Weekend Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

FCP_FGT_AD-7.6 FortiGate 7.6 Administrator FCP_FGT_AD-7.6 Questions and Answers

Questions 4

Refer to the exhibits.

FCP_FGT_AD-7.6 Question 4

An administrator wants to add HQ-ISFW-2 in the Security Fabric. HQ-ISFW-2 is in the same subnet as HQ-ISFW. After configuring the Security Fabric settings on HQ-ISFW-2, the status staysPending.

What can be the two possible reasons? (Choose two.)

Options:

A.

Upstream FortiGate IP must be set to 10.0.11.254.

B.

SAML Single Sign-On must be set to Manual.

C.

HQ-ISFW-2 must be authorized on HQ-ISFW.

D.

Management IP must be set to 10.0.13.254.

Buy Now
Questions 5

Refer to the exhibits.

FCP_FGT_AD-7.6 Question 5

The exhibits show the system performance output and default configuration of high memory usage thresholds on a FortiGate device.

Based on the system performance output, what are the two possible outcomes? (Choose two.)

Options:

A.

FortiGate has entered conserve mode.

B.

Administrators can access FortiGate only through the console port.

C.

Administrators can change the configuration.

D.

FortiGate drops new sessions.

Buy Now
Questions 6

Refer to the exhibits.

FCP_FGT_AD-7.6 Question 6

An administrator has observed the performance status outputs on an HA cluster for 55 seconds.

Which FortiGate is the primary?

Options:

A.

HQ-NGFW-2 with the parameter memory-failover-threshold setting

B.

HQ-NGFW-2 with the parameter priority setting

C.

HQ-NGFW-1 with the parameter memory-failover-flip-timeout setting

D.

HQ-NGFW-1 with the parameter override setting

Buy Now
Questions 7

You have configured the FortiGate device for FSSO. A user is successful in log-in to windows, but their access to the internet is denied.

What should the administrator check first?

Options:

A.

Whether the user is assigned to the correct AD group.

B.

The FortiGate firewall policy settings for SSL decryption.

C.

The FortiGate FSSO active users list for user’s IP address.

D.

The windows event viewer for failed login attempts.

Buy Now
Questions 8

You have configured an application control profile, set peer-to-peer traffic to Block under the Categories tab, and applied it to the firewall policy. However, your peer-to-peer traffic on known ports is passing through the FortiGate without being blocked.

What FortiGate settings should you check to resolve this issue?

Options:

A.

FortiGuard category ratings

B.

Application and Filter Overrides

C.

Network Protocol Enforcement

D.

Replacement Messages for UDP-based Applications

Buy Now
Questions 9

A remote user reports slow SSL VPN performance and frequent disconnections. The user is located in an area with poor internet connectivity.

What setting should the administrator adjust to improve the user's experience?

Options:

A.

Enable split tunneling to reduce VPN traffic.

B.

Change the SSL VPN port to a non-standard port.

C.

Increase the session timeout for inactive sessions.

D.

Configure the DTLS timeout to accommodate high-latency connections.

Buy Now
Questions 10

Refer to the exhibit, which shows a partial configuration from the remote authentication server.

FCP_FGT_AD-7.6 Question 10

Why does the FortiGate administrator need this configuration?

Options:

A.

To set up a RADIUS server Secret.

B.

To authenticate Any FortiGate user groups.

C.

To authenticate and match the Training OU on the RADIUS server.

D.

To authenticate only the Training user group.

Buy Now
Questions 11

An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when there is no inbound traffic.

Which DPD mode on FortiGate meets this requirement?

Options:

A.

Enabled

B.

On Idle

C.

Disabled

D.

On Demand

Buy Now
Questions 12

Refer to the exhibits.

FCP_FGT_AD-7.6 Question 12

The exhibits show a diagram of a FortiGate device connected to the network, and the firewall configuration.

An administrator created aDenypolicy with default settings to deny Webserver access forRemote-User2.

The policy should work such thatRemote-User1must be able to access the Webserver while preventingRemote-User2from accessing theWebserver.

Which additional configuration can the administrator add to a deny firewall policy, beyond the default behavior, to blockRemote-User2from accessing theWebserver?

Options:

A.

Disable match-vip in the Allow_access policy

B.

Configure a One-to-One IP Pool object in a new policy.

C.

Set the Destination address as Webserver in the Deny policy.

D.

Set the Destination address as Deny_IP in the Allow_access policy.

Buy Now
Questions 13

Which two statements are correct when FortiGate enters conserve mode? (Choose two.)

Options:

A.

FortiGate continues to run critical security actions, such as quarantine.

B.

FortiGate refuses to accept configuration changes.

C.

FortiGate halts complete system operation and requires a reboot to regain available resources.

D.

FortiGate continues to transmit packets without IPS inspection when the fail-open global setting in IPS is enabled.

Buy Now
Exam Code: FCP_FGT_AD-7.6
Exam Name: FortiGate 7.6 Administrator FCP_FGT_AD-7.6
Last Update: Jul 28, 2025
Questions: 45

PDF + Testing Engine

$63.52  $181.49

Testing Engine

$50.57  $144.49
buy now FCP_FGT_AD-7.6 testing engine

PDF (Q&A)

$43.57  $124.49
buy now FCP_FGT_AD-7.6 pdf