New Release FCP_FGT_AD-7.4 Fortinet Network Security Expert Questions

FortiGate's SD-WAN rule strategies for member selection include the following:

Manual with load balancing: This strategy allows an administrator to manually configure which SD-WAN member interfaces to use for specific traffic.

Lowest Cost (SLA) with load balancing: This strategy prioritizes the link with the lowest cost that meets the SLA requirements.

Best Quality with load balancing: This strategy selects the link with the best performance metrics, such as latency, jitter, or packet loss.

Options D and E are incorrect because "Lowest Quality" is not a valid strategy, and "Lowest Cost without load balancing" contradicts the requirement for load balancing in the strategy name.

References:

FortiOS 7.4.1 Administration Guide: SD-WAN Rule Strategies

The current setting for the root FortiGate (Local-FortiGate) is fabric-object-unification local, which means that new address objects are not shared across the security fabric. Changing this setting to fabric-object-unification default will allow address objects to be synchronized and shared with downstream devices like the ISFW.

Both interfaces must have directly connected routes on the routing table

In NAT mode, each interface must have a corresponding entry in the routing table, typically as a directly connected route, to route traffic between them effectively.

Both interfaces must have IP addresses assigned

In NAT mode, each interface must have an IP address to participate in routing and NAT operations. The IP addresses allow the FortiGate to forward traffic between different network segments.

FortiGate continues to run critical security actions, such as quarantine.

Even in conserve mode, FortiGate prioritizes critical security functions to ensure basic protections are still in place, such as quarantining malicious traffic.

FortiGate continues to transmit packets without IPS inspection when the fail-open global setting in IPS is enabled.

When the system is in conserve mode and the "fail-open" setting is enabled, FortiGate will allow traffic to pass without IPS inspection to ensure traffic flow continuity despite resource limitations.