Browse Certification Practice Tests by Exam Family

Fortinet FCA Sample Questions & Practice Test

May 1, 2026

Try 12 Fortinet Certified Associate (FCA) in Cybersecurity sample questions and practice-test preview prompts on security operations, network defense, endpoint awareness, cloud risk, identity, and platform-fit decisions.

On this page

Fortinet Certified Associate (FCA) in Cybersecurity is a practical associate route for candidates who need security-operations awareness, defensive-control reasoning, and enough platform vocabulary to choose the right next Fortinet path.

Use this page to preview the kind of operational judgment an FCA practice route should test. The questions below are original IT Mastery sample questions, not official Fortinet exam questions.

What this route should test

  • recognizing endpoint, network, cloud, identity, and operations risk signals
  • choosing first-response and escalation steps from limited evidence
  • understanding how platform controls support detection, prevention, and containment
  • distinguishing general security foundations from Fortinet-specific secure-networking paths

Sample Exam Questions

Question 1

Topic: alert triage

A SOC alert shows repeated failed logins followed by a successful login from a new country. What is the best next step?

  • A. Ignore the alert because the final login succeeded
  • B. Delete the logs to reduce noise
  • C. Investigate account compromise indicators, validate the user, and follow the escalation process
  • D. Disable every user account immediately

Best answer: C

Explanation: The pattern suggests possible credential attack activity. The analyst should preserve evidence, validate the event, and escalate according to policy rather than ignoring or overreacting.

Question 2

Topic: endpoint defense

An endpoint is missing critical patches and has disabled protection services. Which action best reduces immediate risk?

  • A. Isolate or remediate the endpoint according to policy, restore protection, and apply required patches
  • B. Add the endpoint to a trusted list permanently
  • C. Share the local administrator password with all support staff
  • D. Remove monitoring from the device

Best answer: A

Explanation: Missing patches and disabled controls increase compromise risk. The response should restore protective controls and patching while following approved operational procedures.

Question 3

Topic: identity

A contractor needs temporary access to one internal tool. Which access pattern is strongest?

  • A. Permanent broad access because the contractor is trusted
  • B. A shared team password
  • C. No logging because access is temporary
  • D. Named access with least privilege, multi-factor authentication, and an expiration or review date

Best answer: D

Explanation: Temporary access still needs accountability, least privilege, strong authentication, and lifecycle control.

Question 4

Topic: cloud risk

A storage bucket contains sensitive exports and is accidentally made public. What is the primary concern?

  • A. The bucket name is too short
  • B. Confidential data may be exposed outside the intended audience
  • C. Public access always improves availability safely
  • D. Encryption no longer matters anywhere

Best answer: B

Explanation: Public exposure of sensitive data is a confidentiality risk. The team should remove unintended access, assess exposure, and correct the configuration and monitoring process.

Question 5

Topic: platform fit

A team wants to reduce malicious web access, inspect network traffic, and enforce policy between zones. Which control area is most relevant?

  • A. Office badge printing
  • B. Password length only
  • C. Secure firewall and web or threat-prevention controls
  • D. Removing all logs

Best answer: C

Explanation: Firewall policy and security profiles can enforce network access and inspect traffic. Physical badges and password policy do not directly control web and inter-zone traffic.

Question 6

Topic: email security

What is a realistic goal of email-security controls?

  • A. Reduce phishing, malware, impersonation, and unsafe links before they reach users
  • B. Make users share passwords faster
  • C. Disable every business email attachment permanently
  • D. Replace incident response

Best answer: A

Explanation: Email controls reduce risk from common delivery channels, but they do not remove the need for awareness, monitoring, and response.

Question 7

Topic: alert tuning

An alert fires hundreds of times per day for expected system behavior, and analysts stop reviewing it. What should be done?

  • A. Turn off every detection rule
  • B. Ignore all alerts from that source forever
  • C. Delete the SIEM
  • D. Tune the detection with clear conditions, severity, ownership, and review evidence

Best answer: D

Explanation: Noisy alerts reduce trust. Tuning should preserve meaningful detection while reducing false positives and documenting the rationale.

Question 8

Topic: remote access

Remote employees need access to an internal administrative portal. Which design is safest?

  • A. Expose the portal publicly with no authentication
  • B. Use approved remote-access controls with strong authentication, device checks, and least-privilege access
  • C. Email the administrator password
  • D. Disable logs for remote users

Best answer: B

Explanation: Remote access should be authenticated, authorized, monitored, and constrained to required resources.

Question 9

Topic: network access control

An unmanaged device appears on a corporate network segment. What should a defensive control do?

  • A. Grant full access automatically
  • B. Ignore device posture
  • C. Identify the device and enforce appropriate access, quarantine, or remediation policy
  • D. Disable segmentation for simplicity

Best answer: C

Explanation: Network access decisions should consider device identity, posture, and policy. Unknown or noncompliant devices should not receive unrestricted access.

Question 10

Topic: ransomware recovery

Which preparation best improves ransomware recovery?

  • A. Tested, protected backups with recovery procedures and access controls
  • B. Backups stored only on the infected workstation
  • C. No restoration testing
  • D. A promise that ransomware cannot happen

Best answer: A

Explanation: Recovery depends on backups that are protected from the attacker, tested, and supported by documented procedures.

Question 11

Topic: security awareness

Which awareness message is most useful for reducing social-engineering risk?

  • A. Tell users they are always the problem
  • B. Encourage users to bypass security if work is urgent
  • C. Avoid reporting suspicious events to reduce tickets
  • D. Teach users how to recognize and report suspicious requests without fear of blame

Best answer: D

Explanation: Effective awareness helps users act early and safely. Reporting culture matters because users often see phishing, impersonation, and fraud attempts first.

Question 12

Topic: change control

A firewall rule is added during an incident and never reviewed. What is the best follow-up?

  • A. Leave it forever because it solved a problem once
  • B. Review ownership, risk, business need, expiration, and whether a safer permanent rule is needed
  • C. Expand the rule to all systems
  • D. Remove all firewall governance

Best answer: B

Explanation: Emergency changes should be reviewed after the event. Temporary access can become long-term exposure if ownership and expiration are not checked.

Quick FCA checklist

AreaWhat to check
TriageCan you separate urgent indicators from normal operational noise?
ControlsCan you choose the right control family for email, endpoint, identity, cloud, or network risk?
OperationsCan you preserve evidence and escalate without overcorrecting?
GovernanceCan you identify when access, alerts, or firewall changes need review?
Revised on Monday, May 18, 2026
FCF Cybersecurity