Browse Exams Pricing

ExamsFCP_FGT_AD-7.6Questions

FCP_FGT_AD-7.6 Exam Questions

128 real FCP_FGT_AD-7.6 exam questions with expert-verified answers and explanations. Page 1 of 3.

Question #1Deployment and system configuration
What is the primary FortiGate election process when the HA override setting is enabled?
FortiGate HAHA overrideElection processClustering
Question #2Content inspection
An administrator wanted to configure an IPS sensor to block traffic that triggers a signature set number of times during a specific time period. How can the administrator achieve t...
IPS configurationRate modeSignature thresholdingThreat prevention
Question #3Firewall policies and authentication
A FortiGate firewall policy is configured with active authentication, however, the user cannot authenticate when accessing a website. Which protocol must FortiGate allow even thoug...
DNSFortiGate policiesAuthentication prerequisitesNetwork fundamental protocols
Question #4Firewall policies and authentication
Refer to the exhibit, which shows a partial configuration from the remote authentication server. Why does the FortiGate administrator need this configuration?
RADIUS authenticationUser group filteringRemote authentication serverAccess control
Question #5Deployment and system configuration
Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI. Based on the exhibit, which statement is true?
SD-WAN ZonesFortiGate GUIInterface AssignmentNetwork Configuration
Question #6Content inspection
Which three statements explain a flow-based antivirus profile? (Choose three.)
Antivirus ProfileFlow-based InspectionSecurity ProfilesPerformance Optimization
Question #7Content inspection
Refer to the exhibit. An administrator has configured an Application Overrides for the ABC.Com application signature and set the Action to Allow. This application control profile i...
Application ControlLoggingFortiGateApplication Overrides
Question #8Deployment and system configuration
Which two statements describe characteristics of automation stitches? (Choose two.)
Automation StitchesSecurity FabricOrchestrationEvent-driven automation
Question #9Routing
Which three statements about SD-WAN performance SLAs are true? (Choose three.)
SD-WANPerformance SLALink MonitoringTraffic Steering
Question #10Deployment and system configuration
Which two statements are true about an HA cluster? (Choose two.)
HA ClusterFailoverSynchronizationLink Monitoring
Question #11Routing
Refer to the exhibit. An administrator has created a new firewall address to use as the destination for a static route. Why is the administrator not able to select the new address...
FortiGate Address ObjectsStatic RoutesRouting ConfigurationFirewall Address Configuration
Question #12Routing
FortiGate is operating in NAT mode and has two physical interfaces connected to the LAN and DMZ networks respectively. Which two statements about the requirements of connected phys...
Interface ConfigurationNAT ModeIP AddressingRouting Table
Question #13Routing
When configuring a FortiGate in a multi-WAN setup, why would an administrator enable session preservation on an interface?
Multi-WANSession preservationSSL VPNInterface configuration
Question #14VPN
You are analyzing connectivity problems caused by intermediate devices blocking traffic in SSL VPN environment. In which two ways can you effectively resolve the problem? (Choose t...
SSL VPNTroubleshootingFirewall traversalVPN protocols
Question #15Firewall policies and authentication
Refer to the exhibit. FortiGate has two separate firewall policies for Sales and Engineering to access the same web server with the same security profiles. Which action must the ad...
Firewall policiesPolicy consolidationMultiple interface policyFortiGate administration
Question #16Content inspection
You have configured an application control profile, set peer-to-peer traffic to Block under the Categories tab, and applied it to the firewall policy. However, your peer-to-peer tr...
Application ControlNetwork Protocol EnforcementTraffic IdentificationFirewall Policies
Question #17Firewall policies and authentication
When configuring firewall policies which of the following is true regarding the policy ID?
Firewall PoliciesPolicy IDFortiGate ConfigurationPolicy Management
Question #18Deployment and system configuration
Which two statements are correct when FortiGate enters conserve mode? (Choose two.)
conserve modesystem resourcesoperational behaviorsecurity bypass
Question #19VPN
A remote user reports slow SSL VPN performance and frequent disconnections. The user is located in an area with poor internet connectivity. What setting should the administrator ad...
SSL VPNDTLSPerformance TuningHigh Latency
Question #20VPN
An administrator wants to analyze and manage digital certificates to prevent browser warnings when users connect to the SSL VPN portal. Which two statements describe how to correct...
SSL VPNDigital CertificatesCertificate AuthorityBrowser Trust
Question #21Firewall policies and authentication
An administrator suspects that the Collector Agent is not forwarding login events to FortiGate. What is the most effective troubleshooting step?
FSSOCollector AgentTroubleshootingNetworking Ports
Question #22VPN
Refer to the exhibit. A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phas...
IPsec VPNFortiGatePhase 2Troubleshooting
Question #23Deployment and system configuration
Refer to the exhibits. An administrator has observed the performance status outputs on an HA cluster for 55 seconds. Which FortiGate is the primary?
FortiGate HAHA Primary ElectionHA FailoverSystem Performance Monitoring
Question #24Firewall policies and authentication
Which statement correctly describes NetAPI polling mode for the FSSO collector agent?
FSSOAuthenticationNetAPI PollingUser Logout Tracking
Question #25Firewall policies and authentication
You have configured the FortiGate device for FSSO. A user is successful in log-in to windows, but their access to the internet is denied. What should the administrator check first?
FSSOUser authenticationTroubleshootingFirewall policies
Question #26Routing
What are three key routing principles in SD-WAN? (Choose three.)
SD-WANRouting PrinciplesRoute PrecedenceFortiGate SD-WAN
