FCP_FGT_AD-7.6 FortiGate 7.6 Administrator FCP_FGT_AD-7.6 Questions and Answers

Questions 4

Based on the Exhibits:

FCP_FGT_AD-7.6 Question 4

A web filter profile configuration and firewall policy configuration are shown.

You are trying to access www.facebook.com, but you are redirected to a FortiGuard web filtering block page.

Based on the exhibits, what is the possible cause of the issue?

Options:

The web filter profile feature set is configured incorrectly.

The web rating override configuration is incorrect.

The firewall policy inspection mode is incorrect.

For www.facebook.com, the URL filter action is incorrect.

Buy Now

Questions 5

Refer to the exhibit showing a debug flow output.

FCP_FGT_AD-7.6 Question 5

Which two conclusions can you make from the debug flow output? (Choose two.)

Options:

The default gateway is configured on port2.

The RPF check fails.

The debug flow is for UDP traffic.

The matching firewall policy denies the traffic.

Buy Now

Questions 6

Which two statements are correct when FortiGate enters conserve mode? (Choose two.)

Options:

FortiGate continues to run critical security actions, such as quarantine.

FortiGate refuses to accept configuration changes.

FortiGate halts complete system operation and requires a reboot to regain available resources.

FortiGate continues to transmit packets without IPS inspection when the fail-open global setting in IPS is enabled.

Buy Now

Questions 7

FortiGate is operating in NAT mode and has two physical interfaces connected to the LAN and DMZ networks respectively.

Which two statements about the requirements of connected physical interfaces on FortiGate are true? (Choose two.)

Options:

Both interfaces must have the interface role assigned.

Both interfaces must have directly connected routes on the routing table.

Both interfaces must have DHCP enabled and interfaces set to LAN and DMZ roles assigned.

Both interfaces must have IP addresses assigned.

Buy Now

Questions 8

Refer to the exhibit.

FCP_FGT_AD-7.6 Question 8

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.

Based on the phase 2 configuration shown in the exhibit, which two configuration changes will bring phase 2 up? (Choose two.)

Options:

On BR1-FGT, set Seconds to 43200.

On HQ-NGFW, enable Diffie-Hellman Group 2.

On BR1-FGT, set Remote Address to 10.0.11.0/255.255.255.0

On HQ-NGFW. set Encryption to AES256

Buy Now

Questions 9

Refer to the exhibit.

FCP_FGT_AD-7.6 Question 9

The exhibit shows the FortiGuard Category Based Filter section of a corporate web filter profile.

An administrator must block access to download.com , which belongs to the Freeware and Software Downloads category. The administrator must also allow other websites in the same category.

What are two solutions for satisfying the requirement? (Choose two.)

Options:

Configure a static URL filter entry for download.com with Type and Action set to Wildcard and Block, respectively.

Configure a web override rating for download.com and select Malicious Websites as the subcategory.

Configure a separate firewall policy with action Deny and an FQDN address object for*.download.com as destination address.

Set the Freeware and Software Downloads category Action to Warning.

Buy Now

Questions 10

Refer to the exhibit.

FCP_FGT_AD-7.6 Question 10

The predefined deep-inspection and custom-deep-inspection profiles exclude some web categories from SSL inspection, as shown in the exhibit.

For which two reasons are these web categories exempted? (Choose two.)

Options:

The FortiGate temporary certificate denies the browser’s access to websites that use HTTP Strict Transport Security.

These websites are in an allowlist of reputable domain names maintained by FortiGuard.

The resources utilization is optimized because these websites are in the trusted domain list on FortiGate.

The legal regulation aims to prioritize user privacy and protect sensitive information for these websites.

Buy Now

Questions 11

Refer to the exhibit, which contains a RADIUS server configuration.

FCP_FGT_AD-7.6 Question 11

An administrator added a configuration for a new RADIUS server. While configuring, the administrator enabled Include in every user group.

What is the impact of enabling Include in every user group in a RADIUS configuration?

Options:

This option places the RADIUS server, and all users who can authenticate against that server, into every FortiGate user group.

This option places the RADIUS server, and all users who can authenticate against that server, into every RADIUS group.

This option places all users into every RADIUS user group, including groups that are used for the LDAP server on FortiGate.

This option places all FortiGate users and groups required to authenticate into the RADIUS server, which, in this case, is FortiAuthenticator.

