Fortinet FCP_FSA_AD-5.0 시험

Question No : 1

You are asked to create an 802.3ad interface on FortiSandbox with port 2 and port 4. However, when attempting to make the configuration change, you discover that you cannot select port 4 for the aggregate bonding.
What are two reasons for this issue? (Choose two answers)

• A.Port 4 is an administration interface.
• B.Port 4 does not have an IP address.
• C.Port 4 is an api interface.
• D.Port 4 is a sniffer interface.

답을 확인하기

정답:
Explanation:
From the Deployment and System Settings lesson, the Study Guide states:
"Other ports, with the exception of port3, can also be configured as management ports from CLI." "You can set additional ports as management port using the CLI command shown on this slide." From the Lab Guide (Exercise 4 - Using Inline Scanning):
"FortiGate and FortiSandbox communicate through port 4443. Management or API ports grant access through port 4443."
"Enter the following command to enable API access on port2: set api-port port2"
Ports that are designated as either administration interfaces or API interfaces cannot be selected for

Question No : 2

You are asked to configure FortiSandbox to use one VM instance for multiple sequential scan jobs without shutting down the instance between each scan job submission.
Which scan profile setting must you enable to achieve this? (Choose one answer)

• A.Adaptive VM scan
• B.VM scan ratio
• C.Parallel VM scan
• D.Pipeline mode

답을 확인하기

정답:
Explanation:
From the Scanning and Rating Components lesson, the Study Guide explicitly states:
"The Pipeline Mode feature improves performance by allowing to scan multiple files, one at a time, without shutting down the VM instance after scanning each file."
"FortiSandbox will continue scanning files without shutting down the VM instance, as long as the VM status hasn't changed. If the VM status changes, then the VM instance will shut down and will be restored for the next job."
This precisely matches the requirement ― using one VM instance for multiple sequential scan jobs without shutting down between submissions.
The other options serve different purposes:
Adaptive Scan dynamically adjusts clone numbers
VM Scan Ratio controls the percentage of jobs scanned in a VM
Parallel VM Scan runs multiple VMs simultaneously for a single job

Question No : 3

Refer to the exhibit.



A network topology is shown.
Which two important steps must you take before you enable a BCC adapter on FortiSandbox? (Choose two answers)

• A.Configure the upstream SEG to extract files and URLs from emails and send them to FortiSandbox for analysis.
• B.Configure an A record on the DNS server for the FortiSandbox I
• C.Configure the sub-domain on the upstream SEG to BCC emails to FortiSandbox.
• D.Add an MX record on the DNS server for the BCC email sub-domain to resolve to the FortiSandbox I

답을 확인하기

정답:
Explanation:
From the Deployment and System Settings lesson, the Study Guide states:
"You can submit emails from an upstream MTA server to FortiSandbox using a BCC adapter. FortiSandbox will extract attachment files and URLs in an email body."
For a BCC adapter to function correctly, two critical prerequisites must be in place:
Option C ― The upstream SEG must be configured to BCC emails to a FortiSandbox sub-domain so that email copies are routed to FortiSandbox for analysis
Option D ― An MX record must be added to the DNS server for the BCC email sub-domain, so that the sub-domain resolves to the FortiSandbox IP address, allowing the SEG to properly deliver BCC email copies
Option A is incorrect because the BCC adapter handles full email inspection ― FortiSandbox itself extracts files and URLs rather than the SEG doing this.
Option B is incorrect because an MX record (not just an A record) is the required DNS configuration for email routing.

Question No : 4

Refer to the exhibit.



Which command must you use to configure the secondary node? (Choose one answer)

• A.hc-worker -a -s10.25.1.30 -p<password>
• B.hc-worker -a -s10.50.1.30 -p<password>
• C.hc-worker -a -s10.50.1.40 -p<password>
• D.hc-worker -a -s10.25.1.50 -p<password>

답을 확인하기

정답:
Explanation:
From the High Availability and Management lesson, the Study Guide states:
"You must configure the HA group name, password, and the virtual IP only on the primary node. After you configure those, you can add the secondary node to the group using the commands shown on this slide."
The hc-slave command (shown as hc-worker for secondary) requires pointing to the Primary Node's HA interface IP, not the cluster virtual IP or the primary node's port1.
From the exhibit:
Primary Node port4 (HA interface) = 10.50.1.30
Secondary Node port4 = 10.50.1.40
Primary Node port1 = 10.25.1.30
Cluster Virtual IP = 10.25.1.50
The secondary node must connect to the Primary Node's dedicated HA communication port (port4 = 10.50.1.30) to join the cluster, making Option B the correct answer.

