Weekend Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Activedumpsnet Logo
  1. Home
  2. Fortinet
  3. Network Security
  4. FCP_FGT_AD-7.6
  5. FCP_FGT_AD-7.6 - FortiGate 7.6 Administrator FCP_FGT_AD-7.6

Fortinet FCP_FGT_AD-7.6 FortiGate 7.6 Administrator FCP_FGT_AD-7.6 Exam Practice Test

Page: 1 / 5
Total 45 questions
Get FCP_FGT_AD-7.6 Full Access Download FCP_FGT_AD-7.6 PDF

FortiGate 7.6 Administrator FCP_FGT_AD-7.6 Questions and Answers

Question 1

Refer to the exhibit.

Question # 1

FortiGate has two separate firewall policies for Sales and Engineering to access the same web server with the same security profiles.

Which action must the administrator perform to consolidate the two policies into one?

Options:

A.

Create an Aggregate interface that includes port1 and port2 to create a single firewall policy.

B.

Select port1 and port2 subnets in a single firewall policy.

C.

Replace port1 and port2 with the any interface in a single firewall policy.

D.

Enable Multiple Interface Policies to select port1 and port2 in the same firewall policy.

Question 2

An administrator suspects that the Collector Agent is not forwarding login events to FortiGate.

What is the most effective troubleshooting step?

Options:

A.

Verify if DC agent is enabled on the FortiGate.

B.

Restart the domain controller to refresh authentication services.

C.

Verify if FortiGate is set to use LDAP authentication instead of FSSO.

D.

Check if TCP port 8000 is open between the collector agent and FortiGate.

Question 3

Which two statements are correct when FortiGate enters conserve mode? (Choose two.)

Options:

A.

FortiGate continues to run critical security actions, such as quarantine.

B.

FortiGate refuses to accept configuration changes.

C.

FortiGate halts complete system operation and requires a reboot to regain available resources.

D.

FortiGate continues to transmit packets without IPS inspection when the fail-open global setting in IPS is enabled.

Question 4

A new administrator is configuring FSSO authentication on FortiGate using DC Agent Mode.

Which step is NOT part of the expected process?

Options:

A.

The DC agent sends login event data directly to FortiGate.

B.

The user logs into the windows domain.

C.

The collector agent forwards login event data to FortiGate.

D.

FortiGate determines user identity based on the IP address in the FSSO list.

Question 5

A network administrator is reviewing firewall policies in both Interface Pair View and By Sequence View. The policies appear in a different order in each view.

Why is the policy order different in these two views?

Options:

A.

Policies in Interface Pair View are prioritized by security levels, while By Sequence View strictly follows the administrator’s manual ordering.

B.

By Sequence View groups policies based on rule priority, while Interface Pair View always follows the order of traffic logs.

C.

The firewall dynamically reorders policies in Interface Pair View based on recent traffic patterns, but By Sequence View remains static.

D.

Interface Pair View sorts policies based on matching interfaces, while By Sequence View shows the actual processing order of rules.

Question 6

Refer to the exhibits.

Question # 6

An administrator wants to add HQ-ISFW-2 in the Security Fabric. HQ-ISFW-2 is in the same subnet as HQ-ISFW. After configuring the Security Fabric settings on HQ-ISFW-2, the status staysPending.

What can be the two possible reasons? (Choose two.)

Options:

A.

Upstream FortiGate IP must be set to 10.0.11.254.

B.

SAML Single Sign-On must be set to Manual.

C.

HQ-ISFW-2 must be authorized on HQ-ISFW.

D.

Management IP must be set to 10.0.13.254.

Question 7

When configuring a FortiGate in a multi-WAN setup, why would an administrator enable session preservation on an interface?

Options:

A.

To allow the FortiGate to dynamically change interfaces for all active sessions when a WAN link fails

B.

To make sure all sessions without source NAT enabled always use the primary WAN link

C.

To improve security by forcing users to authenticate again when the WAN link changes

D.

To ensure that existing SSL VPN connections remain on the same interface even if route changes occur

Question 8

What is the primary FortiGate election process when the HA override setting is enabled?

Options:

A.

Connected monitored ports > Priority > HA uptime > FortiGate serial number

B.

Connected monitored ports > Priority > System uptime > FortiGate serial number

C.

Connected monitored ports > HA uptime > Priority > FortiGate serial number

D.

Connected monitored ports > System uptime > Priority > FortiGate serial number

Question 9

Refer to the exhibit.

Question # 9

The predefined deep-inspection and custom-deep-inspection profiles exclude some web categories from SSL inspection, as shown in the exhibit.

For which two reasons are these web categories exempted? (Choose two.)

Options:

A.

The FortiGate temporary certificate denies the browser’s access to websites that use HTTP Strict Transport Security.

B.

These websites are in an allowlist of reputable domain names maintained by FortiGuard.

C.

The resources utilization is optimized because these websites are in the trusted domain list on FortiGate.

D.

The legal regulation aims to prioritize user privacy and protect sensitive information for these websites.

Question 10

Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI.

Question # 10

Based on the exhibit, which statement is true?

Options:

A.

The Underlay zone is the zone by default.

B.

The Underlay zone contains no member.

C.

port2 and port3 are not assigned to a zone.

D.

The virtual-wan-link and overlay zones can be deleted.

Question 11

Refer to the exhibits.

Question # 11

The exhibits show a diagram of a FortiGate device connected to the network, and the firewall configuration.

An administrator created aDenypolicy with default settings to deny Webserver access forRemote-User2.

The policy should work such thatRemote-User1must be able to access the Webserver while preventingRemote-User2from accessing theWebserver.

Which additional configuration can the administrator add to a deny firewall policy, beyond the default behavior, to blockRemote-User2from accessing theWebserver?

Options:

A.

Disable match-vip in the Allow_access policy

B.

Configure a One-to-One IP Pool object in a new policy.

C.

Set the Destination address as Webserver in the Deny policy.

D.

Set the Destination address as Deny_IP in the Allow_access policy.

Question 12

You have configured the FortiGate device for FSSO. A user is successful in log-in to windows, but their access to the internet is denied.

What should the administrator check first?

Options:

A.

Whether the user is assigned to the correct AD group.

B.

The FortiGate firewall policy settings for SSL decryption.

C.

The FortiGate FSSO active users list for user’s IP address.

D.

The windows event viewer for failed login attempts.

Question 13

Refer to the exhibits.

Question # 13

The exhibits show the system performance output and default configuration of high memory usage thresholds on a FortiGate device.

Based on the system performance output, what are the two possible outcomes? (Choose two.)

Options:

A.

FortiGate has entered conserve mode.

B.

Administrators can access FortiGate only through the console port.

C.

Administrators can change the configuration.

D.

FortiGate drops new sessions.

Load More FCP_FGT_AD-7.6 Questions 
Page: 1 / 5
Total 45 questions
Get FCP_FGT_AD-7.6 Full Access Download FCP_FGT_AD-7.6 PDF