Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Fortinet FCP_FGT_AD-7.6 - FortiGate 7.6 Administrator FCP_FGT_AD-7.6

Fortinet FCP_FGT_AD-7.6 Premium Access     Download Demo    
Page: 1 / 2
Total 48 questions

Refer to the exhibit.

FortiGate has two separate firewall policies for Sales and Engineering to access the same web server with the same security profiles.

Which action must the administrator perform to consolidate the two policies into one?

A.

Create an Aggregate interface that includes port1 and port2 to create a single firewall policy.

B.

Select port1 and port2 subnets in a single firewall policy.

C.

Replace port1 and port2 with the any interface in a single firewall policy.

D.

Enable Multiple Interface Policies to select port1 and port2 in the same firewall policy.

Refer to the exhibit.

The NOC team connects to the FortiGate GUI with the NOC_Access admin profile. They request that their GUI sessions do not disconnect too early during inactivity.

What must the administrator configure to answer this specific request from the NOC team?

A.

Move NOC_Access to the top of the list to ensure all profile settings take effect.

B.

Increase the offline value of the Override Idle Timeout parameter in the NOC_Access admin profile.

C.

Ensure that all NOC_Access users are assigned the super_admin role to guarantee access

D.

Increase the admintimeout value under config system accprofile NOC_Access.

You are encountering connectivity problems caused by intermediate devices blocking IPsec traffic.

In which two ways can you effectively resolve the problem? (Choose two.)

A.

You should use the protocol IKEv2.

B.

You can use SSL VPN tunnel mode to prevent problems with blocked ESP and UDP ports (500 or 4500).

C.

You can configure a hub-and-spoke topology with SSL VPN tunnels to bypass blocked UDP ports.

D.

You can turn on fragmentation to fix large certificate negotiation problems.

Which two statements about equal-cost multi-path (ECMP) configuration on FortiGate are true? (Choose two.)

A.

If SD-WAN is disabled, you can configure the parameter v4-ecmp-mode to volume-based.

B.

If SD-WAN is enabled, you can configure routes with unequal distance and priority values to be part of ECMP.

C.

If SD-WAN is disabled, you configure the load balancing algorithm in config system settings.

D.

If SD-WAN is enabled, you control the load balancing algorithm with the parameter load-balance-mode.

FortiGate is operating in NAT mode and has two physical interfaces connected to the LAN and DMZ networks respectively.

Which two statements about the requirements of connected physical interfaces on FortiGate are true? (Choose two.)

A.

Both interfaces must have the interface role assigned.

B.

Both interfaces must have directly connected routes on the routing table.

C.

Both interfaces must have DHCP enabled and interfaces set to LAN and DMZ roles assigned.

D.

Both interfaces must have IP addresses assigned.

When configuring firewall policies which of the following is true regarding the policy ID?

A.

It is mandatory to provide a policy ID while creating a firewall policy regardless of GUI or CLI.

B.

A firewall policy ID identifies the order of policy execution in firewall policies.

C.

You can create a policy in CLI with policy ID 0.

D.

A policy ID cannot be edited once a policy is created.

Refer to the exhibits.

The exhibits show a diagram of a FortiGate device connected to the network, as well as the IP pool configuration and firewall policy objects.

The WAN (port2) interface has the IP address 100.65.0.101/24.

The LAN (port4) interface has the IP address 10.0.11.254/24.

Which IP address will be used to source NAT (SNAT) the traffic, if the user on

HQ-PC-1 (10.0.11.50) pings the IP address of BR-FGT (100.65.1.111)

A.

100.65.0.101

B.

100.65.0.49

C.

100.65.0.99

D.

100.65.0.149

Refer to the exhibit.

What would be the impact of these settings on the Server certificate SNI check configuration on FortiGate?

A.

FortiGate will accept and use the CN in the server certificate for URL filtering if the SNI does not match the CN or SAN fields.

B.

FortiGate will accept the connection with a warning if the SNI does not match the CN or SAN fields.

C.

FortiGate will close the connection if the SNI does not match the CN or SAN fields.

D.

FortiGate will close the connection if the SNI does not match the CN and SAN fields

Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI.

Based on the exhibit, which statement is true?

A.

The Underlay zone is the zone by default.

B.

The Underlay zone contains no member.

C.

port2 and port3 are not assigned to a zone.

D.

The virtual-wan-link and overlay zones can be deleted.

Refer to the exhibits.

The exhibits show the system performance output and default configuration of high memory usage thresholds on a FortiGate device.

Based on the system performance output, what are the two possible outcomes? (Choose two.)

A.

FortiGate has entered conserve mode.

B.

Administrators can access FortiGate only through the console port.

C.

Administrators can change the configuration.

D.

FortiGate drops new sessions.