Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Fortinet FCP_FGT_AD-7.6 - FortiGate 7.6 Administrator FCP_FGT_AD-7.6

Fortinet FCP_FGT_AD-7.6 Premium Access     Download Demo    
Page: 1 / 2
Total 45 questions

You have created a web filter profile named restrict_media-profile with a daily category usage quota.

When you are adding the profile to the firewall policy, the restrict_media-profile is not listed in the available web profile drop down.

What could be the reason?

A.

The firewall policy is in no-inspection mode instead of deep-inspection.

B.

The inspection mode in the firewall policy is not matching with web filter profile feature set.

C.

The web filter profile is already referenced in another firewall policy.

D.

The naming convention used in the web filter profile is restricting it in the firewall policy.

You have configured an application control profile, set peer-to-peer traffic to Block under the Categories tab, and applied it to the firewall policy. However, your peer-to-peer traffic on known ports is passing through the FortiGate without being blocked.

What FortiGate settings should you check to resolve this issue?

A.

FortiGuard category ratings

B.

Application and Filter Overrides

C.

Network Protocol Enforcement

D.

Replacement Messages for UDP-based Applications

Refer to the exhibits.

The exhibits show the system performance output and default configuration of high memory usage thresholds on a FortiGate device.

Based on the system performance output, what are the two possible outcomes? (Choose two.)

A.

FortiGate has entered conserve mode.

B.

Administrators can access FortiGate only through the console port.

C.

Administrators can change the configuration.

D.

FortiGate drops new sessions.

Which three statements about SD-WAN performance SLAs are true? (Choose three.)

A.

They rely on session loss and jitter.

B.

They can be measured actively or passively.

C.

They are applied in a SD-WAN rule lowest cost strategy.

D.

They monitor the state of the FortiGate device.

E.

All the SLAtargets can be configured.

A FortiGate firewall policy is configured with active authentication, however, the user cannot authenticate when accessing a website.

Which protocol must FortiGate allow even though the user cannot authenticate?

A.

LDAP

B.

TACASC+

C.

Kerberos

D.

DNS

Refer to the exhibits.

The exhibits show a diagram of a FortiGate device connected to the network, as well as the IP pool configuration and firewall policy objects.

TheWAN (port2)interface has the IP address100.65.0.101/24.

TheLAN (port4)interface has the IP address10.0.11.254/24.

Which IP address will be used to source NAT (SNAT) the traffic, if the user on

HQ-PC-1 (10.0.11.50) pings the IP address of BR-FGT (100.65.1.111)

A.

100.65.0.101

B.

100.65.0.49

C.

100.65.0.99

D.

100.65.0.149

What is the primary FortiGate election process when the HA override setting is enabled?

A.

Connected monitored ports > Priority > HA uptime > FortiGate serial number

B.

Connected monitored ports > Priority > System uptime > FortiGate serial number

C.

Connected monitored ports > HA uptime > Priority > FortiGate serial number

D.

Connected monitored ports > System uptime > Priority > FortiGate serial number

A new administrator is configuring FSSO authentication on FortiGate using DC Agent Mode.

Which step is NOT part of the expected process?

A.

The DC agent sends login event data directly to FortiGate.

B.

The user logs into the windows domain.

C.

The collector agent forwards login event data to FortiGate.

D.

FortiGate determines user identity based on the IP address in the FSSO list.

An administrator wanted to configure an IPS sensor to block traffic that triggers a signature set number of times during a specific time period.

How can the administrator achieve the objective?

A.

Use IPS group signatures, set rate-mode 60.

B.

Use IPS packet logging option with periodical filter option.

C.

Use IPS filter, rate-mode periodical option.

D.

Use IPS filter, rate-mode periodical option.

Refer to the exhibit.

The predefined deep-inspection and custom-deep-inspection profiles exclude some web categories from SSL inspection, as shown in the exhibit.

For which two reasons are these web categories exempted? (Choose two.)

A.

The FortiGate temporary certificate denies the browser’s access to websites that use HTTP Strict Transport Security.

B.

These websites are in an allowlist of reputable domain names maintained by FortiGuard.

C.

The resources utilization is optimized because these websites are in the trusted domain list on FortiGate.

D.

The legal regulation aims to prioritize user privacy and protect sensitive information for these websites.