2024 Fortinet FCP_FGT_AD-7.6 Exam Dumps Questions

Category:

Comments:

0 Comments

Post Date:

May 27, 2025

Fortinet certification is a highly valuable and sought-after certification for IT professionals seeking to enhance their knowledge and expertise. FCP_FGT_AD-7.6 exam is specifically designed to validate the skills required to configure and maintain the FCP in Network Security platform, which is widely used by businesses around the world. These FCP_FGT_AD-7.6 exam dumps questions are specifically designed to help you prepare for the exam by testing your knowledge and providing you with valuable insights into the types of questions that you will encounter. Test free Fortinet FCP_FGT_AD-7.6 exam questions below.

Page 1 of 8

1. Refer to the exhibit.

Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?

All traffic from a source IP to a destination IP is sent to the same interface.

Traffic is sent to the link with the lowest latency.

Traffic is distributed based on the number of sessions through each interface.

All traffic from a source IP is sent to the same interface

2. Refer to the exhibit.

Review the intrusion prevention system (IPS) profile signature settings shown in the exhibit.

What do you conclude when adding the FTP.Login.Failed signature to the IPS sensor profile?

Traffic matching the signature will be allowed and logged.

The signature setting uses a custom rating threshold.

The signature setting includes a group of other signatures.

Traffic matching the signature will be silently dropped and logged.

3. An administrator has configured a strict RPF check on FortiGate.

How does strict RPF check work?

Strict RPF allows packets back to sources with all active routes.

Strict RPF checks the best route back to the source using the incoming interface.

Strict RPF checks only for the existence of at least one active route back to the source using the incoming interface.

Strict RPF check is run on the first sent and reply packet of any new session.

4. Refer to the exhibit.

Which statement about this firewall policy list is true?

The Implicit group can include more than one deny firewall policy.

The firewall policies are listed by ID sequence view.

The firewall policies are listed by ingress and egress interfaces pairing view.

LAN to WA

WAN to LA

and Implicit are sequence grouping view lists.

5. Which timeout setting can be responsible for deleting SSL VPN associated sessions?

SSL VPN idle-timeout

SSL VPN http-request-body-timeout

SSL VPN login-timeout

SSL VPN dtls-hello-timeout

6. Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)

A. The client FortiGate requires a client certificate signed by the CA on the server FortiGate.

B. The client FortiGate requires a manually added route to remote subnets.

C. The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN.

D. Server FortiGate requires a CA certificate to verify the client FortiGate certificate.

7. What is eXtended Authentication (XAuth)?

It is an IPsec extension that forces remote VPN users to authenticate using their local I

It is an IPsec extension that forces remote VPN users to authenticate using their credentials (username and password).

It is an IPsec extension that authenticates remote VPN peers using a pre-shared key.

It is an IPsec extension that authenticates remote VPN peers using digital certificates.

8. Refer to the exhibits.

The exhibits show a diagram of a FortiGate device connected to the network, and the firewall configuration.

An administrator created a Deny policy with default settings to deny Webserver access for Remote-User2.

The policy should work such that Remote-User1 must be able to access the Webserver while preventing Remote-User2 from accessing the Webserver.

Which two configuration changes can the administrator make to the policy to deny Webserver access for Remote-User2? (Choose two.)

Enable match-vip in the Deny policy.

Set the Destination address as Webserver in the Deny policy.

Disable match-vip in the Deny policy.

Set the Destination address as Deny_IP in the Allow_access policy.

9. Refer to the exhibit.

The administrator configured SD-WAN rules and set the FortiGate traffic log page to display SD-WAN-specific columns: SD-WAN Quality and SD-WAN Rule Name.

FortiGate allows the traffic according to policy ID 1. This is the policy that allows SD-WAN traffic.

Despite these settings the traffic logs do not show the name of the SD-WAN rule used to steer those traffic flows.

What can be the reason?

FortiGate load balanced the traffic according to the implicit SD-WAN rule.

There is no application control profile applied to the firewall policy.

