Fortinet FCP_FGT_AD-7.6 Practice Questions

You have configured an application control profile, set peer-to-peer traffic to Block under the Categories tab, and applied it to the firewall policy. However, your peer-to-peer traffic on known ports is passing through the FortiGate without being blocked.
What FortiGate settings should you check to resolve this issue?

A. FortiGuard category ratings

B. Application and Filter Overrides

C. Network Protocol Enforcement

D. Replacement Messages for UDP-based Applications

Refer to the exhibit, which shows a partial configuration from the remote authentication server.



Why does the FortiGate administrator need this configuration?

A. To set up a RADIUS server Secret.

B. To authenticate Any FortiGate user groups.

C. To authenticate and match the Training OU on the RADIUS server.

D. To authenticate only the Training user group.

Refer to the exhibit, which contains a RADIUS server configuration.



An administrator added a configuration for a new RADIUS server. While configuring, the administrator enabled Include in every user group.
What is the impact of enabling Include in every user group in a RADIUS configuration?

A. This option places the RADIUS server, and all users who can authenticate against that server, into every FortiGate user group.

B. This option places the RADIUS server, and all users who can authenticate against that server, into every RADIUS group.

C. This option places all users into every RADIUS user group, including groups that are used for the LDAP server on FortiGate.

D. This option places all FortiGate users and groups required to authenticate into the RADIUS server, which, in this case, is FortiAuthenticator.

Refer to the exhibit.



FortiGate has two separate firewall policies for Sales and Engineering to access the same web server with the same security profiles.
Which action must the administrator perform to consolidate the two policies into one?

A. Create an Aggregate interface that includes port1 and port2 to create a single firewall policy.

B. Select port1 and port2 subnets in a single firewall policy.

C. Replace port1 and port2 with the any interface in a single firewall policy.

D. Enable Multiple Interface Policies to select port1 and port2 in the same firewall policy.

Refer to the exhibit.



The predefined deep-inspection and custom-deep-inspection profiles exclude some web categories from SSL inspection, as shown in the exhibit.
For which two reasons are these web categories exempted? (Choose two.)

A. The FortiGate temporary certificate denies the browser’s access to websites that use HTTP Strict Transport Security.

B. These websites are in an allowlist of reputable domain names maintained by FortiGuard.

C. The resources utilization is optimized because these websites are in the trusted domain list on FortiGate.

D. The legal regulation aims to prioritize user privacy and protect sensitive information for these websites.

Refer to the exhibits.



You have implemented the application sensor and the corresponding firewall policy as shown in the exhibits.
Which two factors can you observe from these configurations? (Choose two.)

A. YouTube search is allowed based on the Google Application and Filter override settings.

B. YouTube access is blocked based on Excessive-Bandwidth Application and Filter override settings.

C. Facebook access is allowed but you cannot play Facebook videos based on Video/Audio category filter settings.

D. Facebook access is blocked based on the category filter settings.

Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI.



Based on the exhibit, which statement is true?

A. The Underlay zone is the zone by default.

B. The Underlay zone contains no member.

C. port2 and port3 are not assigned to a zone.

D. The virtual-wan-link and overlay zones can be deleted.