria can be matched in the Source field of a firewall policy?
Select one:

- MAC address and domain name
- Interface and service type
- IP address and user
- Address group and hostname

Q. What are two benefits of performing regular maintenance on FortiGate firewalls? (Choose two.)
Select one or more:

- Ensure you have the latest hardware.
- Prevent security breaches in your organization.
- Minimize costs during upgrades.
- Meet compliance and legal requirements.

반응형

Q. How can you modify the security settings of a VPN tunnel created from a template in FortiGate?
Select one:

- Choose a different template for the tunnel
- Convert the template to a custom tunnel
- Use the custom tunnel creation option
- Edit the template directly

Q. Why is it recommended that you use user groups instead of individual user accounts in a firewall policy?
Select one:

- User groups contain all individual user accounts by default.
- User groups provide stronger encryption for authentication.
- User groups make it easier to monitor authenticated users.
- User groups simplify the firewall configuration.

Q. How are websites filtered using FortiGuard category filters?
Select one:

- By denying access based on the website IP address
- By blocking access based on the website content
- By examining the HTTP headers from the website
- By scanning the website for malware in real time

Q. Which category of services does FortiGuard Labs provide as part of FortiGuard Security Services?
Select one:

- Endpoint protection and vulnerability management
- Network segmentation and access control
- Data encryption and secure communications
- Advanced threat intelligence and prevention

---------------------------------------------------------------------------------------------------------------------------------------

40문제 기준 75% 이상 PASS이므로 최소 30개이상 맞히면 통과입니다.
생각보다 문제 가짓수가 많아서 3번 재시험보고 직접 정리했습니다.
다른 답변이 있거나 문의사항은 댓글 달아주시면 수정하겠습니다.

FCA 취득 축하드립니다!

 

2024.05.27 - [[Certification]] - [FCA] Fortinet Certified Associate Cybersecurity 정보 및 취득 후기

 

[FCA] Fortinet Certified Associate Cybersecurity 정보 및 취득 후기

Fortinet 사의 기존 NSE 자격 단계에서 2023년 말 변경된 자격 증명의 여러 단계 중2번째 단계인 Fortinet Certified Associate Cybersecurity(FCA)를 취득하고 그 후기를 적어보았습니다. FCA certificatio

infoofit.tistory.com

 

[FCA] FortiGate 7.4 Operator Lesson 06: Blocking Malware - 악성코드 차단

 

[FCA] FortiGate 7.4 Operator Lesson 06: Blocking Malware - 악성코드 차단

A. 악성코드 차단1. Fortinet 악성코드 차단 개요네트워크에서 맬웨어를 차단하는 것이 조직을 보호하는 데 중요합니다. 사이버 범죄자는 악성 코드를 사용하여 돈을 갈취하거나 정보를 훔칩니다.

infoofit.tistory.com

 

반응형