Destination in the SD-WAN rules are configured per application but the feature visibility is not enabled.

SD-WAN rule names do not appear immediately. The administrator needs to refresh the page.

10. Refer to the exhibit.

In the network shown in the exhibit, the web client cannot connect to the HTTP web server.

The administrator runs the FortiGate built-in sniffer and gets the output as shown in the exhibit.

What should the administrator do next to troubleshoot the problem?

Run a sniffer on the web server.

Capture the traffic using an external sniffer connected to port1.

Execute another sniffer in the FortiGate, this time with the filter “host 10.0.1.10”

Execute a debug flow.

Page 2 of 8

11. Which two statements are correct about a software switch on FortiGate? (Choose two.)

It can be configured only when FortiGate is operating in NAT mode

Can act as a Layer 2 switch as well as a Layer 3 router

All interfaces in the software switch share the same IP address

It can group only physical interfaces

12. In which two ways can RPF checking be disabled? (Choose two.)

Enable anti-replay in firewall policy.

Enable asymmetric routing.

Disable strict-src-check under system settings.

Disable the RPF check at the FortiGate interface level for the source check.

13. Which three options are the remote log storage options you can configure on FortiGate? (Choose three.)

A. FortiSIEM

B. FortiCloud

C. FortiCache

D. FortiSandbox

E. FortiAnalyzer

14. Which two settings must you configure when FortiGate is being deployed as a root FortiGate in a Security Fabric topology? (Choose two.)

FortiManager IP address

FortiAnalyzer IP address

Pre-authorize downstream FortiGate devices

Fabric name

15. Which three CLI commands can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)

diagnose sys top

execute ping

execute traceroute

diagnose sniffer packet any

get system arp

16. Which statement about traffic flow in an active-active HA cluster is true?

A. The SYN packet from the client always arrives at the primary device first.

B. The secondary device responds to the primary device with a SYN/ACK, and then the primary device forwards the SYN/ACK to the client.

C. All FortiGate devices are assigned the same virtual MAC addresses for the HA heartbeat interfaces to redistribute to the sessions.

D. The ACK from the client is received on the physical MAC address of the primary device.

17. Examine the IPS sensor and DoS policy configuration shown in the exhibit, then answer the question below.

When detecting attacks, which anomaly, signature, or filter will FortiGate evaluate first?

SMT

IMA

ip_src_session

Location: server Protocol: SMTP

18. By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard servers.

Which CLI command causes FortiGate to use an unreliable protocol to communicate with FortiGuard servers for live web filtering?

set webfilter-force-off disable

set webfilter-cache disable

set protocol tcp

set fortiguard-anycast disable

19. Refer to the exhibit.

The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.

The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem.

With this configuration, which statement is true?

A. Inter-VDOM links are required to allow traffic between the Local and Root VDOMs.

B. A default static route is not required on the To_Internet VDOM to allow LAN users to access the internet.

C. Inter-VDOM links are required to allow traffic between the Local and DMZ VDOMs.

D. Inter-VDOM links are not required between the Root and To_Internet VDOMs because the Root

VDOM is used only as a management VDOM.

20. What are three key routing principles in SD-WAN? (Choose three.)

By default. SD-WAN members are skipped if they do not have a valid route to the destination

By default. SD-WAN rules are skipped if only one route to the destination is available

By default. SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member

SD-WAN rules have precedence over any other type of routes

Regular policy routes have precedence over SD-WAN rules

Page 3 of 8

21. Examine the two static routes shown in the exhibit, then answer the following question.

Which of the following is the expected FortiGate behavior regarding these two routes to the same destination?

FortiGate will load balance all traffic across both routes.

FortiGate will use the port1 route as the primary candidate.

FortiGate will route twice as much traffic to the port2 route

FortiGate will only actuate the port1 route in the routing table

22. Refer to the exhibit.

An administrator has configured a performance SLA on FortiGate, which failed to generate any traffic.

Why is FortiGate not sending probes to 4.2.2.2 and 4.2.2.1 servers? (Choose two.)

