FCP_FGT_AD-7.6 Fortinet FortiGate 7.6 Administrator FCP_FGT

FortiGate 7.6 Administrator FCP_FGT_AD-7.6

Last Update 1 week ago Total Questions : 45

The FortiGate 7.6 Administrator FCP_FGT_AD-7.6 content is now fully updated, with all current exam questions added 1 week ago. Deciding to include FCP_FGT_AD-7.6 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our FCP_FGT_AD-7.6 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these FCP_FGT_AD-7.6 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any FortiGate 7.6 Administrator FCP_FGT_AD-7.6 practice test comfortably within the allotted time.

Question # 4

You have configured an application control profile, set peer-to-peer traffic to Block under the Categories tab, and applied it to the firewall policy. However, your peer-to-peer traffic on known ports is passing through the FortiGate without being blocked.

What FortiGate settings should you check to resolve this issue?

FortiGuard category ratings

Application and Filter Overrides

Network Protocol Enforcement

Replacement Messages for UDP-based Applications

Question # 5

An administrator suspects that the Collector Agent is not forwarding login events to FortiGate.

What is the most effective troubleshooting step?

Verify if DC agent is enabled on the FortiGate.

Restart the domain controller to refresh authentication services.

Verify if FortiGate is set to use LDAP authentication instead of FSSO.

Check if TCP port 8000 is open between the collector agent and FortiGate.

Question # 6

When configuring a FortiGate in a multi-WAN setup, why would an administrator enable session preservation on an interface?

To allow the FortiGate to dynamically change interfaces for all active sessions when a WAN link fails

To make sure all sessions without source NAT enabled always use the primary WAN link

To improve security by forcing users to authenticate again when the WAN link changes

To ensure that existing SSL VPN connections remain on the same interface even if route changes occur

Question # 7

Refer to the exhibit.

The predefined deep-inspection and custom-deep-inspection profiles exclude some web categories from SSL inspection, as shown in the exhibit.

For which two reasons are these web categories exempted? (Choose two.)

The FortiGate temporary certificate denies the browser’s access to websites that use HTTP Strict Transport Security.

These websites are in an allowlist of reputable domain names maintained by FortiGuard.

The resources utilization is optimized because these websites are in the trusted domain list on FortiGate.

The legal regulation aims to prioritize user privacy and protect sensitive information for these websites.

Question # 8

A network administrator is reviewing firewall policies in both Interface Pair View and By Sequence View. The policies appear in a different order in each view.

Why is the policy order different in these two views?

Policies in Interface Pair View are prioritized by security levels, while By Sequence View strictly follows the administrator’s manual ordering.

By Sequence View groups policies based on rule priority, while Interface Pair View always follows the order of traffic logs.

The firewall dynamically reorders policies in Interface Pair View based on recent traffic patterns, but By Sequence View remains static.

Interface Pair View sorts policies based on matching interfaces, while By Sequence View shows the actual processing order of rules.

Question # 9

A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy.

When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and does not block the file, allowing it to be downloaded.

The administrator confirms that the traffic matches the configured firewall policy.

What are two reasons for the failed virus detection by FortiGate? (Choose two.)

The selected SSL inspection profile has certificate inspection enabled.

The website is exempted from SSL inspection.

The El CAR test file exceeds the protocol options oversize limit.

The browser does not trust the FortiGate self-signed CA certificate.

Question # 10

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.

Based on the phase 2 configuration shown in the exhibit, which two configuration changes will bring phase 2 up? (Choose two.)

On BR1-FGT, set Seconds to 43200.

On HQ-NGFW, enable Diffie-Hellman Group 2.

On BR1-FGT, set Remote Address to 10.0.11.0/255.255.255.0

On HQ-NGFW. set Encryption to AES256