Buy Now

Questions 12

A new administrator is configuring FSSO authentication on FortiGate using DC Agent Mode.

Which step is NOT part of the expected process?

Options:

The DC agent sends login event data directly to FortiGate.

The user logs into the windows domain.

The collector agent forwards login event data to FortiGate.

FortiGate determines user identity based on the IP address in the FSSO list.

Buy Now

Questions 13

Refer to the exhibit, which shows a routing table.

FCP_FGT_AD-7.6 Question 13

An administrator wants to create a new static route so the traffic to the subnet 172.20.1.0/24 is routed through port2 only.

What are the two criteria that the administrator can use to achieve this objective? (Choose two.)

Options:

The new static route must have the distance set to 9.

The existing static route through port3 must have the distance set to 11.

The new static route must have the priority set to 3.

The new static route must have the metric set to 1.

Buy Now

Questions 14

You have configured the FortiGate device for FSSO. A user is successful in log-in to windows, but their access to the internet is denied.

What should the administrator check first?

Options:

Whether the user is assigned to the correct AD group.

The FortiGate firewall policy settings for SSL decryption.

The FortiGate FSSO active users list for user’s IP address.

The windows event viewer for failed login attempts.

Buy Now

Questions 15

What are two features of FortiGate FSSO agentless polling mode? (Choose two.)

Options:

FortiGate directs the collector agent to use a remote LDAP server.

FortiGate uses the SMB protocol to read the event viewer logs from the DCs.

FortiGate does not support workstation check.

FortiGate uses the AD server as the collector agent.

Buy Now

Questions 16

When configuring a FortiGate in a multi-WAN setup, why would an administrator enable session preservation on an interface?

Options:

To allow the FortiGate to dynamically change interfaces for all active sessions when a WAN link fails

To make sure all sessions without source NAT enabled always use the primary WAN link

To improve security by forcing users to authenticate again when the WAN link changes

To ensure that existing SSL VPN connections remain on the same interface even if route changes occur

Buy Now

Questions 17

Refer to the exhibits.

FCP_FGT_AD-7.6 Question 17

An administrator configured both members of an HA cluster at the same time. After one week of monitoring, the administrator wants to verify the HA failover performance.

How can the administrator force a failover?

Options:

The administrator must reset the HA uptime on HQ-NGFW-1.

The administrator must set the parameter override to enable on HQ-NGFW-2.

The administrator must increase the HA priority on HQ-NGFW-2.

The administrator must set the monitored port to down on HQ-NGFW-1.

Buy Now

Questions 18

When FortiGate performs SSL/SSH full inspection, you can decide how it should react when it detects an invalid certificate.

Which three actions are valid actions that FortiGate can perform when it detects an invalid certificate? (Choose three.)

Options:

Allow

Trust & Allow

Allow & Warning

Block

Block & Warning

Buy Now

Questions 19

Refer to the exhibits.

FCP_FGT_AD-7.6 Question 19

You have implemented the application sensor and the corresponding firewall policy as shown in the exhibits

You cannot access any of the Google applications, but you are able to access www.fortinet.com.

Which two actions would you take to resolve the issue? (Choose two.)

Options:

Change the Inspection mode to Flow-based

Add " Google* .com to the URL category in the security profile

Set SSL inspection to deep-content inspection

Set the action for Google in the Application and Filter Overrides section to Allow

Move up Google in the Application and Filter Overrides section to set its priority to 1.

Buy Now

Questions 20

A remote user reports slow SSL VPN performance and frequent disconnections. The user is located in an area with poor internet connectivity.

What setting should the administrator adjust to improve the user ' s experience?

Options:

Enable split tunneling to reduce VPN traffic.

Change the SSL VPN port to a non-standard port.

Increase the session timeout for inactive sessions.

Configure the DTLS timeout to accommodate high-latency connections.

Buy Now

Exam Code: FCP_FGT_AD-7.6

Exam Name: FortiGate 7.6 Administrator FCP_FGT_AD-7.6

Last Update: May 11, 2026

Questions: 67

PDF + Testing Engine

$63.52 ~~$181.49~~

Testing Engine

$50.57 ~~$144.49~~

PDF (Q&A)

$43.57 ~~$124.49~~

FCP_FGT_AD-7.6 FortiGate 7.6 Administrator FCP_FGT_AD-7.6 Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

PDF + Testing Engine

Testing Engine

PDF (Q&A)