Summer Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Examstrust Logo
examstrust mcafee
  1. Home
  2. Fortinet
  3. Fortinet Network Security Expert
  4. FCP_FGT_AD-7.6 - FortiGate 7.6 Administrator FCP_FGT_AD-7.6

Fortinet FCP_FGT_AD-7.6 FortiGate 7.6 Administrator FCP_FGT_AD-7.6 Exam Practice Test

Page: 1 / 5
Total 48 questions
Get FCP_FGT_AD-7.6 Full Access Download FCP_FGT_AD-7.6 PDF

FortiGate 7.6 Administrator FCP_FGT_AD-7.6 Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$43.75  $124.99
Add to Cart

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$61.25  $174.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$38.5  $109.99
Add to Cart
Question 1

Refer to the exhibits.

An administrator wants to add HQ-ISFW-2 in the Security Fabric. HQ-ISFW-2 is in the same subnet as HQ-ISFW. After configuring the Security Fabric settings on HQ-ISFW-2, the status stays Pending.

What can be the two possible reasons? (Choose two.)

Options:

A.

Upstream FortiGate IP must be set to 10.0.11.254.

B.

SAML Single Sign-On must be set to Manual.

C.

HQ-ISFW-2 must be authorized on HQ-ISFW.

D.

Management IP must be set to 10.0.13.254.

Question 2

Which two statements are true about an HA cluster? (Choose two.)

Options:

A.

An HA cluster cannot have both in-band and out-of-band management interfaces at the same time.

B.

Link failover triggers a failover if the administrator sets the interface down on the primary device.

C.

When sniffing the heartbeat interface, the administrator must see the IP address 169.254.0.2.

D.

HA incremental synchronization includes FIB entries and IPsec SAs.

Question 3

An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when there is no inbound traffic.

Which DPD mode on FortiGate meets this requirement?

Options:

A.

Enabled

B.

On Idle

C.

Disabled

D.

On Demand

Question 4

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.

Based on the phase 2 configuration shown in the exhibit, which two configuration changes will bring phase 2 up? (Choose two.)

Options:

A.

On BR1-FGT, set Seconds to 43200.

B.

On HQ-NGFW, enable Diffie-Hellman Group 2.

C.

On BR1-FGT, set Remote Address to 10.0.11.0/255.255.255.0

D.

On HQ-NGFW. set Encryption to AES256

Question 5

A remote user reports slow SSL VPN performance and frequent disconnections. The user is located in an area with poor internet connectivity.

What setting should the administrator adjust to improve the user's experience?

Options:

A.

Enable split tunneling to reduce VPN traffic.

B.

Change the SSL VPN port to a non-standard port.

C.

Increase the session timeout for inactive sessions.

D.

Configure the DTLS timeout to accommodate high-latency connections.

Question 6

Refer to the exhibits.

The exhibits show the system performance output and default configuration of high memory usage thresholds on a FortiGate device.

Based on the system performance output, what are the two possible outcomes? (Choose two.)

Options:

A.

FortiGate has entered conserve mode.

B.

Administrators can access FortiGate only through the console port.

C.

Administrators can change the configuration.

D.

FortiGate drops new sessions.

Question 7

An administrator notices that some users are unable to establish SSL VPN connections, while others can connect without any issues.

What should the administrator check first?

Options:

A.

Ensure that the affected users are using the correct port number.

B.

Ensure that user traffic is hitting the firewall policy.

C.

Ensure that forced tunneling is enabled to reroute all traffic through the SSL VPN

D.

Ensure that the HTTPS service is enabled on SSL VPN tunnel interface

Question 8

Refer to the exhibit.

The NOC team connects to the FortiGate GUI with the NOC_Access admin profile. They request that their GUI sessions do not disconnect too early during inactivity.

What must the administrator configure to answer this specific request from the NOC team?

Options:

A.

Move NOC_Access to the top of the list to ensure all profile settings take effect.

B.

Increase the offline value of the Override Idle Timeout parameter in the NOC_Access admin profile.

C.

Ensure that all NOC_Access users are assigned the super_admin role to guarantee access

D.

Increase the admintimeout value under config system accprofile NOC_Access.

Question 9

Which three statements explain a flow-based antivirus profile? (Choose three.)

Options:

A.

FortiGate buffers the whole file but transmits to the client at the same time.

B.

Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection.

C.

If a virus is detected, the last packet is delivered to the client.

D.

Flow-based inspection optimizes performance compared to proxy-based inspection.

E.

The IPS engine handles the process as a standalone.

Question 10

Refer to the exhibit.

FortiGate has two separate firewall policies for Sales and Engineering to access the same web server with the same security profiles.

Which action must the administrator perform to consolidate the two policies into one?

Options:

A.

Create an Aggregate interface that includes port1 and port2 to create a single firewall policy.

B.

Select port1 and port2 subnets in a single firewall policy.

C.

Replace port1 and port2 with the any interface in a single firewall policy.

D.

Enable Multiple Interface Policies to select port1 and port2 in the same firewall policy.

Question 11

Which two statements are correct when FortiGate enters conserve mode? (Choose two.)

Options:

A.

FortiGate continues to run critical security actions, such as quarantine.

B.

FortiGate refuses to accept configuration changes.

C.

FortiGate halts complete system operation and requires a reboot to regain available resources.

D.

FortiGate continues to transmit packets without IPS inspection when the fail-open global setting in IPS is enabled.

Question 12

Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI.

Based on the exhibit, which statement is true?

Options:

A.

The Underlay zone is the zone by default.

B.

The Underlay zone contains no member.

C.

port2 and port3 are not assigned to a zone.

D.

The virtual-wan-link and overlay zones can be deleted.

Question 13

Refer to the exhibit.

An administrator has configured an Application Overrides for the ABC.Com application signature and set the Action to Allow. This application control profile is then applied to a firewall policy that is scanning all outbound traffic. Logging is enabled in the firewall policy. To test the configuration, the administrator accessed the ABC.Com web site several times.

Why are there no logs generated under security logs for ABC.Com?

Options:

A.

The ABC.Com Type is set as Application instead of Filter.

B.

The ABC.Com is configured under application profile, which must be configured as a web filter profile.

C.

The ABC.Com Action is set to Allow.

D.

The ABC.Com is hitting the category Excessive-Bandwidth.

Question 14

An administrator suspects that the Collector Agent is not forwarding login events to FortiGate.

What is the most effective troubleshooting step?

Options:

A.

Verify if DC agent is enabled on the FortiGate.

B.

Restart the domain controller to refresh authentication services.

C.

Verify if FortiGate is set to use LDAP authentication instead of FSSO.

D.

Check if TCP port 8000 is open between the collector agent and FortiGate.

Load More FCP_FGT_AD-7.6 Questions
Page: 1 / 5
Total 48 questions
Get FCP_FGT_AD-7.6 Full Access Download FCP_FGT_AD-7.6 PDF