Fortinet FCP_FGT_AD-7.6 Practice Questions

Which two statements about the Security Fabric rating are true? (Choose two.)

A. A license is required to obtain an executive summary in the Security Rating section.

B. The root FortiGate provides executive summaries of all the FortiGate devices in the Security Fabric.

C. The Security Posture category provides PCI compliance results.

D. Security Rating Insights are available only in the Security Rating page.

Refer to the exhibit.



Which two statements are true about the routing entries in this database table? (Choose two.)

A. All of the entries in the routing database table are installed in the FortiGate routing table.

B. The port2 interface is marked as inactive.

C. Both default routes have different administrative distances.

D. The default route on port2 is marked as the standby route.

Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

A. The collector agent uses a Windows API to query DCs for user logins.

B. NetAPI polling can increase bandwidth usage in large networks.

C. The NetSessionEnum function is used to track user logouts.

D. The collector agent must search Windows application event logs.

Which three pieces of information does FortiGate use to identify the hostname of the SSL server when SSL certificate inspection is enabled? (Choose three.)

A. The host field in the HTTP header.

B. The server name indication (SNI) extension in the client hello message.

C. The subject alternative name (SAN) field in the server certificate.

D. The subject field in the server certificate.

E. The serial number in the server certificate.

You are encountering connectivity problems caused by intermediate devices blocking IPsec traffic.
In which two ways can you effectively resolve the problem? (Choose two.)

A. You should use the protocol IKEv2.

B. You can use SSL VPN tunnel mode to prevent problems with blocked ESP and UDP ports (500 or 4500).

C. You can configure a hub-and-spoke topology with SSL VPN tunnels to bypass blocked UDP ports.

D. You can turn on fragmentation to fix large certificate negotiation problems.

Which two statements are correct when FortiGate enters conserve mode? (Choose two.)

A. FortiGate continues to run critical security actions, such as quarantine.

B. FortiGate refuses to accept configuration changes.

C. FortiGate halts complete system operation and requires a reboot to regain available resources.

D. FortiGate continues to transmit packets without IPS inspection when the fail-open global setting in IPS is enabled.

Refer to the exhibits.



Based on the current HA status, an administrator updates the override and priority parameters on HQ-NGFW-1 and HQ-NGFW-2 as shown in the exhibit.
What would be the expected outcome in the HA cluster?

A. HQ-NGFW-1 will synchronize the override disable setting with HQ-NGFW-2.

B. HQ-NGFW-2 will take over as the primary because it has the override enable setting and higher priority than HQ-NGFW-1.

C. HQ-NGFW-1 will remain the primary because HQ-NGFW-2 has lower priority.

D. The HA cluster will become out of sync because the override setting must match on all HA members.