DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Latest Fortinet FCP_FGT_AD-7.6 Free Exam Questions | SPOTO

SPOTO's latest exam dumps on the homepage, with a 100% pass rate! SPOTO delivers authentic Cisco CCNA, CCNP study materials, CCIE Lab solutions, PMP, CISA, CISM, AWS, and Palo Alto exam dumps. Our comprehensive study materials are meticulously aligned with the latest exam objectives. With a proven track record, we have enabled thousands of candidates worldwide to pass their IT certifications on their first attempt. Over the past 20+ years, SPOTO has successfully placed numerous IT professionals in Fortune 500 companies.
Take other online exams
Question #1
A network administrator is configuring an IPsec VPN tunnel for a sales employee travelling abroad. Which IPsec Wizard template must the administrator apply?
A. Remote Access
B. Site to Site
C. Dial up User
D. Hub-and-Spoke
View answer
Correct Answer: A
Question #2
Which two statements are correct regarding FortiGate FSSO agentless polling mode? (Choose two.)
A. FortiGate uses the AD server as the collector agentcorrect
B. FortiGate uses the SMB protocol to read the event viewer logs from the DCscorrect
C. FortiGate points the collector agent to use a remote LDAP server
D. FortiGate queries AD by using the LDAP to retrieve user group informationcorrect
View answer
Correct Answer: ABD
Question #3
Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)
A. The host field in the HTTP header
B. The server name indication (SNI) extension in the client hello message
C. The subject alternative name (SAN) field in the server certificate
D. The subject field in the server certificate
E. The serial number in the server certificate
View answer
Correct Answer: BCD
Question #4
What must you configure to enable proxy-based TCP session failover?
A. You must configure ha-configuration-sync under configure system ha
B. You do not need to configure anything because all TCP sessions are automatically failed over
C. You must configure session-pickup-enable under configure system ha
D. You must configure session-pickup-connectionless enable under configure system ha
View answer
Correct Answer: C
Question #5
Which additional load balancing method is supported in equal cost multipath (ECMP) load balancing when SD-WAN is enabled?
A. Volume basedcorrect
B. Source-destination IP based
C. Source IP based
D. Weight based
View answer
Correct Answer: A
Question #6
Refer to the exhibit. As an administrator you have created an IPS profile, but it is not performing as expected. While testing you got the output as shown in the exhibit. What could be the possible reason of the diagnose output shown in the exhibit?
A. There is a no firewall policy configured with an IPS security profile
B. FortiGate entered into IPS fail open state
C. Administrator entered the command diagnose test application ipsmonitor 5
D. Administrator entered the command diagnose test application ipsmonitor 99
View answer
Correct Answer: A
Question #7
Refer to the exhibits, which show the system performance output and the default configuration of high memory usage thresholds in a FortiGate. Based on the system performance output, what can be the two possible outcomes? (Choose two.)
A. FortiGate will start sending all files to FortiSandbox for inspection
B. FortiGate has entered conserve mode
C. Administrators cannot change the configuration
D. Administrators can access FortiGate onlythrough the console port
View answer
Correct Answer: BD
Question #8
An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel. Which DPD mode on FortiGate will meet the above requirement?
A. Disabled
B. On Demand
C. Enabled
D. On Idlecorrect
View answer
Correct Answer: D
Question #9
A network administrator is configuring an IPsec VPN tunnel for a sales employee travelling abroad. Which IPsec Wizard template must the administrator apply?
A. Remote Access
B. Site to Site
C. Dial up User
D. Hub-and-Spoke
View answer
Correct Answer: A
Question #10
Refer to the exhibits. The exhibits show the SSL and authentication policy (Exhibit A) and the security policy (Exhibit B) for Facebook. Users are given access to the Facebook web application. They can play video content hosted on Facebook, but they are unable to leave reactions on videos or other types of posts. Which part of the policy configuration must you change to resolve the issue?
A. Force access to Facebook using the HTTP service
B. Make the SSL inspection a deep content inspection
C. Add Facebook in the URL category in the security policy
D. Get the additional application signatures required to add to the security policy
View answer
Correct Answer: B
Question #11
Refer to the exhibit showing a debug flow output. What two conclusions can you make from the debug flow output? (Choose two.)
A. The debug flow is for ICMP traffic
B. The default route is required to receive a reply
C. A new traffic session was created
D. A firewall policy allowed the connection
View answer
Correct Answer: AC
Question #12
An administrator needs to inspect all web traffic (including Internet web traffic) coming from users connecting to the SSL-VPN. How can this be achieved?
A. Assigning public IP addresses to SSL-VPN users
B. Configuring web bookmarks
C. Disabling split tunnelingcorrect
D. Using web-only mode
View answer
Correct Answer: C
Question #13
Which two configuration settings are global settings? (Choose two.)
A. User & Device settingscorrect
B. Firewall policies
C. HA settingscorrect
D. FortiGuard settingscorrect
View answer
Correct Answer: ACD
Question #14
Which three CLI commands, can you use to troubleshoot Layer 3 issues if the issue is in neither the physical layer nor the link layer? (Choose three.)
A. execute ping
B. execute traceroute
C. diagnose sys top
D. get system arp
E. diagnose sniffer packet any
View answer
Correct Answer: ABE
Question #15
FortiGate is operating in NAT mode and has two physical interfaces connected to the LAN and DMZ networks respectively.Which two statements are true about the requirements of connected physical interfaces on FortiGate? (Choose two.)
A. Both interfaces must have the interface role assigned
B. Both interfaces must have directly connected routes on the routing table
C. Both interfaces must have DHCP enabled
D. Both interfaces must have IP addresses assigned
View answer
Correct Answer: BD
Question #16
