Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Fortinet
  3. Network Security
  4. FCP_FGT_AD-7.6
  5. FortiGate 7.6 Administrator FCP_FGT_AD-7.6 Questions and Answers

Pass the Fortinet Network Security FCP_FGT_AD-7.6 Questions and answers with ValidTests

Exam FCP_FGT_AD-7.6 All Questions
Exam FCP_FGT_AD-7.6 Premium Access

View all detail and faqs for the FCP_FGT_AD-7.6 exam

Go to Exam
Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions
Questions # 11:

A remote user reports slow SSL VPN performance and frequent disconnections. The user is located in an area with poor internet connectivity.

What setting should the administrator adjust to improve the user's experience?

Options:

A.

Enable split tunneling to reduce VPN traffic.

B.

Change the SSL VPN port to a non-standard port.

C.

Increase the session timeout for inactive sessions.

D.

Configure the DTLS timeout to accommodate high-latency connections.

Expert Solution
Questions # 12:

Refer to the exhibits.

Question # 12

Based on the current HA status, an administrator updates theoverrideandpriorityparameters on HQ-NGFW-1 and HQ-NGFW-2 as shown in the exhibit.

What would be the expected outcome in the HA cluster?

Options:

A.

HQ-NGFW-1 will synchronize the override disable setting with HQ-NGFW-2.

B.

HQ-NGFW-2 will take over as the primary because it has the override enable setting and higher priority than HQ-NGFW-1.

C.

HQ-NGFW-1 will remain the primary because HQ-NGFW-2 has lower priority.

D.

The HA cluster will become out of sync because the override setting must match on all HA members.

Expert Solution
Questions # 13:

Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI.

Question # 13

Based on the exhibit, which statement is true?

Options:

A.

The Underlay zone is the zone by default.

B.

The Underlay zone contains no member.

C.

port2 and port3 are not assigned to a zone.

D.

The virtual-wan-link and overlay zones can be deleted.

Expert Solution
Questions # 14:

Which two statements about equal-cost multi-path (ECMP) configuration on FortiGate are true? (Choose two.)

Options:

A.

If SD-WAN is disabled, you can configure the parameter v4-ecmp-mode to volume-based.

B.

If SD-WAN is enabled, you can configure routes with unequal distance and priority values to be part of ECMP.

C.

If SD-WAN is disabled, you configure the load balancing algorithm in config system settings.

D.

If SD-WAN is enabled, you control the load balancing algorithm with the parameter load-balance-mode.

Expert Solution
Questions # 15:

Refer to the exhibits.

Question # 15

An administrator wants to add HQ-ISFW-2 in the Security Fabric. HQ-ISFW-2 is in the same subnet as HQ-ISFW. After configuring the Security Fabric settings on HQ-ISFW-2, the status stays Pending.

What can be the two possible reasons? (Choose two.)

Options:

A.

Upstream FortiGate IP must be set to 10.0.11.254.

B.

SAML Single Sign-On must be set to Manual.

C.

HQ-ISFW-2 must be authorized on HQ-ISFW.

D.

Management IP must be set to 10.0.13.254.

Expert Solution
Questions # 16:

Which three statements explain a flow-based antivirus profile? (Choose three.)

Options:

A.

FortiGate buffers the whole file but transmits to the client at the same time.

B.

Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection.

C.

If a virus is detected, the last packet is delivered to the client.

D.

Flow-based inspection optimizes performance compared to proxy-based inspection.

E.

The IPS engine handles the process as a standalone.

Expert Solution
Questions # 17:

Refer to the exhibit.

Question # 17

An administrator has created a new firewall address to use as the destination for a static route.

Why is the administrator not able to select the new address in the Destination field of the new static route?

Options:

A.

In the new static route, the administrator must select Named Address.

B.

In the new firewall address, the FQDN address must first beresolved.

C.

In the new static route, the administrator must first set the interface to port2.

D.

In the new firewall address, Routing configuration must be enabled.

Expert Solution
Questions # 18:

You are analyzing connectivity problems caused by intermediate devices blocking traffic in SSL VPN environment.

In which two ways can you effectively resolve the problem? (Choose two.)

Options:

A.

You can turn off IKE fragmentation to fix large certificate negotiation problems.

B.

You should use IPsec to solve issues with fragment drops and large certificate exchanges.

C.

You can use SSL VPN tunnel mode to prevent problems with blocked ESP and UDP ports (500 or 4500).

D.

You can configure a hub-and-spoke topology with SSL VPN tunnels to bypass blocked UDP ports.

Expert Solution
Questions # 19:

You have configured an application control profile, set peer-to-peer traffic to Block under the Categories tab, and applied it to the firewall policy. However, your peer-to-peer traffic on known ports is passing through the FortiGate without being blocked.

What FortiGate settings should you check to resolve this issue?

Options:

A.

FortiGuard category ratings

B.

Application and Filter Overrides

C.

Network Protocol Enforcement

D.

Replacement Messages for UDP-based Applications

Expert Solution
Questions # 20:

A FortiGate firewall policy is configured with active authentication, however, the user cannot authenticate when accessing a website.

Which protocol must FortiGate allow even though the user cannot authenticate?

Options:

A.

LDAP

B.

TACASC+

C.

Kerberos

D.

DNS

Expert Solution
Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions