Big Halloween Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

FCP_FGT_AD-7.6 Questions and Answers

Question # 6

Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI.

Based on the exhibit, which statement is true?

A.

The Underlay zone is the zone by default.

B.

The Underlay zone contains no member.

C.

port2 and port3 are not assigned to a zone.

D.

The virtual-wan-link and overlay zones can be deleted.

Full Access
Question # 7

Refer to the exhibit.

What would be the impact of these settings on the Server certificate SNI check configuration on FortiGate?

A.

FortiGate will accept and use the CN in the server certificate for URL filtering if the SNI does not match the CN or SAN fields.

B.

FortiGate will accept the connection with a warning if the SNI does not match the CN or SAN fields.

C.

FortiGate will close the connection if the SNI does not match the CN or SAN fields.

D.

FortiGate will close the connection if the SNI does not match the CN and SAN fields

Full Access
Question # 8

You are analyzing connectivity problems caused by intermediate devices blocking traffic in SSL VPN environment.

In which two ways can you effectively resolve the problem? (Choose two.)

A.

You can turn off IKE fragmentation to fix large certificate negotiation problems.

B.

You should use IPsec to solve issues with fragment drops and large certificate exchanges.

C.

You can use SSL VPN tunnel mode to prevent problems with blocked ESP and UDP ports (500 or 4500).

D.

You can configure a hub-and-spoke topology with SSL VPN tunnels to bypass blocked UDP ports.

Full Access
Question # 9

You have configured the FortiGate device for FSSO. A user is successful in log-in to windows, but their access to the internet is denied.

What should the administrator check first?

A.

Whether the user is assigned to the correct AD group.

B.

The FortiGate firewall policy settings for SSL decryption.

C.

The FortiGate FSSO active users list for user’s IP address.

D.

The windows event viewer for failed login attempts.

Full Access
Question # 10

Refer to the exhibit.

An administrator has created a new firewall address to use as the destination for a static route.

Why is the administrator not able to select the new address in the Destination field of the new static route?

A.

In the new static route, the administrator must select Named Address.

B.

In the new firewall address, the FQDN address must first beresolved.

C.

In the new static route, the administrator must first set the interface to port2.

D.

In the new firewall address, Routing configuration must be enabled.

Full Access
Question # 11

You have configured the below commands on a FortiGate.

What would be the impact of this configuration on FortiGate?

A.

FortiGate will enable strict RPF on ail its interfaces and port1 will be enable for asymmetric routing.

B.

FortiGate will enable strict RPF on all its interfaces and port1 will be exempted from RPF checks.

C.

Port1 will be enabled with flexible RPF, and all other interfaces will be enabled for strict RPF

D.

The global configuration will take precedence and FortiGate will enable strict RPF on all interfaces.

Full Access
Question # 12

What is the primary FortiGate election process when the HA override setting is enabled?

A.

Connected monitored ports > Priority > HA uptime > FortiGate serial number

B.

Connected monitored ports > Priority > System uptime > FortiGate serial number

C.

Connected monitored ports > HA uptime > Priority > FortiGate serial number

D.

Connected monitored ports > System uptime > Priority > FortiGate serial number

Full Access
Question # 13

Refer to the exhibits.

An administrator configured the Web Filter Profile to block access to all social networking sites except Facebook. However, when users try to access Facebook.com, they are redirected to a FortiGuard web filtering block page.

Based on the exhibits, which configuration change must the administrator make to allow Facebook while blocking all other social networking sites?

A.

Change the Feature set of Web Filter Profile as Proxy-based.

B.

Set the Action as Exempt for www.facebook.com

in the Static URL Filter.

C.

Change the type as Simple in the Static URL Filter section.

D.

Set the Social Networking action as warning in the FortiGuard Category Based Filter.

Full Access
Question # 14

An administrator wanted to configure an IPS sensor to block traffic that triggers a signature set number of times during a specific time period.

How can the administrator achieve the objective?

A.

Use IPS group signatures, set rate-mode 60.

B.

Use IPS packet logging option with periodical filter option.

C.

Use IPS filter, rate-mode periodical option.

D.

Use IPS filter, rate-mode periodical option.

Full Access