Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

FCP_FGT_AD-7.6 FortiGate 7.6 Administrator FCP_FGT_AD-7.6 Questions and Answers

Questions 4

Which two statements are true about an HA cluster? (Choose two.)

Options:

A.

An HA cluster cannot have both in-band and out-of-band management interfaces at the same time.

B.

Link failover triggers a failover if the administrator sets the interface down on the primary device.

C.

When sniffing the heartbeat interface, the administrator must see the IP address 169.254.0.2.

D.

HA incremental synchronization includes FIB entries and IPsec SAs.

Buy Now
Questions 5

Refer to the exhibits.

An administrator has observed the performance status outputs on an HA cluster for 55 seconds.

Which FortiGate is the primary?

Options:

A.

HQ-NGFW-2 with the parameter memory-failover-threshold setting

B.

HQ-NGFW-2 with the parameter priority setting

C.

HQ-NGFW-1 with the parameter memory-failover-flip-timeout setting

D.

HQ-NGFW-1 with the parameter override setting

Buy Now
Questions 6

Refer to the exhibit, which shows a partial configuration from the remote authentication server.

Why does the FortiGate administrator need this configuration?

Options:

A.

To set up a RADIUS server Secret.

B.

To authenticate Any FortiGate user groups.

C.

To authenticate and match the Training OU on the RADIUS server.

D.

To authenticate only the Training user group.

Buy Now
Questions 7

An administrator wanted to configure an IPS sensor to block traffic that triggers a signature set number of times during a specific time period.

How can the administrator achieve the objective?

Options:

A.

Use IPS group signatures, set rate-mode 60.

B.

Use IPS packet logging option with periodical filter option.

C.

Use IPS filter, rate-mode periodical option.

D.

Use IPS filter, rate-mode periodical option.

Buy Now
Questions 8

A remote user reports slow SSL VPN performance and frequent disconnections. The user is located in an area with poor internet connectivity.

What setting should the administrator adjust to improve the user's experience?

Options:

A.

Enable split tunneling to reduce VPN traffic.

B.

Change the SSL VPN port to a non-standard port.

C.

Increase the session timeout for inactive sessions.

D.

Configure the DTLS timeout to accommodate high-latency connections.

Buy Now
Questions 9

Refer to the exhibit.

The predefined deep-inspection and custom-deep-inspection profiles exclude some web categories from SSL inspection, as shown in the exhibit.

For which two reasons are these web categories exempted? (Choose two.)

Options:

A.

The FortiGate temporary certificate denies the browser’s access to websites that use HTTP Strict Transport Security.

B.

These websites are in an allowlist of reputable domain names maintained by FortiGuard.

C.

The resources utilization is optimized because these websites are in the trusted domain list on FortiGate.

D.

The legal regulation aims to prioritize user privacy and protect sensitive information for these websites.

Buy Now
Questions 10

FortiGate is operating in NAT mode and has two physical interfaces connected to the LAN and DMZ networks respectively.

Which two statements about the requirements of connected physical interfaces on FortiGate are true? (Choose two.)

Options:

A.

Both interfaces must have the interface role assigned.

B.

Both interfaces must have directly connected routes on the routing table.

C.

Both interfaces must have DHCP enabled and interfaces set to LAN and DMZ roles assigned.

D.

Both interfaces must have IP addresses assigned.

Buy Now
Questions 11

Refer to the exhibits.

The exhibits show a diagram of a FortiGate device connected to the network, and the firewall configuration.

An administrator created aDenypolicy with default settings to deny Webserver access forRemote-User2.

The policy should work such thatRemote-User1must be able to access the Webserver while preventingRemote-User2from accessing theWebserver.

Which additional configuration can the administrator add to a deny firewall policy, beyond the default behavior, to blockRemote-User2from accessing theWebserver?

Options:

A.

Disable match-vip in the Allow_access policy

B.

Configure a One-to-One IP Pool object in a new policy.

C.

Set the Destination address as Webserver in the Deny policy.

D.

Set the Destination address as Deny_IP in the Allow_access policy.

Buy Now
Questions 12

When configuring a FortiGate in a multi-WAN setup, why would an administrator enable session preservation on an interface?

Options:

A.

To allow the FortiGate to dynamically change interfaces for all active sessions when a WAN link fails

B.

To make sure all sessions without source NAT enabled always use the primary WAN link

C.

To improve security by forcing users to authenticate again when the WAN link changes

D.

To ensure that existing SSL VPN connections remain on the same interface even if route changes occur

Buy Now
Questions 13

Refer to the exhibits.

An administrator wants to add HQ-ISFW-2 in the Security Fabric. HQ-ISFW-2 is in the same subnet as HQ-ISFW. After configuring the Security Fabric settings on HQ-ISFW-2, the status staysPending.

What can be the two possible reasons? (Choose two.)

Options:

A.

Upstream FortiGate IP must be set to 10.0.11.254.

B.

SAML Single Sign-On must be set to Manual.

C.

HQ-ISFW-2 must be authorized on HQ-ISFW.

D.

Management IP must be set to 10.0.13.254.

Buy Now

Network Security |

Exam Code: FCP_FGT_AD-7.6
Exam Name: FortiGate 7.6 Administrator FCP_FGT_AD-7.6
Last Update: Jul 5, 2025
Questions: 45
FCP_FGT_AD-7.6 pdf

FCP_FGT_AD-7.6 PDF

$25.5  $84.99
 Add to Cart
FCP_FGT_AD-7.6 Engine

FCP_FGT_AD-7.6 Testing Engine

$30  $99.99
 Add to Cart
FCP_FGT_AD-7.6 PDF + Engine

FCP_FGT_AD-7.6 PDF + Testing Engine

$40.5  $134.99
 Add to Cart