Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: myex65

 
Home > Fortinet > Fortinet Network Security Expert > FCP_FGT_AD-7.6

FCP_FGT_AD-7.6 FortiGate 7.6 Administrator FCP_FGT_AD-7.6 Question and Answers

Question # 4

Refer to the exhibits.

An administrator wants to add HQ-ISFW-2 in the Security Fabric. HQ-ISFW-2 is in the same subnet as HQ-ISFW. After configuring the Security Fabric settings on HQ-ISFW-2, the status stays Pending.

What can be the two possible reasons? (Choose two.)

A.

Upstream FortiGate IP must be set to 10.0.11.254.

B.

SAML Single Sign-On must be set to Manual.

C.

HQ-ISFW-2 must be authorized on HQ-ISFW.

D.

Management IP must be set to 10.0.13.254.

Full Access
Question # 5

You have configured the below commands on a FortiGate.

What would be the impact of this configuration on FortiGate?

A.

FortiGate will enable strict RPF on ail its interfaces and port1 will be enable for asymmetric routing.

B.

FortiGate will enable strict RPF on all its interfaces and port1 will be exempted from RPF checks.

C.

Port1 will be enabled with flexible RPF, and all other interfaces will be enabled for strict RPF

D.

The global configuration will take precedence and FortiGate will enable strict RPF on all interfaces.

Full Access
Question # 6

Which two statements are true about an HA cluster? (Choose two.)

A.

An HA cluster cannot have both in-band and out-of-band management interfaces at the same time.

B.

Link failover triggers a failover if the administrator sets the interface down on the primary device.

C.

When sniffing the heartbeat interface, the administrator must see the IP address 169.254.0.2.

D.

HA incremental synchronization includes FIB entries and IPsec SAs.

Full Access
Question # 7

Refer to the exhibits.

The exhibits show a diagram of a FortiGate device connected to the network, as well as the IP pool configuration and firewall policy objects.

The WAN (port2) interface has the IP address 100.65.0.101/24.

The LAN (port4) interface has the IP address 10.0.11.254/24.

Which IP address will be used to source NAT (SNAT) the traffic, if the user on

HQ-PC-1 (10.0.11.50) pings the IP address of BR-FGT (100.65.1.111)

A.

100.65.0.101

B.

100.65.0.49

C.

100.65.0.99

D.

100.65.0.149

Full Access
Question # 8

Refer to the exhibits.

An administrator has observed the performance status outputs on an HA cluster for 55 seconds.

Which FortiGate is the primary?

A.

HQ-NGFW-2 with the parameter memory-failover-threshold setting

B.

HQ-NGFW-2 with the parameter priority setting

C.

HQ-NGFW-1 with the parameter memory-failover-flip-timeout setting

D.

HQ-NGFW-1 with the parameter override setting

Full Access
Question # 9

Refer to the exhibits.

The exhibits show a diagram of a FortiGate device connected to the network, and the firewall configuration.

An administrator created a Deny policy with default settings to deny Webserver access for Remote-User2.

The policy should work such that Remote-User1 must be able to access the Webserver while preventing Remote-User2 from accessing the Webserver.

Which additional configuration can the administrator add to a deny firewall policy, beyond the default behavior, to block Remote-User2 from accessing the Webserver?

A.

Disable match-vip in the Allow_access policy

B.

Configure a One-to-One IP Pool object in a new policy.

C.

Set the Destination address as Webserver in the Deny policy.

D.

Set the Destination address as Deny_IP in the Allow_access policy.

Full Access
Question # 10

An administrator wanted to configure an IPS sensor to block traffic that triggers a signature set number of times during a specific time period.

How can the administrator achieve the objective?

A.

Use IPS group signatures, set rate-mode 60.

B.

Use IPS packet logging option with periodical filter option.

C.

Use IPS filter, rate-mode periodical option.

D.

Use IPS filter, rate-mode periodical option.

Full Access
Question # 11

Refer to the exhibits.

An administrator configured the Web Filter Profile to block access to all social networking sites except Facebook. However, when users try to access Facebook.com, they are redirected to a FortiGuard web filtering block page.

Based on the exhibits, which configuration change must the administrator make to allow Facebook while blocking all other social networking sites?

A.

Change the Feature set of Web Filter Profile as Proxy-based.

B.

Set the Action as Exempt for www.facebook.com

in the Static URL Filter.

C.

Change the type as Simple in the Static URL Filter section.

D.

Set the Social Networking action as warning in the FortiGuard Category Based Filter.

Full Access
Question # 12

What is the primary FortiGate election process when the HA override setting is enabled?

A.

Connected monitored ports > Priority > HA uptime > FortiGate serial number

B.

Connected monitored ports > Priority > System uptime > FortiGate serial number

C.

Connected monitored ports > HA uptime > Priority > FortiGate serial number

D.

Connected monitored ports > System uptime > Priority > FortiGate serial number

Full Access
Question # 13

Refer to the exhibits.

You have implemented the application sensor and the corresponding firewall policy as shown in the exhibits.

Which two factors can you observe from these configurations? (Choose two.)

A.

YouTube search is allowed based on the Google Application and Filter override settings.

B.

YouTube access is blocked based on Excessive-Bandwidth Application and Filter override settings.

C.

Facebook access is allowed but you cannot play Facebook videos based on Video/Audio category filter settings.

D.

Facebook access is blocked based on the category filter settings.

Full Access
Question # 14

Which three statements about SD-WAN performance SLAs are true? (Choose three.)

A.

They rely on session loss and jitter.

B.

They can be measured actively or passively.

C.

They are applied in a SD-WAN rule lowest cost strategy.

D.

They monitor the state of the FortiGate device.

E.

All the SLAtargets can be configured.

Full Access
Copyright myexamcollection.com. All Right Reserved.