Summer Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

Certensure Logo
  1. Home
  2. Fortinet
  3. Network Security
  4. FCP_FGT_AD-7.6 - FortiGate 7.6 Administrator FCP_FGT_AD-7.6

Fortinet FCP_FGT_AD-7.6 FortiGate 7.6 Administrator FCP_FGT_AD-7.6 Exam Practice Test

Demo: 13 questions
Total 45 questions
Get FCP_FGT_AD-7.6 Full Access Download FCP_FGT_AD-7.6 PDF

FortiGate 7.6 Administrator FCP_FGT_AD-7.6 Questions and Answers

Question 1

Refer to the exhibit.

The predefined deep-inspection and custom-deep-inspection profiles exclude some web categories from SSL inspection, as shown in the exhibit.

For which two reasons are these web categories exempted? (Choose two.)

Options:

A.

The FortiGate temporary certificate denies the browser’s access to websites that use HTTP Strict Transport Security.

B.

These websites are in an allowlist of reputable domain names maintained by FortiGuard.

C.

The resources utilization is optimized because these websites are in the trusted domain list on FortiGate.

D.

The legal regulation aims to prioritize user privacy and protect sensitive information for these websites.

Question 2

You have configured the below commands on a FortiGate.

What would be the impact of this configuration on FortiGate?

Options:

A.

FortiGate will enable strict RPF on ail its interfaces and port1 will be enable for asymmetric routing.

B.

FortiGate will enable strict RPF on all its interfaces and port1 will be exempted from RPF checks.

C.

Port1 will be enabled with flexible RPF, and all other interfaces will be enabled for strict RPF

D.

The global configuration will take precedence and FortiGate will enable strict RPF on all interfaces.

Question 3

Refer to the exhibits.

The exhibits show the system performance output and default configuration of high memory usage thresholds on a FortiGate device.

Based on the system performance output, what are the two possible outcomes? (Choose two.)

Options:

A.

FortiGate has entered conserve mode.

B.

Administrators can access FortiGate only through the console port.

C.

Administrators can change the configuration.

D.

FortiGate drops new sessions.

Question 4

Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI.

Based on the exhibit, which statement is true?

Options:

A.

The Underlay zone is the zone by default.

B.

The Underlay zone contains no member.

C.

port2 and port3 are not assigned to a zone.

D.

The virtual-wan-link and overlay zones can be deleted.

Question 5

Refer to the exhibit.

An administrator has configured an Application Overrides for the ABC.Com application signature and set theAction to Allow. This application control profile is then applied to a firewall policy that is scanning all outbound traffic. Logging is enabled in the firewall policy. To test the configuration, the administrator accessed the ABC.Com web site several times.

Why are there no logs generated under security logs for ABC.Com?

Options:

A.

The ABC.Com Type is set as Application instead of Filter.

B.

The ABC.Com is configured under application profile, which must be configured as a web filter profile.

C.

The ABC.Com Action is set to Allow.

D.

The ABC.Com is hitting the category Excessive-Bandwidth.

Question 6

When configuring a FortiGate in a multi-WAN setup, why would an administrator enable session preservation on an interface?

Options:

A.

To allow the FortiGate to dynamically change interfaces for all active sessions when a WAN link fails

B.

To make sure all sessions without source NAT enabled always use the primary WAN link

C.

To improve security by forcing users to authenticate again when the WAN link changes

D.

To ensure that existing SSL VPN connections remain on the same interface even if route changes occur

Question 7

Refer to the exhibit.

The exhibit shows theFortiGuard Category Based Filtersection of a corporate web filter profile.

An administrator must block access todownload.com, which belongs to theFreeware and Software Downloadscategory. The administrator must also allow other websites in the same category.

What are two solutions for satisfying the requirement? (Choose two.)

Options:

A.

Configure a static URL filter entry for download.com with Type and Action set to Wildcard and Block, respectively.

B.

Configure a web override rating for download.com and select Malicious Websites as the subcategory.

C.

Configure a separate firewall policy with action Deny and an FQDN address object for*.download.com as destination address.

D.

Set the Freeware and Software Downloads category Action to Warning.

Question 8

A remote user reports slow SSL VPN performance and frequent disconnections. The user is located in an area with poor internet connectivity.

What setting should the administrator adjust to improve the user's experience?

Options:

A.

Enable split tunneling to reduce VPN traffic.

B.

Change the SSL VPN port to a non-standard port.

C.

Increase the session timeout for inactive sessions.

D.

Configure the DTLS timeout to accommodate high-latency connections.

Question 9

A new administrator is configuring FSSO authentication on FortiGate using DC Agent Mode.

Which step is NOT part of the expected process?

Options:

A.

The DC agent sends login event data directly to FortiGate.

B.

The user logs into the windows domain.

C.

The collector agent forwards login event data to FortiGate.

D.

FortiGate determines user identity based on the IP address in the FSSO list.

Question 10

Refer to the exhibit.

What would be the impact of these settings on the Server certificate SNI check configuration on FortiGate?

Options:

A.

FortiGate will accept and use the CN in the server certificate for URL filtering if the SNI does not match the CN or SAN fields.

B.

FortiGate will accept the connection with a warning if the SNI does not match the CN or SAN fields.

C.

FortiGate will close the connection if the SNI does not match the CN or SAN fields.

D.

FortiGate will close the connection if the SNI does not match the CN and SAN fields

Question 11

Refer to the exhibits.

The exhibits show a diagram of a FortiGate device connected to the network, and the firewall configuration.

An administrator created aDenypolicy with default settings to deny Webserver access forRemote-User2.

The policy should work such thatRemote-User1must be able to access the Webserver while preventingRemote-User2from accessing theWebserver.

Which additional configuration can the administrator add to a deny firewall policy, beyond the default behavior, to blockRemote-User2from accessing theWebserver?

Options:

A.

Disable match-vip in the Allow_access policy

B.

Configure a One-to-One IP Pool object in a new policy.

C.

Set the Destination address as Webserver in the Deny policy.

D.

Set the Destination address as Deny_IP in the Allow_access policy.

Question 12

An administrator notices that some users are unable to establish SSL VPN connections, while others can connect without any issues.

What should the administrator check first?

Options:

A.

Ensure that the affected users are using the correct port number.

B.

Ensure that user traffic is hitting the firewall policy.

C.

Ensure that forced tunneling is enabled to reroute all traffic through the SSL VPN

D.

Ensure that the HTTPS service is enabled on SSL VPN tunnel interface

Question 13

Refer to the exhibits.

An administrator wants to add HQ-ISFW-2 in the Security Fabric. HQ-ISFW-2 is in the same subnet as HQ-ISFW. After configuring the Security Fabric settings on HQ-ISFW-2, the status staysPending.

What can be the two possible reasons? (Choose two.)

Options:

A.

Upstream FortiGate IP must be set to 10.0.11.254.

B.

SAML Single Sign-On must be set to Manual.

C.

HQ-ISFW-2 must be authorized on HQ-ISFW.

D.

Management IP must be set to 10.0.13.254.

Load More FCP_FGT_AD-7.6 Questions
Demo: 13 questions
Total 45 questions
Get FCP_FGT_AD-7.6 Full Access Download FCP_FGT_AD-7.6 PDF