FCP_FGT_AD-7.4 Exam QuestionsBrowse all questions from this exam

FCP_FGT_AD-7.4 Exam - Question 47

Refer to the exhibits.

The exhibits show a diagram of a FortiGate device connected to the network, and the firewall configuration.

An administrator created a Deny policy with default settings to deny Webserver access for Remote-User2.

The policy should work such that Remote-User1 must be able to access the Webserver while preventing Remote-User2 from accessing the Webserver.

Which two configuration changes can the administrator make to the policy to deny Webserver access for Remote-User2? (Choose two.)

Enable match-vip in the Deny policy.

Set the Destination address as Webserver in the Deny policy.

Disable match-vip in the Deny policy.

Set the Destination address as Deny_IP in the Allow_access policy.

Show Answer

Correct Answer:

Discussion

5 comments

3101a6aOptions: AB

Sep 26, 2024

Page 64 Study Guide 7.4

066c9f3

Oct 8, 2024

A bit confusing, because match-vip is enabled by default after FortiOS 7.2.3 and these are 7.4 questions. So technically, we should assume it's already enabled which makes A an invalid answer. But since this question is copied from 7.2, A is still correct.

s4mu3l007

Oct 31, 2024

¿ A & B ?

vuhidusOptions: AB

Nov 20, 2024

A & B

sxcapOptions: AB

Dec 17, 2024

Enable match-vip (if not enabled already) set webserver as destination