Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

FCP_FGT_AD-7.6 Questions and Answers

Question # 6

A FortiGate firewall policy is configured with active authentication, however, the user cannot authenticate when accessing a website.

Which protocol must FortiGate allow even though the user cannot authenticate?

A.

LDAP

B.

TACASC+

C.

Kerberos

D.

DNS

Full Access
Question # 7

Which three statements about SD-WAN performance SLAs are true? (Choose three.)

A.

They rely on session loss and jitter.

B.

They can be measured actively or passively.

C.

They are applied in a SD-WAN rule lowest cost strategy.

D.

They monitor the state of the FortiGate device.

E.

All the SLAtargets can be configured.

Full Access
Question # 8

An administrator wants to analyze and manage digital certificates to prevent browser warnings when users connect to the SSL VPN portal.

Which two statements describe how to correctly do this? (Choose two.)

A.

The administrator can rely on the default FortiGate self-signed certificate to prevent all security warnings in the browser.

B.

The administrator must disable HTTPS administrative access entirely to avoid certificate warnings.

C.

The administrator can use a publicly trusted certificate from a known certificate authority (CA) to stop browser warnings.

D.

The administrator can import the FortiGate self-signed certificate into each user’s browser as a trusted certificate.

Full Access
Question # 9

What are three key routing principles in SD-WAN? (Choose three.)

A.

By default. SD-WAN rules are skipped if the included SD-WAN members do not have a valid route to the destination.

B.

SD-WAN rules have precedence over any other type of routes.

C.

Regular policy routes have precedence over SD-WAN rules.

D.

By default. SD-WAN rules are skipped if only one route to the destination is available.

E.

By default. SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member.

Full Access
Question # 10

A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy.

When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and does not block the file, allowing it to be downloaded.

The administrator confirms that the traffic matches the configured firewall policy.

What are two reasons for the failed virus detection by FortiGate? (Choose two.)

A.

The selected SSL inspection profile has certificate inspection enabled.

B.

The website is exempted from SSL inspection.

C.

The El CAR test file exceeds the protocol options oversize limit.

D.

The browser does not trust the FortiGate self-signed CA certificate.

Full Access
Question # 11

Refer to the exhibit.

The exhibit shows theFortiGuard Category Based Filtersection of a corporate web filter profile.

An administrator must block access todownload.com, which belongs to theFreeware and Software Downloadscategory. The administrator must also allow other websites in the same category.

What are two solutions for satisfying the requirement? (Choose two.)

A.

Configure a static URL filter entry for download.com with Type and Action set to Wildcard and Block, respectively.

B.

Configure a web override rating for download.com and select Malicious Websites as the subcategory.

C.

Configure a separate firewall policy with action Deny and an FQDN address object for*.download.com as destination address.

D.

Set the Freeware and Software Downloads category Action to Warning.

Full Access
Question # 12

Refer to the exhibits.

The exhibits show the system performance output and default configuration of high memory usage thresholds on a FortiGate device.

Based on the system performance output, what are the two possible outcomes? (Choose two.)

A.

FortiGate has entered conserve mode.

B.

Administrators can access FortiGate only through the console port.

C.

Administrators can change the configuration.

D.

FortiGate drops new sessions.

Full Access
Question # 13

Refer to the exhibit, which shows a partial configuration from the remote authentication server.

Why does the FortiGate administrator need this configuration?

A.

To set up a RADIUS server Secret.

B.

To authenticate Any FortiGate user groups.

C.

To authenticate and match the Training OU on the RADIUS server.

D.

To authenticate only the Training user group.

Full Access