A. The Detection Mode setting is not set to Passive.

B. Administrator didn't configure a gateway for the SD-WAN members, or configured gateway is not valid.

C. The configured participants are not SD-WAN members.

D. The Enable probe packets setting is not enabled.

23. Refer to the exhibits.

Exhibit A.

Exhibit B.

An administrator creates a new address object on the root FortiGate (Local-FortiGate) in the security fabric. After synchronization, this object is not available on the downstream FortiGate (ISFW).

What must the administrator do to synchronize the address object?

Change the csf setting on Local-FortiGate (root) to set configuration-sync local.

Change the csf setting on ISFW (downstream) to set configuration-sync local.

Change the csf setting on Local-FortiGate (root) to set fabric-object-unification default.

Change the csf setting on ISFW (downstream) to set fabric-object-unification default.

24. Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

A. The subject field in the server certificate

B. The serial number in the server certificate

C. The server name indication (SNI) extension in the client hello message

D. The subject alternative name (SAN) field in the server certificate

E. The host field in the HTTP header

25. When browsing to an internal web server using a web-mode SSL VPN bookmark, which IP address is used as the source of the HTTP request?

remote user's public IP address

The public IP address of the FortiGate device.

The remote user's virtual IP address.

The internal IP address of the FortiGate device.

26. Refer to the exhibit.

Based on the ZTNA tag, the security posture of the remote endpoint has changed.

What will happen to endpoint active ZTNA sessions?

They will be re-evaluated to match the endpoint policy.

They will be re-evaluated to match the firewall policy.

They will be re-evaluated to match the ZTNA policy.

They will be re-evaluated to match the security policy.

27. Refer to the exhibits.

The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) for Facebook.

Users are given access to the Facebook web application. They can play video content hosted on Facebook, but they are unable to leave reactions on videos or other types of posts.

Which part of the policy configuration must you change to resolve the issue?

Force access to Facebook using the HTTP service.

Make the SSL inspection a deep content inspection.

Add Facebook in the URL category in the security policy.

Get the additional application signatures required to add to the security policy.

28. View the exhibit.

A user at 192.168.32.15 is trying to access the web server at 172.16.32.254.

Which two statements best describe how the FortiGate will perform reverse path forwarding (RPF)

checks on this traffic? (Choose two.)

Strict RPF check will deny the traffic.

Loose RPF check will allow the traffic.

Strict RPF check will allow the traffic.

Loose RPF check will deny the traffic.

29. View the exhibit.

Both VDOMs are operating in NAT/route mode. The subnet 10.0.1.0/24 is connected to VDOM1. The subnet 10.0.2.0/24 is connected to VDOM2. There is an inter-VDOM link between VDOM1 and VDOM2. Also, necessary firewall policies are configured in VDOM1 and VDOM2.

Which two static routes are required in the FortiGate configuration, to route traffic between both subnets through an inter-VDOM link? (Choose two.)

A static route in VDOM1 with the destination subnet matching the subnet assigned to the inter-VDOM link

A static route in VDOM2 for the destination subnet 10.0.1.0/24

A static route in VDOM1 for the destination subnet 10.0.2.0/24

A static route in VDOM2 with the destination subnet matching the subnet assigned to the inter-VDOM link

30. Which three statements about SD-WAN zones are true? (Choose three.)

An SD-WAN zone can contain physical and logical interfaces

You can use an SD-WAN zone in static route definitions

You can define up to three SD-WAN zones per FortiGate device

An SD-WAN zone must contains at least two members

An SD-WAN zone is a logical grouping of members

Page 4 of 8

31. Consider the topology:

Application on a Windows machine <--{SSL VPN} -->FGT--> Telnet to Linux server.

An administrator is investigating a problem where an application establishes a Telnet session to a Linux server over the SSL VPN through FortiGate and the idle session times out after about 90 minutes. The administrator would like to increase or disable this timeout.

The administrator has already verified that the issue is not caused by the application or Linux server. This issue does not happen when the application establishes a Telnet connection to the Linux server directly on the LAN.

