Download FCP - FortiGate 7.6 Administrator.FCP_FGT_AD-7.6.ExamTopics.2025-11-07.38q.tqb
| Vendor: | Fortinet |
| Exam Code: | FCP_FGT_AD-7.6 |
| Exam Name: | FCP - FortiGate 7.6 Administrator |
| Date: | Nov 07, 2025 |
| File Size: | 2 MB |
How to open TQB files?
Files with TQB (Taurus Question Bank) extension can be opened by Taurus Exam Studio.
Purchase
Coupon: TAURUSSIM_20OFF
Discount: 20%
Demo Questions
Question 1
An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when there is no inbound traffic.
Which DPD mode on FortiGate meets this requirement?
- Enabled
- On Idle
- Disabled
- On Demand
Correct answer: D
Explanation:
B: 4D: 10 - Mosted B: 4D: 10 - Mosted
Question 2
A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy.
When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and does not block the file, allowing it to be downloaded.
The administrator confirms that the traffic matches the configured firewall policy.
What are two reasons for the failed virus detection by FortiGate? (Choose two.)
- The selected SSL inspection profile has certificate inspection enabled.
- The website is exempted from SSL inspection.
- The El CAR test file exceeds the protocol options oversize limit.
- The browser does not trust the FortiGate self-signed CA certificate.
Correct answer: AB
Explanation:
AB: 3 - Mosted AB: 3 - Mosted
Question 3
Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI.
Based on the exhibit, which statement is true?
- The Underlay zone is the zone by default.
- The Underlay zone contains no member.
- port2 and port3 are not assigned to a zone.
- The virtual-wan-link and overlay zones can be deleted.
Correct answer: B
Explanation:
B: 3 - Mosted B: 3 - Mosted
Question 4
An administrator wanted to configure an IPS sensor to block traffic that triggers a signature set number of times during a specific time period.
How can the administrator achieve the objective?
- Use IPS group signatures, set rate-mode 60.
- Use IPS packet logging option with periodical filter option.
- Use IPS filter, rate-mode periodical option.
- Use IPS filter, rate-mode periodical option.
Correct answer: C
Explanation:
C: 3 - Mosted C: 3 - Mosted
Question 5
Refer to the exhibit.
What would be the impact of these settings on the Server certificate SNI check configuration on FortiGate?
- FortiGate will accept and use the CN in the server certificate for URL filtering if the SNI does not match the CN or SAN fields.
- FortiGate will accept the connection with a warning if the SNI does not match the CN or SAN fields.
- FortiGate will close the connection if the SNI does not match the CN or SAN fields.
- FortiGate will close the connection if the SNI does not match the CN and SAN fields
Correct answer: D
Explanation:
C: 3 C: 3
Question 6
A new administrator is configuring FSSO authentication on FortiGate using DC Agent Mode.
Which step is NOT part of the expected process?
- The DC agent sends login event data directly to FortiGate.
- The user logs into the windows domain.
- The collector agent forwards login event data to FortiGate.
- FortiGate determines user identity based on the IP address in the FSSO list.
Correct answer: A
Explanation:
A: 6 - MostedC: 1 A: 6 - MostedC: 1
Question 7
You are analyzing connectivity problems caused by intermediate devices blocking traffic in SSL VPN environment.
In which two ways can you effectively resolve the problem? (Choose two.)
- You can turn off IKE fragmentation to fix large certificate negotiation problems.
- You should use IPsec to solve issues with fragment drops and large certificate exchanges.
- You can use SSL VPN tunnel mode to prevent problems with blocked ESP and UDP ports (500 or 4500).
- You can configure a hub-and-spoke topology with SSL VPN tunnels to bypass blocked UDP ports.
Correct answer: AC
Explanation:
BC: 2CD: 1 BC: 2CD: 1
Question 8
You have configured an application control profile, set peer-to-peer traffic to Block under the Categories tab, and applied it to the firewall policy. However, your peer-to-peer traffic on known ports is passing through the FortiGate without being blocked.
What FortiGate settings should you check to resolve this issue?
- FortiGuard category ratings
- Application and Filter Overrides
- Network Protocol Enforcement
- Replacement Messages for UDP-based Applications
Correct answer: C
Explanation:
B: 1 - MostedC: 2 B: 1 - MostedC: 2
Question 9
Which two statements are correct when FortiGate enters conserve mode? (Choose two.)
- FortiGate continues to run critical security actions, such as quarantine.
- FortiGate refuses to accept configuration changes.
- FortiGate halts complete system operation and requires a reboot to regain available resources.
- FortiGate continues to transmit packets without IPS inspection when the fail-open global setting in IPS is enabled.
Correct answer: BD
Explanation:
AD: 1 - Mosted AD: 1 - Mosted
Question 10
Refer to the exhibit.
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.
Based on the phase 2 configuration shown in the exhibit, which two configuration changes will bring phase 2 up? (Choose two.)
- On BR1-FGT, set Seconds to 43200.
- On HQ-NGFW, enable Diffie-Hellman Group 2.
- On BR1-FGT, set Remote Address to10.0.11.0/255.255.255.0
- On HQ-NGFW. set Encryption to AES256
Correct answer: CD
Explanation:
AD: 1CD: 3 - Mosted AD: 1CD: 3 - Mosted
HOW TO OPEN VCE FILES
Use VCE Exam Simulator to open VCE files
HOW TO OPEN VCEX FILES
Use ProfExam Simulator to open VCEX files
ProfExam at a 20% markdown
You have the opportunity to purchase ProfExam at a 20% reduced price
Get Now!