Free FCP_FGT_AD-7.6 Sample Questions — FCP - FortiGate 7.6 Administrator

Which two statements about the Security Fabric rating are true? (Choose two.)

• A. license is required to obtain an executive summary in the Security Rating section
• B. The root FortiGate provides executive summaries of all the FortiGate devices in the Security Fabric
• C. The Security Posture category provides PCI compliance results
• D. Security Rating Insights are available only in the Security Rating page

Which inspection mode does FortiGate use for application profiles if it is configured as a profile-based next-generation firewall (NGFW)?

• A. Certificate inspection
• B. Flow-based inspection
• C. Proxy-based inspection
• D. Full content inspection

An administrator suspects that the Collector Agent is not forwarding login events to FortiGate. What is the most effective troubleshooting step?

• A. Verify if DC agent is enabled on the FortiGate
• B. Restart the domain controller to refresh authentication services
• C. Verify if FortiGate is set to use LDAP authentication instead of FSSO
• D. Check if TCP port 8000 is open between the collector agent and FortiGate

Which two statements are correct when FortiGate enters conserve mode? (Choose two.)

• A. FortiGate continues to run critical security actions, such as quarantine
• B. FortiGate refuses to accept configuration changes
• C. FortiGate halts complete system operation and requires a reboot to regain available resources
• D. FortiGate continues to transmit packets without IPS inspection when the fail-open global setting in IPS is enabled

You are analyzing connectivity problems caused by intermediate devices blocking traffic in SSL VPN environment. In which two ways can you effectively resolve the problem? (Choose two.)

• A. You can turn off IKE fragmentation to fix large certificate negotiation problems
• B. You should use IPsec to solve issues with fragment drops and large certificate exchanges
• C. You can use SSL VPN tunnel mode to prevent problems with blocked ESP and UDP ports (500 or 4500)
• D. You can configure a hub-and-spoke topology with SSL VPN tunnels to bypass blocked UDP ports

Which statement correctly describes NetAPI polling mode for the FSSO collector agent?

• A. The collector agent uses a Windows API to query DCs for user logins
• B. NetAPI polling can increase bandwidth usage in large networks
• C. The NetSessionEnum function is used to track user logouts
• D. The collector agent must search Windows application event logs

An administrator manages a FortiGate model that supports NTurbo. How does NTurbo acceleration enhance antivirus performance?

• A. For proxy-based inspection, NTurbo offloads traffic to the content processor
• B. For flow-based inspection, NTurbo establishes a dedicated data path to redirect traffic between the IPS engine and FortiGate ingress and egress interfaces
• C. For proxy-based inspection, NTurbo buffers the whole file and then sends it to the antivirus engine
• D. For flow-based inspection, NTurbo creates two inspection sessions on the FortiGate device

FortiGate is integrated with FortiAnalyzer and FortiManager. When creating a firewall policy, which attribute must an administrator include to enhance functionality and enable log recording on FortiAnalyzer and FortiManager?

• A. Policy ID
• B. Log ID
• C. Universally Unique Identifier
• D. Sequence ID

What are two features of FortiGate FSSO agentless polling mode? (Choose two.)

• A. FortiGate directs the collector agent to use a remote LDAP server
• B. FortiGate uses the SMB protocol to read the event viewer logs from the DCs
• C. FortiGate does not support workstation check
• D. FortiGate uses the AD server as the collector agent

Which three statements explain a flow-based antivirus profile? (Choose three.)

• A. FortiGate buffers the whole file but transmits to the client at the same time
• B. Flow-based inspection uses a hybrid of the scanning modes available in proxy-based inspection
• C. If a virus is detected, the last packet is delivered to the client
• D. Flow-based inspection optimizes performance compared to proxy-based inspection
• E. The IPS engine handles the process as a standalone

An administrator wants to form an HA cluster using the FGCP protocol. Which two requirements must the administrator ensure both members fulfill? (Choose two.)

• A. They must have the same HA group ID
• B. They must have the heartbeat interfaces in the same subnet
• C. They must have the same number of configured VDOMs
• D. They must have the same hard drive configuration

A remote user reports slow SSL VPN performance and frequent disconnections. The user is located in an area with poor internet connectivity. What setting should the administrator adjust to improve the user's experience?

• A. Enable split tunneling to reduce VPN traffic
• B. Change the SSL VPN port to a non-standard port
• C. Increase the session timeout for inactive sessions
• D. Configure the DTLS timeout to accommodate high-latency connections

An administrator manages a FortiGate model that supports NTurbo. How does NTurbo enhance performance for flow-based inspection?

• A. NTurbo buffers the whole file and then sends it to the antivirus engine
• B. NTurbo creates a special data path to redirect traffic between the IPS engine its ingress and egress interfaces
• C. NTurbo creates two inspection sessions on the FortiGate device
• D. NTurbo offloads traffic to the content processor

An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings. What is true about the DNS connection to a FortiGuard server?

• A. It uses DNS over TLS
• B. It uses DNS over HTTPS
• C. It uses UDP 8888
• D. It uses UDP 53

A new administrator is configuring FSSO authentication on FortiGate using DC Agent Mode. Which step is NOT part of the expected process?

• A. The DC agent sends login event data directly to FortiGate
• B. The user logs into the windows domain
• C. The collector agent forwards login event data to FortiGate
• D. FortiGate determines user identity based on the IP address in the FSSO list