Question No : 5

You are attempting to troubleshoot a FortiGate device that is not sending samples to FortiSandbox.
Which CLI command will provide you with useful diagnostic information? (Choose one answer)

• A.diagnose antivirus quarantine purge
• B.diagnose test application quarantined 8
• C.diagnose test application ipsmonitor 99
• D.diagnose debug application quarantine -1

답을 확인하기

정답:
Explanation:
From the FortiGate Integration lesson, the Study Guide explicitly states:
"The quarantine daemon is involved in submitting files to FortiSandbox."
From the Lab Guide (Exercise 3 - Using FortiGate Diagnostics), the following is explicitly documented:
"Enter the following commands to enable debugging for the quarantine daemon: diagnose debug application quarantine -1 diagnose debug enable"
"Use the following CLI debug command to diagnose the connection and file transfer issue between HQ-FGT-1 and HQ-FSA-1: diagnose debug application quarantine -1"
This command enables real-time debug output for the quarantine daemon on FortiGate, which is specifically responsible for submitting files to FortiSandbox and receiving verdicts.
Option B clears the analytics cache rather than providing diagnostic information, and the other options relate to different functions entirely.

Question No : 6

When configuring wildcard administrator authentication, which two account types can you use? (Choose two answers)

• A.LDAP
• B.RADIUS
• C.TACACS
• D.Local

답을 확인하기

정답:
Explanation:
From the Deployment and System Settings lesson, the Study Guide explicitly states:
"The default administrator account has a blank password. You should change this as soon as possible for all Fortinet devices. Aside from local accounts, FortiSandbox also supports LDAP, SAML SSO, and RADIUS."
This confirms the supported remote authentication types for FortiSandbox administrator accounts are:
LDAP (Option A) ✓
RADIUS (Option B) ✓
SAML SSO (not listed as an option)
TACACS (Option C) and Local (Option D) are not listed as wildcard administrator authentication types in the Study Guide. Local accounts are standard administrator accounts, not wildcard authentication, and TACACS is not mentioned as a supported authentication method.

Question No : 7

A FortiSandbox VM has been deployed and has been functioning correctly for several months. Suddenly, the system begins rejecting file submissions with an error message indicating a licensing problem.
How can you determine, using the CLI, if the license is still valid? (Choose one answer)

• A.vm-status
• B.hc-setting -1
• C.vm-license -1
• D.status

답을 확인하기

정답:
Explanation:
From the Deployment and System Settings lesson, the Study Guide explicitly states:
"The status command shows information about the system, including firmware level, device serial number, disk usage, Windows VM status, states of the boot and data disks, and more. For VM appliances, it will also show the FortiSandbox license status."
The key phrase is "For VM appliances, it will also show the FortiSandbox license status" ― making the status command the correct choice for verifying license validity on a FortiSandbox VM deployment.
While vm-license -l shows installed Windows/Microsoft Office license keys, and vm-status shows guest VM image information, neither directly reports on the FortiSandbox appliance license validity. The status command is the definitive command for checking overall system and license status.

Question No : 8

You are asked to configure a FortiSandbox HA cluster. Port 4 on the primary and secondary nodes is dedicated for HA-specific communication.
Which command must you use to configure the secondary node? (Choose one answer)

• A.hc-settings -sc -tN -nSecondaryNode -cFSAGrp -p<password> -iport4
• B.hc-settings -sc -tM -nSecondaryNode -cFSAGrp -p<password> -iport4
• C.hc-settings -sc -tP -nSecondaryNode -cFSAGrp -p<password> -iport4
• D.hc-settings -sc -tR -nSecondaryNode -cFSAGrp -p<password> -iport4

답을 확인하기

정답:
Explanation:
From the High Availability and Management lesson, the Study Guide states:
"You use the hc-settings command and options to configure the main HA settings, such as enable HA,
and to configure the node's mode of operation, node alias, group name, group password, and the HA interface."
The CLI flags breakdown:
-sc = Set configuration
-t = Node type flag where N = Secondary node
-n = Node alias (SecondaryNode)
-c = Cluster/group name (FSAGrp)
-p = Password
-i = HA interface (port4)
The Study Guide confirms the secondary node type uses -tN designation.
Option B (-tM) represents the primary/master node, Option C (-tP) and Option D (-tR) are not valid node type designators for secondary nodes in the FortiSandbox HA CLI syntax.