What two changes can the administrator make to resolve the issue without affecting services running through FortiGate? (Choose two.)

Set the maximum session TTL value for the TELNET service object.

Set the session TTL on the SSLVPN policy to maximum, so the idle session timeout will not happen after 90 minutes.

Create a new service object for TELNET and set the maximum session TT

Create a new firewall policy and place it above the existing SSLVPN policy for the SSL VPN traffic, and set the new TELNET service object in the policy.

32. How can you disable RPF checking?

Disable src-check on the interface level settings

Unset fail-alert-interfaces on the interface level settings.

Disable fail-detect on the interface level settings.

Disable strict-src-check under system settings.

33. Which two configuration settings are synchronized when FortiGate devices are in an active-active HA cluster? (Choose two.)

FortiGuard web filter cache

FortiGate hostname

NTP

DNS

34. Which two statements are true when FortiGate is in transparent mode? (Choose two.)

A. By default, all interfaces are part of the same broadcast domain.

B. The existing network IP schema must be changed when installing a transparent mode FortiGate in the network.

C. Static routes are required to allow traffic to the next hop.

D. FortiGate forwards frames without changing the MAC address.

35. Which three methods can you use to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.)

Instant message app

FortiToken

Voicemail message

SMS text message

36. An administrator has configured outgoing interface any in a firewall policy.

Which statement is true about the policy list view?

Interface Pair view will be disabled.

Search option will be disabled.

Policy lookup will be disabled.

By Sequence view will be disabled.

37. Refer to the exhibit to view the application control profile.

Based on the configuration, what will happen to Apple FaceTime?

Apple FaceTime will be allowed, based on the Apple filter configuration.

Apple FaceTime will be allowed, based on the Categories configuration.

Apple FaceTime will be blocked, based on the Excessive-Bandwidth filter configuration.

Apple FaceTime will be allowed only if the filter in Application and Filter Overrides is set to Learn.

38. Which statement is correct regarding the use of application control for inspecting web applications?

Application control can identify child and parent applications, and perform different actions on them.

Application control signatures are organized in a nonhierarchical structure.

Application control does not require SSL inspection to identify web applications.

Application control does not display a replacement message for a blocked web application.

39. An administrator wants to configure timeouts for users. Regardless of the user's behavior, the timer should start as soon as the user authenticates and expire after the configured value.

Which timeout option should be configured on FortiGate?

auth-on-demand

soft-timeout

idle-timeout

new-session

hard-timeout

40. Which three statements are true regarding session-based authentication? (Choose three.)

A. HTTP sessions are treated as a single user.

B. IP sessions from the same source IP address are treated as a single user.

C. It can differentiate among multiple clients behind the same source IP address.

D. It requires more resources.

E. It is not recommended if multiple users are behind the source NAT

Page 5 of 8

41. An administrator is running the following sniffer command: diagnose sniffer packet any "host 10.0.2.10" 3

What information will be included in the sniffer output? (Choose three.)

IP header

Ethernet header

Packet payload

Application header

Interface name

42. Which two statements are true about collector agent advanced mode? (Choose two.)

A. Security profiles can be applied only to user groups, nor individual users.

B. FortiGate can be configured as an LDAP client and group filters can be configured on FortiGate.

C. Advanced mode supports nested or inherited groups.

D. Advanced mode uses Windows convention-NetBios: DomainUsername.

43. Which of the following statements correctly describes FortiGates route lookup behavior when searching for a suitable gateway? (Choose two)

Lookup is done on the first packet from the session originator

Lookup is done on the last packet sent from the responder

Lookup is done on every packet, regardless of direction

Lookup is done on the first reply packet from the responder

44. When configuring a firewall virtual wire pair policy, which following statement is true?

Any number of virtual wire pairs can be included, as long as the policy traffic direction is the same.

Only a single virtual wire pair can be included in each policy.

Any number of virtual wire pairs can be included in each policy, regardless of the policy traffic direction settings.

Exactly two virtual wire pairs need to be included in each policy.

