Big Halloween Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. Fortinet
  3. Fortinet Network Security Expert
  4. FCP_FGT_AD-7.6 - FortiGate 7.6 Administrator FCP_FGT_AD-7.6

Fortinet FCP_FGT_AD-7.6 FortiGate 7.6 Administrator FCP_FGT_AD-7.6 Exam Practice Test

Demo: 14 questions
Total 48 questions
Get FCP_FGT_AD-7.6 Full Access Download FCP_FGT_AD-7.6 PDF

FortiGate 7.6 Administrator FCP_FGT_AD-7.6 Questions and Answers

Question 1

Refer to the exhibit.

What would be the impact of these settings on the Server certificate SNI check configuration on FortiGate?

Options:

A.

FortiGate will accept and use the CN in the server certificate for URL filtering if the SNI does not match the CN or SAN fields.

B.

FortiGate will accept the connection with a warning if the SNI does not match the CN or SAN fields.

C.

FortiGate will close the connection if the SNI does not match the CN or SAN fields.

D.

FortiGate will close the connection if the SNI does not match the CN and SAN fields

Question 2

Refer to the exhibits.

The exhibits show a diagram of a FortiGate device connected to the network, as well as the IP pool configuration and firewall policy objects.

The WAN (port2) interface has the IP address 100.65.0.101/24.

The LAN (port4) interface has the IP address 10.0.11.254/24.

Which IP address will be used to source NAT (SNAT) the traffic, if the user on

HQ-PC-1 (10.0.11.50) pings the IP address of BR-FGT (100.65.1.111)

Options:

A.

100.65.0.101

B.

100.65.0.49

C.

100.65.0.99

D.

100.65.0.149

Question 3

Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI.

Based on the exhibit, which statement is true?

Options:

A.

The Underlay zone is the zone by default.

B.

The Underlay zone contains no member.

C.

port2 and port3 are not assigned to a zone.

D.

The virtual-wan-link and overlay zones can be deleted.

Question 4

Which three statements explain a flow-based antivirus profile? (Choose three.)

Options:

A.

FortiGate buffers the whole file but transmits to the client at the same time.

B.

Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection.

C.

If a virus is detected, the last packet is delivered to the client.

D.

Flow-based inspection optimizes performance compared to proxy-based inspection.

E.

The IPS engine handles the process as a standalone.

Question 5

An administrator suspects that the Collector Agent is not forwarding login events to FortiGate.

What is the most effective troubleshooting step?

Options:

A.

Verify if DC agent is enabled on the FortiGate.

B.

Restart the domain controller to refresh authentication services.

C.

Verify if FortiGate is set to use LDAP authentication instead of FSSO.

D.

Check if TCP port 8000 is open between the collector agent and FortiGate.

Question 6

An administrator wanted to configure an IPS sensor to block traffic that triggers a signature set number of times during a specific time period.

How can the administrator achieve the objective?

Options:

A.

Use IPS group signatures, set rate-mode 60.

B.

Use IPS packet logging option with periodical filter option.

C.

Use IPS filter, rate-mode periodical option.

D.

Use IPS filter, rate-mode periodical option.

Question 7

Refer to the exhibit.

The NOC team connects to the FortiGate GUI with the NOC_Access admin profile. They request that their GUI sessions do not disconnect too early during inactivity.

What must the administrator configure to answer this specific request from the NOC team?

Options:

A.

Move NOC_Access to the top of the list to ensure all profile settings take effect.

B.

Increase the offline value of the Override Idle Timeout parameter in the NOC_Access admin profile.

C.

Ensure that all NOC_Access users are assigned the super_admin role to guarantee access

D.

Increase the admintimeout value under config system accprofile NOC_Access.

Question 8

An administrator notices that some users are unable to establish SSL VPN connections, while others can connect without any issues.

What should the administrator check first?

Options:

A.

Ensure that the affected users are using the correct port number.

B.

Ensure that user traffic is hitting the firewall policy.

C.

Ensure that forced tunneling is enabled to reroute all traffic through the SSL VPN

D.

Ensure that the HTTPS service is enabled on SSL VPN tunnel interface

Question 9

Refer to the exhibit.

FortiGate has two separate firewall policies for Sales and Engineering to access the same web server with the same security profiles.

Which action must the administrator perform to consolidate the two policies into one?

Options:

A.

Create an Aggregate interface that includes port1 and port2 to create a single firewall policy.

B.

Select port1 and port2 subnets in a single firewall policy.

C.

Replace port1 and port2 with the any interface in a single firewall policy.

D.

Enable Multiple Interface Policies to select port1 and port2 in the same firewall policy.

Question 10

Refer to the exhibit.

The predefined deep-inspection and custom-deep-inspection profiles exclude some web categories from SSL inspection, as shown in the exhibit.

For which two reasons are these web categories exempted? (Choose two.)

Options:

A.

The FortiGate temporary certificate denies the browser’s access to websites that use HTTP Strict Transport Security.

B.

These websites are in an allowlist of reputable domain names maintained by FortiGuard.

C.

The resources utilization is optimized because these websites are in the trusted domain list on FortiGate.

D.

The legal regulation aims to prioritize user privacy and protect sensitive information for these websites.

Question 11

A FortiGate firewall policy is configured with active authentication, however, the user cannot authenticate when accessing a website.

Which protocol must FortiGate allow even though the user cannot authenticate?

Options:

A.

LDAP

B.

TACASC+

C.

Kerberos

D.

DNS

Question 12

What are three key routing principles in SD-WAN? (Choose three.)

Options:

A.

By default. SD-WAN rules are skipped if the included SD-WAN members do not have a valid route to the destination.

B.

SD-WAN rules have precedence over any other type of routes.

C.

Regular policy routes have precedence over SD-WAN rules.

D.

By default. SD-WAN rules are skipped if only one route to the destination is available.

E.

By default. SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member.

Question 13

A network administrator is reviewing firewall policies in both Interface Pair View and By Sequence View. The policies appear in a different order in each view.

Why is the policy order different in these two views?

Options:

A.

Policies in Interface Pair View are prioritized by security levels, while By Sequence View strictly follows the administrator’s manual ordering.

B.

By Sequence View groups policies based on rule priority, while Interface Pair View always follows the order of traffic logs.

C.

The firewall dynamically reorders policies in Interface Pair View based on recent traffic patterns, but By Sequence View remains static.

D.

Interface Pair View sorts policies based on matching interfaces, while By Sequence View shows the actual processing order of rules.

Question 14

When configuring firewall policies which of the following is true regarding the policy ID?

Options:

A.

It is mandatory to provide a policy ID while creating a firewall policy regardless of GUI or CLI.

B.

A firewall policy ID identifies the order of policy execution in firewall policies.

C.

You can create a policy in CLI with policy ID 0.

D.

A policy ID cannot be edited once a policy is created.

Load More FCP_FGT_AD-7.6 Questions
Demo: 14 questions
Total 48 questions
Get FCP_FGT_AD-7.6 Full Access Download FCP_FGT_AD-7.6 PDF