Question No : 9

Refer to the exhibits.









You are asked to configure a FortiSandbox to leverage the real-time anti-phishing (RTAP) feature. After configuring the scan profile, testing shows that URLs are not being submitted to the RTAP service.
What could cause this issue? (Choose one answer)

• A.The URL option is not selected as a Web file type.
• B.The WEBLink file type is not selected in the profile.
• C.The VM scan timeout for URLs should be at least 300 to provide enough time for a FortiGuard response.
• D.The URLs are not designated for active content pre-scan.

답을 확인하기

정답:
Explanation:
From the Results Analysis lesson, the Study Guide confirms:
"The Basic information section shows that, in this case, the file type is WEBLink and the file was submitted by FortiMail."
From the Scanning and Rating Components lesson:
"The only exception to this is URL inputs. These inputs are submitted directly to the VM scan engine for sandboxing."
When URLs are submitted to FortiSandbox (from FortiMail or other sources), they are classified as WEBLink file type ― which is distinct from the standard .url file extension shown in the VM Association Web types (htm, js, lnk, url).
Looking at the exhibits:
The VM Association shows Web: htm, js, lnk, url ― but WEBLink is NOT listed
The Advanced tab shows Real-time Zero-Day Anti-Phishing Service is enabled (green)
Despite RTAP being enabled, URLs cannot reach the VM scan stage without WEBLink being explicitly included in the scan profile's VM Association
Since RTAP operates during VM scanning, if WEBLink is not assigned to a VM in the scan profile, URLs submitted for inspection will never reach the VM, and therefore will never be evaluated by the RTAP service ― regardless of RTAP being enabled.

Question No : 10

Review the exhibits.






A FortiMail device is integrated with a FortiSandbox device.
What is the expected behavior on FortiMail for emails that require FortiSandbox inspection? (Choose one answer)

• A.FortiMail will queue emails for up to 5 minutes during URL rating errors before submitting URLs to FortiSandbox
• B.FortiMail will queue emails for up to 30 minutes to allow FortiSandbox to finish scanning all attachments and URLs.
• C.FortiMail will not send attachments and URLs to FortiSandbox if their rating exists in the local cache.
• D.FortiMail will deliver all emails to the destination after the emails pass all local security checks.

답을 확인하기

정답:
Explanation:
From the FortiMail Integration lesson, the Study Guide explicitly states:
"The Scan timeout value determines how long FortiMail will wait for a response from FortiSandbox. The default is 30 minutes. So, if after 30 minutes FortiSandbox is unable to generate a verdict, FortiMail will release the email to the end user."
"SMTP is a store-and-forward protocol. This allows FortiMail to queue the email while FortiSandbox inspects all submitted samples. FortiMail will release the email only if there is a scan timeout event, or FortiSandbox returns a clean verdict."
The Integration Settings exhibit clearly confirms Scan timeout = 30 minutes, and the AV Profile shows both Attachment analysis and URL analysis are enabled ― meaning FortiMail will hold/queue emails for up to 30 minutes while FortiSandbox completes inspection of all attachments and URLs before taking action.

Question No : 11

To assign a file to a VM image, which two conditions must be true? (Choose two answers)

• A.FortiSandbox must have the appropriate license entitlements.
• B.The VM image clone value must be a non-zero number.
• C.The file type must be configured to enter the job queue.
• D.The VM image must have the software required to open the file.

답을 확인하기

정답:
Explanation:
From the Scanning and Rating Components lesson, the Study Guide explicitly states:
"The second section of the Scan Profile, VM Association, allows you to define file extensions and VM image associations. This means that specific files are sandboxed by the associated VM image.
To assign a file to a VM image, the following conditions must be true:
The file type must be configured to enter the job queue (first section of the scan profile).
The VM image clone value cannot be a non-zero number."
This directly confirms:
Option B ― The VM image clone value must be a non-zero number (clones must be allocated)
Option C ― The file type must be configured to enter the job queue via the scan profile Pre-Filter section
Options A and D, while potentially relevant in practice, are not listed as the two required conditions in the Study Guide.

Question No : 12

Refer to the exhibit.