45. Which of the following statements about backing up logs from the CLI and downloading logs from the GUI are true? (Choose two.)

A. Log downloads from the GUI are limited to the current filter view

B. Log backups from the CLI cannot be restored to another FortiGate.

C. Log backups from the CLI can be configured to upload to FTP as a scheduled time

D. Log downloads from the GUI are stored as LZ4 compressed files.

46. Refer to the exhibit to view the authentication rule configuration.

In this scenario, which statement is true?

A. Session-based authentication is enabled

B. Policy-based authentication is enabled

C. IP-based authentication is enabled

D. Route-based authentication is enabled

47. Refer to the exhibit.

Examine the intrusion prevention system (IPS) diagnostic command.

Which statement is correct If option 5 was used with the IPS diagnostic command and the outcome was a decrease in the CPU usage?

The IPS engine was inspecting high volume of traffic.

The IPS engine was unable to prevent an intrusion attack.

The IPS engine was blocking all traffic.

The IPS engine will continue to run in a normal state.

48. Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?

A. Local traffic logs

B. Forward traffic logs

C. System event logs

D. Security logs

49. Which two pieces of information are synchronized between FortiGate HA members? (Choose two.)

OSPF adjacencies

IPsec security associations

BGP peerings

DHCP leases

50. Which of the following are valid actions for FortiGuard category based filter in a web filter profile ui proxy-based inspection mode? (Choose two.)

A. Warning

B. Exempt

C. Allow

D. Learn

Page 6 of 8

51. Which two statements about antivirus scanning in a firewall policy set to proxy-based inspection mode, are true? (Choose two.)

A file does not need to be buffered completely before it is moved to the antivirus engine for scanning.

The client must wait for the antivirus scan to finish scanning before it receives the file.

FortiGate sends a reset packet to the client if antivirus reports the file as infected.

If a virus is detected, a block replacement message is displayed immediately.

52. Which two statements are true about the FGCP protocol? (Choose two.)

A. FGCP elects the primary FortiGate device.

B. FGCP is not used when FortiGate is in transparent mode.

C. FGCP runs only over the heartbeat links.

D. FGCP is used to discover FortiGate devices in different HA groups.

53. Which of statement is true about SSL VPN web mode?

The external network application sends data through the VPN

It assigns a virtual IP address to the client

It supports a limited number of protocols

The tunnel is up while the client is connected

54. Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?

A. Local traffic logs

B. Forward traffic logs

C. System event logs

D. Security logs

55. What is the limitation of using a URL list and application control on the same firewall policy, in NGFW policy-based mode?

A. It limits the scanning of application traffic to the browser-based technology category only.

B. It limits the scanning of application traffic to the DNS protocol only.

C. It limits the scanning of application traffic to use parent signatures only.

D. It limits the scanning of application traffic to the application category only.

56. An organization requires remote users to send external application data running on their PCs and access FTP resources through an SSUTLS connection.

Which FortiGate configuration can achieve this goal?

SSL VPN quick connection

SSL VPN tunnel

SSL VPN bookmark

Zero trust network access

57. Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)

FortiGate uses the AD server as the collector agent

FortiGate uses the SMB protocol to read the event viewer logs from the DCs

FortiGate points the collector agent to use a remote LDAP server

FortiGate queries AD by using the LDAP to retrieve user group information

58. Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)

FG-traffic

Mgmt

FG-Mgmt

Root

59. Which CLI command will display sessions both from client to the proxy and from the proxy to the servers?

diagnose wad session list

diagnose wad session list | grep hook-pre&&hook-out

diagnose wad session list | grep hook=pre&&hook=out

diagnose wad session list | grep "hook=pre"&"hook=out"

60. An administrator does not want to report the login events of service accounts to FortiGate.

What setting on the collector agent is required to achieve this?

Add the support of NTLM authentication

Add user accounts to the FortiGate group filter

Add user accounts to Active Directory (AD)

Add user accounts to the Ignore User List

Page 7 of 8

61. What are two features of collector agent advanced mode? (Choose two.)

In advanced mode, FortiGate can be configured as an LDAP client and group filters can be configured on FortiGate.

