1. Home
  2. Fortinet
  3. FCP_WCS_AD-7.4 Exam Info
  4. FCP_WCS_AD-7.4 Exam Questions

Curious about Actual Fortinet Certified Professional (FCP_WCS_AD-7.4) Exam Questions?

Here are sample Fortinet FCP - AWS Cloud Security 7.4 Administrator (FCP_WCS_AD-7.4) Exam questions from real exam. You can get more Fortinet Certified Professional (FCP_WCS_AD-7.4) Exam premium practice questions at TestInsights.

Page: 1 /
Total 35 questions
Question 1

An administrator is adding a web application to be protected by FortiWeb Cloud.

Which two steps are necessary to successfully onboard the application? (Choose two.)

An administrator is adding a web application to be protected by FortiWeb Cloud.

Which two steps are necessary to successfully onboard the application? (Choose two.)


Correct : B, C

Web Application Name:

When onboarding a web application to be protected by FortiWeb Cloud, you need to provide a name for the web application. This helps in identifying and managing the application within the FortiWeb Cloud console (Option B).

DNS Records:

To ensure that traffic to your web application is correctly routed through FortiWeb Cloud, you must create DNS records in the domain server that hosts your application. This ensures that requests are directed to FortiWeb Cloud for inspection and protection (Option C).

Other Considerations:

Option A (Waiting for the EC2 instance) is incorrect as it is not a necessary step for onboarding a web application to FortiWeb Cloud.

Option D (Enabling a CDN) is not a mandatory step for onboarding but can be part of a broader strategy for improving performance and protection.


FortiWeb Cloud Documentation: FortiWeb Cloud

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 2

You are troubleshooting network connectivity issues between two VMs deployed in AWS.

One VM is a FortiGate located on subnet "LAN" that is part of the VPC "Encryption". The other VM is a Windows server located on the subnet "servers" which is also in the "Encryption" VPC. You are unable to ping the Windows server from FortiGate.

What are two reasons for this? (Choose two.)


Correct : A, D

Windows Firewall Blocking Traffic:

The firewall on the Windows VM might be configured to block incoming ICMP traffic (ping requests). By default, Windows Firewall is set to block ICMP traffic, which could be a reason for the connectivity issue (Option A).

Security Group Configuration:

AWS Security Groups act as virtual firewalls for instances. If there is no rule allowing ICMP traffic in the security group attached to the Windows server, the ping requests from FortiGate will be blocked. An inbound allow ICMP rule must be added to the security group to permit this traffic (Option D).

Other Options Analysis:

Option B is incorrect because the default AWS Network Access Control List (NACL) allows all inbound and outbound traffic.

Option C is incorrect as AWS does allow ICMP traffic between subnets if properly configured with Security Groups and NACLs.


AWS Security Groups: AWS Security Groups

Windows Firewall Configuration: Windows Firewall

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 3

An administrator wants to deploy a solution to automatically create firewall rules on FortiGate to accelerate time-to-protection for threats.

Which AWS service can be integrated with FortiGate to accomplish this?


Correct : D

AWS GuardDuty Integration:

AWS GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect AWS accounts and workloads. It can generate findings that can be used to create or update firewall rules automatically in FortiGate to enhance security and provide timely protection (Option D).

Integration with FortiGate:

GuardDuty findings can be integrated with FortiGate using automation tools and scripts to create firewall rules dynamically, thereby accelerating the time-to-protection against emerging threats.

Other Options Analysis:

Option A (AWS Firewall Manager) is more suited for managing rules across multiple accounts but not for dynamic threat response.

Option B (AWS Network ACL) provides stateless filtering but does not offer automated rule creation.

Option C (SDN Connector for AWS) helps in integrating SDN capabilities but is not specifically focused on threat-based rule automation.


AWS GuardDuty: AWS GuardDuty

FortiGate Integration: Fortinet Integration

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 4

An administrator needs to attach an Elastic Network Interface (ENI) to an application instance in a VPC with multiple availability zones. An instance runs in availability zone 1.

Which ENI property must the administrator consider when implementing this requirement?


Correct : A

ENI Attachment Across Availability Zones:

Elastic Network Interfaces (ENIs) are associated with a specific Availability Zone. They cannot be attached to instances that are in a different Availability Zone than where the ENI was created. Therefore, an ENI created in Availability Zone 1 cannot be attached to an instance in Availability Zone 2 (Option A).

ENI Reattachment:

ENIs can be detached from one instance and reattached to another instance within the same Availability Zone. This flexibility allows for network interface configuration to be preserved across instance changes within the same AZ.

Other Options Analysis:

Option B is incorrect because an ENI can be reattached to any instance in the same AZ.

Option C is incorrect as the primary ENI (eth0) cannot be detached from an instance.

Option D is incorrect because when an ENI is moved, the traffic is directed to the new instance, and there is no redirection to the old instance.


AWS ENI Documentation: Elastic Network Interfaces

AWS Networking Best Practices: AWS Networking

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 5

Refer to the exhibit.

FCP_WCS_AD-7.4 Exam Question 5 Exhibit 1

What occurs during a failover for an active-passive (A-P) cluster that is deployed in two different availability zones? (Choose two.)


Correct : A, B

Cluster Elastic IP Address (EIP) Movement:

During a failover in an active-passive (A-P) cluster, the Elastic IP (EIP) associated with the active FortiGate instance (FGT-1) needs to be moved to the passive instance (FGT-2), which becomes the new active instance. This ensures that the traffic directed to the EIP is now handled by FGT-2 (Option A).

Secondary IP Address Movement:

The secondary IP address on Port2 of the current active instance (FGT-1) is moved to the same port on the new active instance (FGT-2). This step is crucial to ensure seamless network traffic redirection and connectivity for the services relying on that IP address (Option B).

Other Options Analysis:

Option C is incorrect because the static route modification mentioned is not directly related to the failover process described.

Option D is incorrect because no additional route needs to be added to the HA Sync AZ2 subnet route table to forward traffic to the Internet Gateway during a failover.


FortiGate HA Configuration Guide: FortiGate HA

AWS Elastic IP Documentation: Elastic IP

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Page:    1 / 7   
Total 35 questions