Question #27Firewall policies and authentication
Refer to the exhibits. The exhibits show a diagram of a FortiGate device connected to the network, as well as the IP pool configuration and firewall policy objects. The WAN (port2)...
Source NAT (SNAT)Firewall PolicyIP PoolNAT
Question #28Firewall policies and authentication
Refer to the exhibits. The exhibits show a diagram of a FortiGate device connected to the network, and the firewall configuration. An administrator created a Deny policy with defau...
Firewall PoliciesDeny PolicyDestination AddressAccess Control
Question #29Deployment and system configuration
Refer to the exhibits. The exhibits show the system performance output and default configuration of high memory usage thresholds on a FortiGate device. Based on the system performa...
FortiGate Conserve ModeMemory UsageSystem PerformanceTroubleshooting
Question #30Deployment and system configuration
Refer to the exhibits. Based on the current HA status, an administrator updates the override and priority parameters on HQ-NGFW-1 and HQ-NGFW-2 as shown in the exhibit. What would...
High Availability (HA)FortiGate ConfigurationPrimary ElectionHA Override/Priority
Question #31Deployment and system configuration
Refer to the exhibits. An administrator wants to add HQ-ISFW-2 in the Security Fabric. HQ-ISFW- 2 is in the same subnet as HQ-ISFW. After configuring the Security Fabric settings o...
Security FabricDevice authorizationFortiGate deploymentTroubleshooting
Question #32Content inspection
Refer to the exhibit. The exhibit shows the FortiGuard Category Based Filter section of a corporate web filter profile. An administrator must block access to download.com, which be...
Web FilteringURL FilteringFortiGuard CategoriesWeb Override Rating
Question #33VPN
An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when there is no inbo...
DPDIPsec VPNFortiGate DPD ModesTunnel Monitoring
Question #34Routing
Which two statements about equal-cost multi-path (ECMP) configuration on FortiGate are true? (Choose two.)
ECMPSD-WANLoad BalancingRouting Configuration
Question #35Firewall policies and authentication
You have created a web filter profile named restrict_media-profile with a daily category usage quota. When you are adding the profile to the firewall policy, the restrict_media-pro...
Firewall policiesWeb filter profilesInspection modesProfile compatibility
Question #36Firewall policies and authentication
Refer to the exhibit. As an administrator you have created an IPS profile, but it is not performing as expected. While testing you got the output as shown in the exhibit. What coul...
IPSFirewall PoliciesSecurity ProfilesTroubleshooting
Question #37Content inspection
Refer to the exhibit. The predefined deep-inspection and custom-deep-inspection profiles exclude some web categories from SSL inspection, as shown in the exhibit. For which two rea...
SSL Inspection ExclusionsFortiGate Deep InspectionHSTSData Privacy
Question #38Deployment and system configuration
Refer to the exhibit. The NOC team connects to the FortiGate GUI with the NOC_Access admin profile. They request that their GUI sessions do not disconnect too early during inactivi...
Admin ProfilesGUI TimeoutSession ManagementSystem Configuration
Question #39Deployment and system configuration
Refer to the exhibit. Based on this partial configuration, what are the two possible outcomes when FortiGate enters conserve mode? (Choose two.)
Conserve ModeSystem StabilityMemory ManagementConfiguration Restrictions
Question #40Content inspection
A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy. When downloading an EICAR test file through HTTP, FortiGate detects the virus...
SSL InspectionCertificate InspectionSSL ExemptionAntivirus
Question #41Routing
You have configured the below commands on a FortiGate. What would be the impact of this configuration on FortiGate?
Reverse Path Forwarding (RPF)Interface ConfigurationGlobal vs. Interface SettingsNetwork Security
Question #42Content inspection
Refer to the exhibit. What would be the impact of these settings on the Server certificate SNI check configuration on FortiGate?
SSL InspectionSNICertificate ValidationConnection Enforcement
Question #43Firewall policies and authentication
A new administrator is configuring FSSO authentication on FortiGate using DC Agent Mode. Which step is NOT part of the expected process?
FSSOAuthentication ProcessDC Agent ModeFortiGate Integration
Question #44Firewall policies and authentication
A network administrator is reviewing firewall policies in both Interface Pair View and By Sequence View. The policies appear in a different order in each view. Why is the policy or...
Firewall PoliciesPolicy ViewsPolicy OrderFortiGate Management
Question #45VPN
An administrator notices that some users are unable to establish SSL VPN connections, while others can connect without any issues. What should the administrator check first?
SSL VPNTroubleshootingConnectivityPort number
Question #46Firewall policies and authentication
Refer to the exhibit. Why did FortiGate drop the packet?
Firewall policyImplicit denyTraffic processingDefault policy
Question #47Firewall policies and authentication
Refer to the exhibits. The exhibits show a diagram of a FortiGate device connected to the network, as well as the IP pool configuration and firewall policy objects. The WAN (port1)...
Source NAT (SNAT)IP PoolsFirewall PolicyFortiGate NAT
Question #48Content inspection
A network administrator has configured an SSL/SSH inspection profile defined for full SSL inspection and set with a private CA certificate. The firewall policy that allows the traf...
SSL inspectionPrivate CABrowser trust storeCertificate errors
Question #49Firewall policies and authentication
What are two features of collector agent advanced mode? (Choose two.)
Collector AgentAdvanced ModeLDAP IntegrationUser Group Management
Question #50VPN
You are encountering connectivity problems caused by intermediate devices blocking IPsec traffic. In which two ways can you effectively resolve the problem? (Choose two.)
VPN troubleshootingIPsecSSL VPNPort blocking

Page 1 of 3Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.