You have implemented the application sensor and the corresponding firewall policy as shown in the exhibits. You cannot access any of the Google applications, but you are able to access www.fortinet.com. Which two actions would you take to resolve the issue? (Choose two answers)

A. Add *Google*.com to the URL category in the security profile.
B. Change the Inspection mode to Flow-based.
C. Set the action for Google in the Application and Filter Overrides section to Allow.
D. Move up Google in the Application and Filter Overrides section to set its priority to 1.
E. Set SSL inspection to deep-content inspection.

Correct Answer: B,E

Brave-Dump Clients Votes

DE 62.5%

BE 37.5%

Comments

Mahboab Ali Ghaleb 2025-07-10 03:37:31

Selected Answers: B, E

B & E are correct Answer. Google Apps aren't Category under Executive bandwidth, So didn't block Google APPs .
For reference there is same question in the FCP-FGT 7.6 AD sample questions.

Mahboab Ali Ghaleb 2025-07-12 23:25:47

Selected Answers: B, E

I applied the same scenario on production live and the result as B & E

Brave-Dumps.com Admin 2025-07-12 23:59:09
Thanks, Mahboab! for sharing your experience in the Brave-Dumps community. You're absolutely right, and I’ve updated the website to B&E, Appreciate your valuable input!

Miguel 2025-12-05 18:42:49

Selected Answers: D, E

Why D is correct

In the Application Control profile you have two overrides:

Priority 1 – Excessive-Bandwidth (behavior filter) → Action: Block

Priority 2 – Google (vendor filter) → Action: Monitor

FortiGate processes Application and Filter Overrides from top to bottom.
The first matching override wins.

So when a Google application uses a lot of bandwidth, it matches the “Excessive-Bandwidth” filter first (priority 1), and the action is Block.
The traffic is dropped before FortiGate even checks the “Google – Monitor” override.

If you apply answer D:

D. Move up Google in the Application and Filter Overrides section to set its priority to 1.

then the order becomes:

Priority 1 – Google (Monitor → allow + log)

Priority 2 – Excessive-Bandwidth (Block)

Now Google traffic hits the Google override first, is allowed, and only non-Google apps are affected by the “Excessive-Bandwidth” block.
So D directly fixes the root cause: the wrong priority of the overrides.

Why B is not the real fix

B. Change the Inspection mode to Flow-based.

Changing the policy from Proxy-based to Flow-based does not change:

the Application Control profile,

the list of overrides, or

the order in which those overrides are evaluated.

The override “Excessive-Bandwidth – Block” would still be on top, so Google traffic that matches this behavior filter would continue to be blocked, even in Flow-based mode.

Flow-based is generally recommended for App Control, but it does not solve the specific problem described in the question. The real problem is the override order, and only D addresses that.

abdulrahman 2026-03-21 18:40:35
from chatGPT the order would matter if there is multible overrides or filters. but in this case there is one override (google -> monitor ) and one filter (excessive bandwidth -> block ) and the application profile always check the override first and the the filters.

Anonymous User 2026-01-20 21:48:36

Selected Answers: D, E

Kacper 2026-02-25 20:16:21

Selected Answers: D, E

Any reason for Being correct?

Ashequr Rahman Khan 2026-03-19 07:27:29

Selected Answers: D, E

I agree with Miguel; changing the inspection mode from proxy-based to flow-based does not override the list of orders in the application control profile. Admin please confirm.

Ra 2026-03-23 22:07:30

Selected Answers: D, E

you dont need Lab for that, just think , if the position 1 is not there, what will happen???
Proxy doesnt have effect in this config.

Anonymous User 2026-04-16 16:17:58

Selected Answers: B, E

B,E Correct