As a best practice, where must you rank the FortiClient inputs when configuring the job queue priority on FortiSandbox? (Choose one answer)

• A.Before FortiGate but after FortiMail inputs
• B.After all other input methods
• C.After On-Demand but before FortiGate inputs
• D.Before all other input methods

답을 확인하기

정답:
Explanation:
From the FortiClient EMS Integration lesson, the Study Guide explicitly states:
"It is always a good idea to place the files that are submitted by FortiClient, high on the Job Queue Priority since these are files that end users need immediate access to. In most cases, end users might not be willing to wait for a long time to access these files and placing the FortiClient submitted files high on the Job Queue Priority ensures that these files receive high priority for scanning from FortiSandbox."
Looking at the exhibit, the Job Priority Configuration shows:
Positions 1-4: On-Demand inputs (highest priority)
Position 5: FortiGate InlineBlock
Positions 6-11: Other sources including FortiWeb, File RPC, Device, FortiClient
As a best practice, FortiClient should rank after On-Demand (positions 1-4) but before FortiGate inputs ― since end users need immediate file access, FortiClient submissions should be near the top but On-Demand scanning takes highest precedence.

Question No : 13

To allow access to the FortiSandbox GUI the administrator must configure an IP address and a default gateway.
Which two commands must the administrator use to accomplish this task? (Choose two answers)

• A.set default-gw <IP Address>
• B.set api-port port1
• C.set admin-port port1
• D.set port1-ip <IP address>

답을 확인하기

정답:
Explanation:
From the Deployment and System Settings lesson, the Study Guide explicitly states:
"Initial port1 IP configuration must be performed from the console, using the commands shown on this slide. If your management computer is on a separate subnet from FortiSandbox, you must specify a gateway address using the commands shown on this slide."
The two required commands are:
set port1-ip <IP address> ― to assign the IP address to port1 for GUI access
set default-gw <IP Address> ― to configure the default gateway so the management computer can reach FortiSandbox from a different subnet
Option B (set api-port port1) is for API access configuration, and Option C (set admin-port port1) is not a valid FortiSandbox CLI command for this purpose.

Question No : 14

Refer to the exhibit.



Which command must you use to configure the worker node? (Choose one answer)

• A.hc-worker -a -sI0.50.1.30 -p<password>
• B.hc-worker -a -sI0.25.1.50 -p<password>
• C.hc-worker -a -sI0.75.1.254 -p<password>
• D.hc-worker -a -sI0.25.1.30 -p<password>

답을 확인하기

정답:
Explanation:
From the High Availability and Management lesson, the Study Guide states:
"You must configure the HA group name, password, and the cluster virtual IP. The worker nodes provide load balancing. The primary node distributes scan jobs to the worker nodes."
"You must configure the HA group name, password, and the virtual IP only on the primary node... Devices will interact with the cluster using this virtual IP."
From the exhibit topology:
Cluster Virtual IP address = 10.25.1.50
Primary Node port1 = 10.25.1.30
Secondary Node port1 = 10.25.1.40
Worker Node port1 = 10.75.1.10
The worker node must be configured to point to the Cluster Virtual IP (10.25.1.50), not the individual primary node IP. This is because worker nodes join the cluster by connecting to the cluster virtual IP address.
Therefore the correct command is: hc-worker -a -sI0.25.1.50 -p<password>

Question No : 15

You must increase the scanning capacity of a FortiSandbox device by increasing the number of clones, but the FortiSandbox local clone limit is already at maximum.
Which two actions can you take to expand the scanning capacity of the unit? (Choose two answers)

• A.Deploy remote WindowsCloudVM and MACOSX clones
• B.Reorganize the scan priority list
• C.Add custom VMs
• D.Add VM licenses to FortiSandbox

답을 확인하기

정답:
Explanation:
From the Scanning and Rating Components lesson, the Study Guide states:
"The universal VM license is a single license that grants you access to multiple VMs. Provides a scalable and cost-effective solution with up to 200 VMs on a single unit. Clone count limits shown on the VM Settings view apply to all enabled VM Types."
"When you enable Adaptive Scan, FortiSandbox dynamically adjusts the number of clones of any local VMs you have enabled. Enabling this option does not affect the number of remote Mac OS or Windows cloud VMs."
This confirms:
Option A ― Deploying remote WindowsCloudVM and MACOSX clones expands capacity beyond local clone limits since remote VMs are not subject to local clone restrictions
Option D ― Adding VM licenses directly increases the number of available VMs up to 200 on a single unit
Reorganizing the scan priority list (B) only affects scan order, not capacity. Adding custom VMs (C) would still be subject to the same local clone limits.