CertsTopics Logo

Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free and Premium Fortinet FCP_FGT_AD-7.6 Dumps Questions Answers

Page: 1 / 3
Total 45 questions
Get FCP_FGT_AD-7.6 Full Access Download FCP_FGT_AD-7.6 PDF

FortiGate 7.6 Administrator FCP_FGT_AD-7.6 Questions and Answers

Question 1

You have configured an application control profile, set peer-to-peer traffic to Block under the Categories tab, and applied it to the firewall policy. However, your peer-to-peer traffic on known ports is passing through the FortiGate without being blocked.

What FortiGate settings should you check to resolve this issue?

Options:

A.

FortiGuard category ratings

B.

Application and Filter Overrides

C.

Network Protocol Enforcement

D.

Replacement Messages for UDP-based Applications

Buy Now
Question 2

A FortiGate firewall policy is configured with active authentication, however, the user cannot authenticate when accessing a website.

Which protocol must FortiGate allow even though the user cannot authenticate?

Options:

A.

LDAP

B.

TACASC+

C.

Kerberos

D.

DNS

Question 3

Which two statements about equal-cost multi-path (ECMP) configuration on FortiGate are true? (Choose two.)

Options:

A.

If SD-WAN is disabled, you can configure the parameter v4-ecmp-mode to volume-based.

B.

If SD-WAN is enabled, you can configure routes with unequal distance and priority values to be part of ECMP.

C.

If SD-WAN is disabled, you configure the load balancing algorithm in config system settings.

D.

If SD-WAN is enabled, you control the load balancing algorithm with the parameter load-balance-mode.

Question 4

Refer to the exhibits.

An administrator wants to add HQ-ISFW-2 in the Security Fabric. HQ-ISFW-2 is in the same subnet as HQ-ISFW. After configuring the Security Fabric settings on HQ-ISFW-2, the status staysPending.

What can be the two possible reasons? (Choose two.)

Options:

A.

Upstream FortiGate IP must be set to 10.0.11.254.

B.

SAML Single Sign-On must be set to Manual.

C.

HQ-ISFW-2 must be authorized on HQ-ISFW.

D.

Management IP must be set to 10.0.13.254.

Question 5

Refer to the exhibit, which shows a partial configuration from the remote authentication server.

Why does the FortiGate administrator need this configuration?

Options:

A.

To set up a RADIUS server Secret.

B.

To authenticate Any FortiGate user groups.

C.

To authenticate and match the Training OU on the RADIUS server.

D.

To authenticate only the Training user group.

Question 6

You have configured the FortiGate device for FSSO. A user is successful in log-in to windows, but their access to the internet is denied.

What should the administrator check first?

Options:

A.

Whether the user is assigned to the correct AD group.

B.

The FortiGate firewall policy settings for SSL decryption.

C.

The FortiGate FSSO active users list for user’s IP address.

D.

The windows event viewer for failed login attempts.

Question 7

An administrator wanted to configure an IPS sensor to block traffic that triggers a signature set number of times during a specific time period.

How can the administrator achieve the objective?

Options:

A.

Use IPS group signatures, set rate-mode 60.

B.

Use IPS packet logging option with periodical filter option.

C.

Use IPS filter, rate-mode periodical option.

D.

Use IPS filter, rate-mode periodical option.

Question 8

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.

Based on the phase 2 configuration shown in the exhibit, which two configuration changes will bring phase 2 up? (Choose two.)

Options:

A.

On BR1-FGT, set Seconds to 43200.

B.

On HQ-NGFW, enable Diffie-Hellman Group 2.

C.

On BR1-FGT, set Remote Address to 10.0.11.0/255.255.255.0

D.

On HQ-NGFW. set Encryption to AES256

Question 9

Refer to the exhibit.

Based on this partial configuration, what are the two possible outcomes when FortiGate enters conserve mode? (Choose two.)

Options:

A.

Administrators cannot change the configuration.

B.

FortiGate skips quarantine actions.

C.

Administrators must restart FortiGate to allow new session.

D.

FortiGate drops new sessions requiring inspection.

Question 10

Which two statements are true about an HA cluster? (Choose two.)

Options:

A.

An HA cluster cannot have both in-band and out-of-band management interfaces at the same time.

B.

Link failover triggers a failover if the administrator sets the interface down on the primary device.

C.

When sniffing the heartbeat interface, the administrator must see the IP address 169.254.0.2.

D.

HA incremental synchronization includes FIB entries and IPsec SAs.

Question 11

You have created a web filter profile named restrict_media-profile with a daily category usage quota.

When you are adding the profile to the firewall policy, the restrict_media-profile is not listed in the available web profile drop down.

What could be the reason?

Options:

A.

The firewall policy is in no-inspection mode instead of deep-inspection.

B.

The inspection mode in the firewall policy is not matching with web filter profile feature set.

C.

The web filter profile is already referenced in another firewall policy.

D.

The naming convention used in the web filter profile is restricting it in the firewall policy.

Question 12

An administrator wants to analyze and manage digital certificates to prevent browser warnings when users connect to the SSL VPN portal.

Which two statements describe how to correctly do this? (Choose two.)

Options:

A.

The administrator can rely on the default FortiGate self-signed certificate to prevent all security warnings in the browser.

B.

The administrator must disable HTTPS administrative access entirely to avoid certificate warnings.

C.

The administrator can use a publicly trusted certificate from a known certificate authority (CA) to stop browser warnings.

D.

The administrator can import the FortiGate self-signed certificate into each user’s browser as a trusted certificate.

Question 13

An administrator suspects that the Collector Agent is not forwarding login events to FortiGate.

What is the most effective troubleshooting step?

Options:

A.

Verify if DC agent is enabled on the FortiGate.

B.

Restart the domain controller to refresh authentication services.

C.

Verify if FortiGate is set to use LDAP authentication instead of FSSO.

D.

Check if TCP port 8000 is open between the collector agent and FortiGate.

Exam Detail
Vendor: Fortinet
Certification: Network Security
Exam Code: FCP_FGT_AD-7.6
Exam Name: FortiGate 7.6 Administrator FCP_FGT_AD-7.6
Last Update: Jul 3, 2025
FCP_FGT_AD-7.6 Question Answers
Page: 1 / 3
Total 45 questions
Get FCP_FGT_AD-7.6 Full Access Download FCP_FGT_AD-7.6 PDF