1. Home
  2. Fortinet
  3. Network Security
  4. FCP_FGT_AD-7.6
  5. FortiGate 7.6 Administrator FCP_FGT_AD-7.6 Questions and Answers

Pass the Fortinet Network Security FCP_FGT_AD-7.6 Questions and answers with CertsForce

 Fortinet Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions
Questions # 1:

Refer to the exhibits.

Question # 1

The exhibits show a diagram of a FortiGate device connected to the network, and the firewall configuration.

An administrator created aDenypolicy with default settings to deny Webserver access forRemote-User2.

The policy should work such thatRemote-User1must be able to access the Webserver while preventingRemote-User2from accessing theWebserver.

Which additional configuration can the administrator add to a deny firewall policy, beyond the default behavior, to blockRemote-User2from accessing theWebserver?

Options:
A.

Disable match-vip in the Allow_access policy

B.

Configure a One-to-One IP Pool object in a new policy.

C.

Set the Destination address as Webserver in the Deny policy.

D.

Set the Destination address as Deny_IP in the Allow_access policy.

Expert Solution
Questions # 2:

A FortiGate firewall policy is configured with active authentication, however, the user cannot authenticate when accessing a website.

Which protocol must FortiGate allow even though the user cannot authenticate?

Options:
A.

LDAP

B.

TACASC+

C.

Kerberos

D.

DNS

Expert Solution
Questions # 3:

An administrator wants to analyze and manage digital certificates to prevent browser warnings when users connect to the SSL VPN portal.

Which two statements describe how to correctly do this? (Choose two.)

Options:
A.

The administrator can rely on the default FortiGate self-signed certificate to prevent all security warnings in the browser.

B.

The administrator must disable HTTPS administrative access entirely to avoid certificate warnings.

C.

The administrator can use a publicly trusted certificate from a known certificate authority (CA) to stop browser warnings.

D.

The administrator can import the FortiGate self-signed certificate into each user’s browser as a trusted certificate.

Expert Solution
Questions # 4:

Refer to the exhibit.

Question # 4

An administrator has created a new firewall address to use as the destination for a static route.

Why is the administrator not able to select the new address in theDestinationfield of the new static route?

Options:
A.

In the new static route, the administrator must select Named Address.

B.

In the new firewall address, the FQDN address must first beresolved.

C.

In the new static route, the administrator must first set the interface to port2.

D.

In the new firewall address, Routing configuration must be enabled.

Expert Solution
Questions # 5:

Refer to the exhibit, which shows a partial configuration from the remote authentication server.

Question # 5

Why does the FortiGate administrator need this configuration?

Options:
A.

To set up a RADIUS server Secret.

B.

To authenticate Any FortiGate user groups.

C.

To authenticate and match the Training OU on the RADIUS server.

D.

To authenticate only the Training user group.

Expert Solution
Questions # 6:

You have created a web filter profile named restrict_media-profile with a daily category usage quota.

When you are adding the profile to the firewall policy, the restrict_media-profile is not listed in the available web profile drop down.

What could be the reason?

Options:
A.

The firewall policy is in no-inspection mode instead of deep-inspection.

B.

The inspection mode in the firewall policy is not matching with web filter profile feature set.

C.

The web filter profile is already referenced in another firewall policy.

D.

The naming convention used in the web filter profile is restricting it in the firewall policy.

Expert Solution
Questions # 7:

Refer to the exhibit.

Question # 7

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.

Based on the phase 2 configuration shown in the exhibit, which two configuration changes will bring phase 2 up? (Choose two.)

Options:
A.

On BR1-FGT, set Seconds to 43200.

B.

On HQ-NGFW, enable Diffie-Hellman Group 2.

C.

On BR1-FGT, set Remote Address to 10.0.11.0/255.255.255.0

D.

On HQ-NGFW. set Encryption to AES256

Expert Solution
Questions # 8:

Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

Options:
A.

The collector agent uses a Windows API to query DCs for user logins.

B.

NetAPI polling can increase bandwidth usage in large networks.

C.

The NetSessionEnum function is used to track user logouts.

D.

The collector agent must search Windows application event logs.

Expert Solution
Questions # 9:

Refer to the exhibit.

Question # 9

The NOC team connects to the FortiGate GUI with theNOC_Accessadmin profile. They request that their GUI sessions do not disconnect too early during inactivity.

What must the administrator configure to answer this specific request from the NOC team?

Options:
A.

Move NOC_Access to the top of the list to ensure all profile settings take effect.

B.

Increase the offline value of the Override Idle Timeout parameter in the NOC_Access admin profile.

C.

Ensure that all NOC_Access users are assigned the super_admin role to guarantee access

D.

Increase the admintimeout value under config system accprofile NOC_Access.

Expert Solution
Questions # 10:

Refer to the exhibits.

Question # 10

An administrator has observed the performance status outputs on an HA cluster for 55 seconds.

Which FortiGate is the primary?

Options:
A.

HQ-NGFW-2 with the parameter memory-failover-threshold setting

B.

HQ-NGFW-2 with the parameter priority setting

C.

HQ-NGFW-1 with the parameter memory-failover-flip-timeout setting

D.

HQ-NGFW-1 with the parameter override setting

Expert Solution
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions