Download Fortinet FCSS - Enterprise Firewall 7.6 Administrator.FCSS_EFW_AD-7.6.ExamTopics.2026-03-05.27q.tqb

Vendor: Fortinet
Exam Code: FCSS_EFW_AD-7.6
Exam Name: Fortinet FCSS - Enterprise Firewall 7.6 Administrator
Date: Mar 05, 2026
File Size: 3 MB
Download Exam

How to open TQB files?

Files with TQB (Taurus Question Bank) extension can be opened by Taurus Exam Studio.

Download
Taurus Exam Studio

Purchase
Coupon: TAURUSSIM_20OFF

Discount: 20%

Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator

Demo Questions

Question 1
Refer to the exhibit.
The status of a new BGP configuration on FortiGate is shown.
Based on the output shown in the exhibit, which configuration should you consider next?
  1. Contact the remote peer administrator to enable BGP.
  2. Configure a static route to 100.65.4.1.
  3. Enable ebgp-multipath.
  4. Enable ebgp-enforce-multihop.
Correct answer: D
Question 2
Refer to the exhibit.
An HA configuration of an active-active (A-A) cluster with the same HA uptime shown.
You want HQ-NGFW-2 to handle the Core2 VDOM traffic.
Which modification must you make to achieve this outcome?
  1. Enable override in virtual duster 2 for HQ-NGFW-2.
  2. Change the priority from 120 to 200 for HQ-NGFW-2.
  3. Change the priority from 100 to 160 for HQ-NGFW-2.
  4. Reboot HQ-NGFW-2.
Correct answer: B
Question 3
A vulnerability scan report has revealed that a user has generated traffic to the website example.com using a weak SSUTLS version supported by the HTTPS web server.
What can you do to block all outdated SSL/TLS versions on any HTTPS web server to prevent possible attacks on user traffic?
  1. Enable server certificate SNI check in the SSL/SSH inspection profile.
  2. Enable auto-detection of outdated SSL/TLS versions in the SSL/SSH inspection profile to block vulnerable websites.
  3. Block invalid SSL certificates in the SSL/SSH inspection profile.
  4. Configure the unsupported SSL version and set the minimum allowed SSL version in the HTTPS settings of the SSL/SSH inspection profile.
Correct answer: D
Question 4
Refer to the exhibit.
A revision history window at the FortiManager device layer is shown.
The IT team is trying to identify the administrator responsible for the most recent update to the FortiGate device database.
What can the IT team conclude?
  1. The user script_manager, an API user from the Fortinet Developer Network (FDN). is retrieving a configuration.
  2. The retrieve process was automatically triggered by a Remote FortiGate Directly (via CLI) script.
  3. To identify the user who created the event, in the FortiManager system logs, they must use the type=script filter in the user field.
  4. To identify the user who created the event, they must view it on the Configuration and Installation widget on FortiGate at the FortiManager device layer.
Correct answer: A
Question 5
You must minimize CPU and RAM use on a FortiGate firewall while also enabling essential security features, such as web filtering and application control for HTTPS traffic.
Which SSL inspection setting reduces system load while also enabling security features, such as web filtering and application control for encrypted HTTPS traffic?
  1. Enable SSL certificate inspection mode to perform basic checks without decrypting traffic.
  2. Disable SSL inspection to preserve resources.
  3. Use deep SSL inspection to inspect encrypted HTTPS traffic.
  4. Configure SSL inspection to handle HTTPS traffic efficiently.
Correct answer: A
Question 6
You receive a FortiAnalyzer alert warning that a 1 ТВ disk filled up in a day. Upon investigation, you find thousands of unusual DNS log requests, such as JHCMQK.website.com, with no answers. You later discover that DNS exfiltration is occurring through both UDP and TLS.
How can you prevent this data theft technique?
  1. Use a file filter profile to protect against DNS exfiltration.
  2. Use an intrusion prevention system (IPS) profile and DNS exfiltration-related signatures.
  3. Enable DNS filter to protect against DNS exfiltration.
  4. Enable data loss prevention (DLP) to prevent DNS exfiltration.
Correct answer: B
Question 7
Refer to the exhibits.
The configuration of Windows PC, PC 1, with a default MTU of 1500 bytes, FortiGate interfaces with an MTU of 1000 bytes, and the results of PC 1 pinging over server 172.16.0.251 are shown.
Why is the PC1 user unable to ping server 172.16.0.254 and seeing the message: Packet needs to be fragmented but DF set?
  1. The user must adjust the TCP maximum segment size (MSS) to 1000 for the ping to succeed
  2. The ip.flags.mf option must be enabled on FortiGate. The user must adjust the ping MTU to 1000 to succeed.
  3. The user must account for the size of the Ethernet header when configuring the MTU value.
  4. FortiGate honors the do not fragment bit and the packets are dropped. The user must adjust the ping MTU to 972 to succeed.
Correct answer: D
Question 8
Refer to the exhibit.
The VDOM configuration on a FortiGate device is shown.
You discover that web filtering stopped working in Corel and Core2 after a maintenance window.
What are two reasons why web filtering stopped working? (Choose two.)
  1. The root VDOM does not use a VDOM link to connect with the Core1 and Core2 VDOMs.
  2. The root VDOM does not have access to any valid, public Fortinet Distribution Network (FDN).
  3. The root VDOM does not have access to FortiManager in a dosed network.
  4. The Core1 and Core2 VDOMs must also be enabled as management VDOMs to receive FortiGuard updates.
Correct answer: A, B
Question 9
Refer to the exhibit.
A normalized interface LAN on FortiManager is shown.
Which two statements about this interface configuration are correct? (Choose two.)
  1. The normalized interface LAN will be mapped to the private interface for FortiGate-VM64 model devices.
  2. The normalized interface LAN will be mapped to the wireless interface for FortiGate-81E model devices.
  3. The normalized interface LAN will be mapped to the port2 interface for NGFW-1 [Core2].
  4. The normalized interface LAN will be mapped to the Human Resources interface for any FortiGate-40F model devices.
Correct answer: B, C
Question 10
You need an internal segmentation firewall (ISFW) FortiGate for a campus with an ultralow latency interface.
Which FortiGate should you select?
  1. FortiGate with ports X5 to X8.
  2. FortiGate with only one NP6.
  3. FortiGate with ports connected to a CP10.
  4. FortiGate with ports connected to a SP5.
Correct answer: D
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!