Fortinet FCP_FGT_AD-7.6 Practice Questions

You are analyzing connectivity problems caused by intermediate devices blocking traffic in SSL VPN environment.
In which two ways can you effectively resolve the problem? (Choose two.)

A. You can turn off IKE fragmentation to fix large certificate negotiation problems.

B. You should use IPsec to solve issues with fragment drops and large certificate exchanges.

C. You can use SSL VPN tunnel mode to prevent problems with blocked ESP and UDP ports (500 or 4500).

D. You can configure a hub-and-spoke topology with SSL VPN tunnels to bypass blocked UDP ports.

You have configured the below commands on a FortiGate.



What would be the impact of this configuration on FortiGate?

A. FortiGate will enable strict RPF on ail its interfaces and port1 will be enable for asymmetric routing.

B. FortiGate will enable strict RPF on all its interfaces and port1 will be exempted from RPF checks.

C. Port1 will be enabled with flexible RPF, and all other interfaces will be enabled for strict RPF

D. The global configuration will take precedence and FortiGate will enable strict RPF on all interfaces.

You have configured the FortiGate device for FSSO. A user is successful in log-in to windows, but their access to the internet is denied.
What should the administrator check first?

A. Whether the user is assigned to the correct AD group.

B. The FortiGate firewall policy settings for SSL decryption.

C. The FortiGate FSSO active users list for user’s IP address.

D. The windows event viewer for failed login attempts.

Which three strategies are valid SD-WAN rule strategies for member selection? (Choose three.)

A. Lowest Cost (SLA) without load balancing

B. Manual with load balancing

C. Lowest Quality (SLA) with load balancing

D. Lowest Cost (SLA) with load balancing

E. Best Quality with load balancing

Refer to the exhibits.



The exhibits show a diagram of a FortiGate device connected to the network, as well as the firewall policy and IP pool configuration on the FortiGate device Two PCs PC1 and PC2, are connected behind FortiGate and can access the internet successfully However, when the administrator adds a third PC to the network (PC3), the PC cannot connect to the internet
Based on the information shown in the exhibit, which two configuration options can the administrator use to fa the connectivity issue for PC3? (Choose two.)

A. In the system settings sot Multiple Interface Policies to enable

B. In the firewall policy, set match-vip to enable using CLI.

C. ln the IP pool configuration, set endip to 100.65.0.112.

D. In the IP pool configuration, set type to overload.

Refer to the exhibits.



An administrator configured both members of an HA cluster at the same time. After one week of monitoring, the administrator wants to verify the HA failover performance.
How can the administrator force a failover?

A. The administrator must reset the HA uptime on HQ-NGFW-1.

B. The administrator must set the parameter override to enable on HQ-NGFW-2.

C. The administrator must increase the HA priority on HQ-NGFW-2.

D. The administrator must set the monitored port to down on HQ-NGFW-1.

Refer to the exhibit.



An administrator has created a new firewall address to use as the destination for a static route.
Why is the administrator not able to select the new address in the Destination field of the new static route?

A. In the new static route, the administrator must select Named Address.

B. In the new firewall address, the FQDN address must first beresolved.

C. In the new static route, the administrator must first set the interface to port2

D. In the new firewall address, Routing configuration must be enabled.