Advanced mode supports nested or inherited groups.

In advanced mode, security profiles can be applied only to user groups, not individual users.

Advanced mode uses the Windows convention ―NetBios: DomainUsername.

62. Refer to the exhibit.

The exhibit shows the IPS sensor configuration.

If traffic matches this IPS sensor, which two actions is the sensor expected to take? (Choose two.)

A. The sensor will allow attackers matching the NTP.Spoofed.KoD.DoS signature.

B. The sensor will block all attacks aimed at Windows servers.

C. The sensor will reset all connections that match these signatures.

D. The sensor will gather a packet log for all matched traffic.

63. On FortiGate, which type of logs record information about traffic directly to and from the FortiGate management IP addresses?

Forward traffic logs

Local traffic logs

Security logs

System event logs

64. An administrator must enable a DHCP server on one of the directly connected networks on FortiGate. However, the administrator is unable to complete the process on the GUI to enable the service on the interface.

In this scenario, what prevents the administrator from enabling DHCP service?

The role of the interface prevents setting a DHCP server.

The DHCP server setting is available only on the CL

Another interface is configured as the only DHCP server on FortiGate.

The FortiGate model does not support the DHCP server.

65. What must you configure to enable proxy-based TCP session failover?

You must configure ha-configuration-sync under configure system ha.

You do not need to configure anything because all TCP sessions are automatically failed over.

You must configure session-pickup-enable under configure system ha.

You must configure session-pickup-connectionless enable under configure system ha.

66. Refer to the exhibit.

The global settings on a FortiGate device must be changed to align with company security policies.

What does the Administrator account need to access the FortiGate global settings?

Enable restrict access to trusted hosts

Change password

Enable two-factor authentication

Change Administrator profile

67. What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

FortiGate automatically negotiates different local and remote addresses with the remote peer.

FortiGate automatically negotiates a new security association after the existing security association expires.

FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.

FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.

68. Refer to the exhibit.

The exhibit shows proxy policies and proxy addresses, the authentication rule and authentication scheme, users, and firewall address.

An explicit web proxy is configured for subnet range 10.0.1.0/24 with three explicit web proxy policies. The authentication rule is configured to authenticate HTTP requests for subnet range 10.0.1.0/24 with a form-based authentication scheme for the FortiGate local user database. Users will be prompted for authentication.

How will FortiGate process the traffic when the HTTP request comes from a machine with the source IP 10.0.1.10 to the destination http:// www.fortinet.com? (Choose three.)

If a Mozilla Firefox browser is used with User-B credentials, the HTTP request will be allowed.

If a Google Chrome browser is used with User-B credentials, the HTTP request will be allowed.

If a Mozilla Firefox browser is used with User-A credentials, the HTTP request will be allowed.

If a Microsoft Internet Explorer browser is used with User-B credentials, the HTTP request will be allowed.

If a Mozilla Firefox browser is used with User-C credentials, the HTTP request will be denied.

69. When configuring a firewall virtual wire pair policy, which following statement is true?

Any number of virtual wire pairs can be included, as long as the policy traffic direction is the same.

Only a single virtual wire pair can be included in each policy.

Any number of virtual wire pairs can be included in each policy, regardless of the policy traffic direction settings.

Exactly two virtual wire pairs need to be included in each policy.

70. Which statements best describe auto discovery VPN (ADVPN). (Choose two.)

A. It requires the use of dynamic routing protocols so that spokes can learn the routes to other spokes.

B. ADVPN is only supported with IKEv2.

C. Tunnels are negotiated dynamically between spokes.

D. Every spoke requires a static tunnel to be configured to other spokes so that phase 1 and phase 2

proposals are defined in advance.

Page 8 of 8

71. Which statement is correct regarding the use of application control for inspecting web applications?

Application control can identify child and parent applications, and perform different actions on them

Application control signatures are included in Fortinet Antivirus engine

Application control does not display a replacement message for a blocked web application

Application control does not require SSL Inspection to Identity web applications

72. An administrator is configuring an Ipsec between site A and site B. The Remotes Gateway setting in both sites has been configured as Static IP Address. For site A, the local quick mode selector is 192.16.1.0/24 and the remote quick mode selector is 192.16.2.0/24.