Refer to the exhibit. In the network shown in the exhibit, the web client cannot connect to the HTTP web server. The administrator runs the FortiGate built-in sniffer and gets the output shown in the exhibit. What should the administrator do next, to troubleshoot the problem?
A. Execute a debug flow
B. Capture the traffic using an external sniffer connected to port1
C. Execute another sniffer on FortiGate, this time with the filter "host 10
D. Run a sniffer on the web server
View answer
Correct Answer: A
Question #17
Refer to the exhibit. Which two statements are true about the routing entries in this database table? (Choose two.)
A. All of the entries in the routing database table are installed in the FortiGate routing table
B. The port2 interface is marked as inactive
C. Both default routes have different administrative distances
D. The default route on port2 is marked as the standby route
View answer
Correct Answer: CD
Question #18
You have created a web filter profile named restrict_media-profile with a daily category usage quota. When you are adding the profile to the firewall policy, the restrict_media-profile is not listed in the available web profile drop down. What could be the reason?
A. The firewall policy is in no-inspection mode instead of deep-inspection
B. The inspection mode in the firewall policy is not matching with web filter profile feature set
C. The web filter profile is already referenced in another firewall policy
D. The naming convention used in the web filter profile is restricting it in the firewall policy
View answer
Correct Answer: B
Question #19
Which three methods are used by the collector agent for AD polling? (Choose three.)
A. WMI
B. FortiGate polling
C. WinSecLog
D. FSSO REST API
E. NetAPI
View answer
Correct Answer: ACE
Question #20
View the exhibit. Which two behaviors result from this full (deep) SSL configuration? (Choose two.)
A. The browser bypasses all certificate warnings and allows the connection
B. A temporary trusted FortiGate certificate replaces the server certificate, even when the server certificate is untrusted
C. A temporary trusted FortiGate certificate replaces the server certificate when the server certificate is trusted
D. A temporary untrusted FortiGate certificate replaces the server certificate when the server certificate is untrusted
View answer
Correct Answer: ACD
Question #21
FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface. In this scenario, what are two requirements for the VLAN ID? (Choose two.)
A. The two VLAN subinterfaces can have the same VLAN ID, only if they have IP addresses in the same subnet
B. The two VLAN subinterfaces can have the same VLAN ID, only if they belong to different VDOMs
C. The two VLAN subinterfaces must have different VLAN IDs
D. The two VLAN subinterfaces can have the same VLAN ID, only if they have IP addresses indifferent subnets
View answer
Correct Answer: ABC
Question #22
An administrator has configured a strict RPF check on FortiGate. How does strict RPF check work?
A. Strict RPF allows packets back to sources with all active routes
B. Strict RPF checks the best route back to the source using the incoming interface
C. Strict RPF checks only for the existence of at least one active route back to the source using the incoming interface
D. Strict RPF check is run on the first sent and reply packet of any new session
View answer
Correct Answer: B
Question #23
An administrator has configured the following settings: config system settings set ses-denied-traffic enable end config system global set block-session-timer 30 end What are the two results of this configuration? (Choose two.)
A. Device detection on all interfaces is enforced for 30 seconds
B. Denied users are blocked for 30 seconds
C. The number of logs generated by denied traffic is reduced
D. A session for denied traffic is created
View answer
Correct Answer: ACD
Question #24
You have configured the FortiGate device for FSSO. A user is successful in log-in to windows, but their access to the internet is denied. What should the administrator check first?
A. Whether the user is assigned to the correct AD group
B. The FortiGate firewall policy settings for SSL decryption
C. The FortiGate FSSO active users list for user's IP address
D. The windows event viewer for failed login attempts
View answer
Correct Answer: C
Question #25
A network administrator is configuring an IPsec VPN tunnel for a sales employee travelling abroad. Which IPsec Wizard template must the administrator apply?
A. Remote Access
B. Site to Site
C. Dial up User
D. iHub - and - Spoke
View answer
Correct Answer: A
Question #26
Which engine handles application control traffic on the next-generation firewall (NGFW) FortiGate?
A. Antivirus engine
B. Intrusion prevention system enginecorrect
C. Flow engine
D. Detection engine
View answer
Correct Answer: B
Question #27
Refer to the exhibit. Which two statements are true about the routing entries in this database table? (Choose two.)
A. All of the entries in the routing database table are installed in the FortiGate routing table
B. The port2 interface is marked as inactive
C. Both default routes have different administrative distances
D. The default route on porc2 is marked as the standby route
View answer
Correct Answer: CD
Question #28
Which three methods can you use to deliver the token code to a user who is configured to use two-factor authentication? (Choose three.)
A. Instant message appcorrect
B. FortiTokencorrect
C. Emailcorrect
D. Voicemail message
E. SMS text messagecorrect
View answer
Correct Answer: ABCE
Question #29
Which two statements are true about an HA cluster? (Choose two.)
A. An HA cluster cannot have both in-band and out-of-band management interfaces at the same time
B. Link failover triggers a failover if the administrator sets the interface down on the primary device
C. When sniffing the heartbeat interface, the administrator must see the IP address 169
D. HA incremental synchronization includes FIB entries and IPsec SAs
View answer
Correct Answer: BD
Question #30
Refer to the exhibit. Which statement about the configuration settings is true?
A. When a remote user accesses http://10
B. When a remote user accesses https://10
C. When a remote user accesses https://10
D. The settings are invalid
View answer
Correct Answer: B

View The Updated Fortinet Exam Questions

SPOTO Provides 100% Real Fortinet Exam Questions for You to Pass Your Fortinet Exam!

Get Fortinet Practice Test

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.