Weekend Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dumps65

DumpsWrap Logo

Fortinet FCP_FGT_AD-7.6 Dumps

Page: 1 / 5
Total 45 questions
Get FCP_FGT_AD-7.6 Full Access Download FCP_FGT_AD-7.6 PDF

FortiGate 7.6 Administrator FCP_FGT_AD-7.6 Questions and Answers

Question 1

What is the primary FortiGate election process when the HA override setting is enabled?

Options:

A.

Connected monitored ports > Priority > HA uptime > FortiGate serial number

B.

Connected monitored ports > Priority > System uptime > FortiGate serial number

C.

Connected monitored ports > HA uptime > Priority > FortiGate serial number

D.

Connected monitored ports > System uptime > Priority > FortiGate serial number

Question 2

Refer to the exhibits.

as

The exhibits show a diagram of a FortiGate device connected to the network, as well as the IP pool configuration and firewall policy objects.

TheWAN (port2)interface has the IP address100.65.0.101/24.

TheLAN (port4)interface has the IP address10.0.11.254/24.

Which IP address will be used to source NAT (SNAT) the traffic, if the user on

HQ-PC-1 (10.0.11.50) pings the IP address of BR-FGT (100.65.1.111)

Options:

A.

100.65.0.101

B.

100.65.0.49

C.

100.65.0.99

D.

100.65.0.149

Question 3

Refer to the exhibits.

as

The exhibits show a diagram of a FortiGate device connected to the network, and the firewall configuration.

An administrator created aDenypolicy with default settings to deny Webserver access forRemote-User2.

The policy should work such thatRemote-User1must be able to access the Webserver while preventingRemote-User2from accessing theWebserver.

Which additional configuration can the administrator add to a deny firewall policy, beyond the default behavior, to blockRemote-User2from accessing theWebserver?

Options:

A.

Disable match-vip in the Allow_access policy

B.

Configure a One-to-One IP Pool object in a new policy.

C.

Set the Destination address as Webserver in the Deny policy.

D.

Set the Destination address as Deny_IP in the Allow_access policy.

Question 4

FortiGate is operating in NAT mode and has two physical interfaces connected to the LAN and DMZ networks respectively.

Which two statements about the requirements of connected physical interfaces on FortiGate are true? (Choose two.)

Options:

A.

Both interfaces must have the interface role assigned.

B.

Both interfaces must have directly connected routes on the routing table.

C.

Both interfaces must have DHCP enabled and interfaces set to LAN and DMZ roles assigned.

D.

Both interfaces must have IP addresses assigned.

Question 5

Refer to the exhibits.

as

An administrator has observed the performance status outputs on an HA cluster for 55 seconds.

Which FortiGate is the primary?

Options:

A.

HQ-NGFW-2 with the parameter memory-failover-threshold setting

B.

HQ-NGFW-2 with the parameter priority setting

C.

HQ-NGFW-1 with the parameter memory-failover-flip-timeout setting

D.

HQ-NGFW-1 with the parameter override setting

Question 6

You have configured an application control profile, set peer-to-peer traffic to Block under the Categories tab, and applied it to the firewall policy. However, your peer-to-peer traffic on known ports is passing through the FortiGate without being blocked.

What FortiGate settings should you check to resolve this issue?

Options:

A.

FortiGuard category ratings

B.

Application and Filter Overrides

C.

Network Protocol Enforcement

D.

Replacement Messages for UDP-based Applications

Question 7

An administrator wants to analyze and manage digital certificates to prevent browser warnings when users connect to the SSL VPN portal.

Which two statements describe how to correctly do this? (Choose two.)

Options:

A.

The administrator can rely on the default FortiGate self-signed certificate to prevent all security warnings in the browser.

B.

The administrator must disable HTTPS administrative access entirely to avoid certificate warnings.

C.

The administrator can use a publicly trusted certificate from a known certificate authority (CA) to stop browser warnings.

D.

The administrator can import the FortiGate self-signed certificate into each user’s browser as a trusted certificate.

Question 8

An administrator wanted to configure an IPS sensor to block traffic that triggers a signature set number of times during a specific time period.

How can the administrator achieve the objective?

Options:

A.

Use IPS group signatures, set rate-mode 60.

B.

Use IPS packet logging option with periodical filter option.

C.

Use IPS filter, rate-mode periodical option.

D.

Use IPS filter, rate-mode periodical option.

Question 9

Refer to the exhibit.

as

The predefined deep-inspection and custom-deep-inspection profiles exclude some web categories from SSL inspection, as shown in the exhibit.

For which two reasons are these web categories exempted? (Choose two.)

Options:

A.

The FortiGate temporary certificate denies the browser’s access to websites that use HTTP Strict Transport Security.

B.

These websites are in an allowlist of reputable domain names maintained by FortiGuard.

C.

The resources utilization is optimized because these websites are in the trusted domain list on FortiGate.

D.

The legal regulation aims to prioritize user privacy and protect sensitive information for these websites.

Question 10

Refer to the exhibits.

as

The exhibits show the system performance output and default configuration of high memory usage thresholds on a FortiGate device.

Based on the system performance output, what are the two possible outcomes? (Choose two.)

Options:

A.

FortiGate has entered conserve mode.

B.

Administrators can access FortiGate only through the console port.

C.

Administrators can change the configuration.

D.

FortiGate drops new sessions.

Question 11

Refer to the exhibit.

as

The NOC team connects to the FortiGate GUI with theNOC_Accessadmin profile. They request that their GUI sessions do not disconnect too early during inactivity.

What must the administrator configure to answer this specific request from the NOC team?

Options:

A.

Move NOC_Access to the top of the list to ensure all profile settings take effect.

B.

Increase the offline value of the Override Idle Timeout parameter in the NOC_Access admin profile.

C.

Ensure that all NOC_Access users are assigned the super_admin role to guarantee access

D.

Increase the admintimeout value under config system accprofile NOC_Access.

Question 12

Which two statements are correct when FortiGate enters conserve mode? (Choose two.)

Options:

A.

FortiGate continues to run critical security actions, such as quarantine.

B.

FortiGate refuses to accept configuration changes.

C.

FortiGate halts complete system operation and requires a reboot to regain available resources.

D.

FortiGate continues to transmit packets without IPS inspection when the fail-open global setting in IPS is enabled.

Question 13

Refer to the exhibit.

as

The exhibit shows theFortiGuard Category Based Filtersection of a corporate web filter profile.

An administrator must block access todownload.com, which belongs to theFreeware and Software Downloadscategory. The administrator must also allow other websites in the same category.

What are two solutions for satisfying the requirement? (Choose two.)

Options:

A.

Configure a static URL filter entry for download.com with Type and Action set to Wildcard and Block, respectively.

B.

Configure a web override rating for download.com and select Malicious Websites as the subcategory.

C.

Configure a separate firewall policy with action Deny and an FQDN address object for*.download.com as destination address.

D.

Set the Freeware and Software Downloads category Action to Warning.

Load More FCP_FGT_AD-7.6 Questions
Page: 1 / 5
Total 45 questions
Get FCP_FGT_AD-7.6 Full Access Download FCP_FGT_AD-7.6 PDF