How must the administrator configure the local quick mode selector for site B?

A. 192.16.3.0/24

B. 192.16.2.0/24

C. 192.16.1.0/24

D. 192.16.0.0/8

73. FortiGate is operating in NAT mode and has two physical interfaces connected to the LAN and DMZ networks respectively.

Which two statements are true about the requirements of connected physical interfaces on FortiGate? (Choose two.)

Both interfaces must have the interface role assigned

Both interfaces must have directly connected routes on the routing table

Both interfaces must have DHCP enabled

Both interfaces must have IP addresses assigned

74. A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.

All traffic must be routed through the primary tunnel when both tunnels are up. The secondary tunnel must be used only if the primary tunnel goes down. In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover.

Which two key configuration changes must the administrator make on FortiGate to meet the requirements? (Choose two.)

Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.

Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.

Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.

Enable Dead Peer Detection.

75. Refer to the exhibit.

The exhibit shows the FortiGuard Category Based Filter section of a corporate web filter profile.

An administrator must block access to download.com, which belongs to the Freeware and Software Downloads category. The administrator must also allow other websites in the same category.

What are two solutions for satisfying the requirement? (Choose two.)

Configure a separate firewall policy with action Deny and an FQDN address object for *. download, com as destination address.

Set the Freeware and Software Downloads category Action to Warning

Configure a web override rating for download, com and select Malicious Websites as the subcategory.

Configure a static URL filter entry for download, com with Type and Action set to Wildcard and Block, respectively.

76. FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface.

In this scenario, what are two requirements for the VLAN ID? (Choose two.)

The two VLAN subinterfaces can have the same VLAN ID, only if they have IP addresses in the same subnet.

The two VLAN subinterfaces can have the same VLAN ID, only if they belong to different VDOMs.

The two VLAN subinterfaces must have different VLAN IDs.

The two VLAN subinterfaces can have the same VLAN ID, only if they have IP addresses in different subnets.

77. Which three authentication timeout types are availability for selection on FortiGate? (Choose three.)

A. hard-timeout

B. auth-on-demand

C. soft-timeout

D. new-session

E. Idle-timeout

78. Which three strategies are valid SD-WAN rule strategies for member selection? (Choose three.)

Manual with load balancing

Lowest Cost (SLA) with load balancing

Best Quality with load balancing

Lowest Quality (SLA) with load balancing

Lowest Cost (SLA) without load balancing

79. A network administrator has configured an SSL/SSH inspection profile defined for full SSL inspection and set with a private CA certificate. The firewall policy that allows the traffic uses this profile for SSL inspection and performs web filtering. When visiting any HTTPS websites, the browser reports certificate warning errors.

What is the reason for the certificate warning errors?

The SSL cipher compliance option is not enabled on the SSL inspection profile. This setting is required when the SSL inspection profile is defined with a private CA certificate.

The certificate used by FortiGate for SSL inspection does not contain the required certificate extensions.

The browser does not recognize the certificate in use as signed by a trusted C

With full SSL inspection it is not possible to avoid certificate warning errors at the browser level.

TAGS:

FCP_FGT_AD-7.6, FCP_FGT_AD-7.6 exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Get FCP_FGT_AD-7.6 Dumps Full Version

Q&As: 267
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

2024 Fortinet FCP_FGT_AD-7.6 Exam Dumps Questions

Related

Posts

Use FCSS_SDW_AR-7.4 Dumps to Obtain Fortinet Certification

Use FCP_FGT_AD-7.6 Dumps to Obtain Fortinet Certification

Good FCSS_SDW_AR-7.4 Exam Dumps Save Your Preparation Time

Online FCSS_EFW_AD-7.4 Exam Dumps Help You Build Confidence

About Us

EMAIL

Services

Opening Hours