FCP_FGT_AD-7.4 Online Practice Questions

Explanation:
The timer config any way is by seconds.
ses-denied-traffic Enable/disable including denied session in the session table. block-session-timer
Duration in seconds for blocked sessions (1 - 300 sec (5 minutes), default = 30).
C. The number of logs generated by denied traffic is reduced.
D. A session for denied traffic is created.
During the session, if a security profile detects a violation, FortiGate records the attack log immediately. To reduce the number of log messages generated and improve performance, you can enable a session table entry of dropped traffic. This creates the denied session in the session table and, if the session is denied, all packets of that session are also denied. This ensures that FortiGate does not have to do a policy lookup for each new packet matching the denied session, which reduces CPU usage and log generation. This option is in the CLI, and is called ses-denied-traffic. You can also set the duration for block sessions. This determines how long a session will be kept in the session table by setting block-sessiontimer in the CLI. By default, it is set to 30 seconds.
Reference and download study guide:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-enable-denied-session-to-be-added-into-the/ta-p/195478

Explanation:
A. For a stronger authentication, you can also enable extended authentication (XAuth) to request the remote peer to provide a username and password.
B. FortiGate supports pre-shared key and signature as authentication methods.
A. XAuth provides an additional layer of authentication by requiring the remote peer to provide a username and password in addition to the pre-shared key or certificate. This enhances security.
B. FortiGate supports both pre-shared key and signature (using certificates) as authentication methods for IPsec VPN connections, offering flexibility based on security requirements.
C. Enabling XAuth does not necessarily result in faster authentication because additional packets are exchanged to complete the XAuth process.
D. When using the signature as the authentication method, a certificate is required on the remote peer for authentication, ensuring secure communication.
To authenticate each other, the peers use two methods: pre-shared key or digital signature. You can also enable an additional authentication method, XAuth, to enhance authentication.

Explanation:
The exhibit shows that the "FTP.Login.Failed" IPS signature is set with the action "Pass" and packet logging enabled. This means that any traffic matching this signature will be allowed through the FortiGate, and the traffic details will be logged for monitoring and analysis purposes.
Reference: FortiOS 7.4.1 Administration Guide: IPS Signature Actions

Explanation:
"pass" is only default action.
The Pass action on the specific signature would only be chosen, if the Action (on the top) was set to Default. But instead its set to Block, se the action is will be to block and drop.
Select Allow to allow traffic to continue to its destination. Select Monitor to allow traffic to continue to its destination and log the activity. Select Block to silently drop traffic matching any of the signatures included in the entry. Select Reset to generate a TCP RST packet whenever the signature is triggered. Select Default to use the default action of the signatures.
If you enable Packet logging, FortiGate saves a copy of the packet that matches the signature.

Explanation:
The correct answer is: C. Disabling split tunneling
Split tunneling allows VPN users to access both local and remote networks simultaneously. However, if you want to inspect all web traffic, including Internet traffic, coming from users connecting to the SSL-VPN, you should disable split tunneling. Disabling split tunneling forces all user traffic through the VPN tunnel, allowing you to inspect and control the traffic more effectively.