● FCP - FortiGate 7.6 Administrator Exam Materials
The Actual questions for FCP - FortiGate 7.6 Administrator (FCP_FGT_AD-7.6) - Updated Weekly
Question #1
Question #2
Which two statements about equal-cost multi-path (ECMP) configuration on FortiGate are true? (Choose two answers)
- A. If SD-WAN is enabled, you control the load balancing algorithm with the parameter load-balance-mode.
- B. If SD-WAN is disabled, you can configure the parameter v4-ecmp-mode to volume-based.
- C. If SD-WAN is enabled, you can configure routes with unequal distance and priority values to be part of ECMP
- D. If SD-WAN is disabled, you configure the load balancing algorithm in config system settings.
Question #3
You have created a web filter profile named restrict_media-profile with a daily category usage quota.
When you are adding the profile to the firewall policy, the restrict_media-profile is not listed in the available web profile drop down.
What could be the reason?
.
(Choose one answer)
- A. The firewall policy is in no-inspection mode instead of deep-inspection.
- B. The inspection mode in the firewall policy is not matching with web filter profile feature set.
- C. The web filter profile is already referenced in another firewall policy.
- D. The naming convention used in the web filter profile is restricting it in the firewall policy
Question #4
Refer to the exhibit,
As an administrator you have created an IPS profile, but it is not performing as expected. While testing you got the output as shown in the exhibit.
What could be the possible reason of the diagnose output shown in the exhibit?
(Choose one answer)
- A. There is no firewall policy configured with an IPS security profile.
- B. FortiGate entered into IPS fail open state.
- C. Administrator entered the command diagnose test application ipsmonitor 5.
- D. Administrator entered the command diagnose test application ipsmonitor 99.
Question #5
Refer to the exhibit.
The predefined deep-inspection and custom-deep-inspection profiles exclude some web categories from SSL inspection, as shown in the exhibit.
For which two reasons are these web categories exempted?
(Choose two answers)
- A. The FortiGate temporary certificate denies the browser's access to websites that use HTTP Strict Transport Security.
- B. These websites are in an allowlist of reputable domain names maintained by FortiGuard.
- C. The resources utilization is optimized because these websites are in the trusted domain list on FortiGate.
- D. The legal regulation aims to prioritize user privacy and protect sensitive information for these websites.
Question #6
Refer to the exhibit.
The NOC team connects to the FortiGate GUI with the NOC_Access admin profile. They request that their GUI sessions do not disconnect too early during inactivity.
What must the administrator configure to answer this specific request from the NOC team?
(Choose one answer)
- A. Move NOC_Access to the top of the list to ensure all profile settings take effect.
- B. Increase the offline value of the Override Idle Timeout parameter in the NOC_Access admin profile.
- C. Ensure that all NOC_Access users are assigned the super_admin role to guarantee access.
- D. Increase the admintimeout value under config system accprofile NOC_Access.
Question #7
Refer to the exhibit.
Based on this partial configuration, what are the two possible outcomes when FortiGate enters conserve mode?
(Choose two answers)
- A. Administrators cannot change the configuration.
- B. FortiGate skips quarantine actions.
- C. Administrators must restart FortiGate to allow new sessions.
- D. FortiGate drops new sessions requiring inspection.
Question #8
What is the primary FortiGate election process when the HA override setting is enabled? (Choose one answer)
- A. Connected monitored ports > Priority > HA uptime > FortiGate serial number
- B. Connected monitored ports > Priority > System uptime > FortiGate serial number
- C. Connected monitored ports > HA uptime > Priority > FortiGate serial number
- D. Connected monitored ports > System uptime > Priority > FortiGate serial number
Question #9
An administrator wanted to configure an IPS sensor to block traffic that triggers a signature a set number of times during a specific time period.
How can the administrator achieve the objective?
(Choose one answer)
- A. Use IPS group signatures, set rate-mode 60.
- B. Use IPS packet logging option with periodical filter option.
- C. Use IPS filter, rate-mode periodical option.
- D. Use IPS signatures, rate-mode periodical option.
Question #10
A FortiGate firewall policy is configured with active authentication, however, the user cannot authenticate when accessing a website.
Which protocol must FortiGate allow even though the user cannot authenticate?
(Choose one answer)
- A. LDAP
- B. TACACS+
- C. Kerberos
- D. DNS
An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when there is no inbound traffic.
Which DPD mode on FortiGate meets this requirement? (Choose one answer)