FCP_FGT_AD-7.6 Sample Questions Answers

FortiGate continues to run critical security actions, such as quarantine.

FortiGate refuses to accept configuration changes.

FortiGate halts complete system operation and requires a reboot to regain available resources.

FortiGate continues to transmit packets without IPS inspection when the fail-open global setting in IPS is enabled.

Actions involve only devices included in the Security Fabric.

An automation stitch can have multiple triggers.

Multiple actions can run in parallel.

Triggers can involve external connectors.

Enabled

On Idle

Disabled

On Demand

Change the Feature set of Web Filter Profile as Proxy-based.

Set the Action as Exempt for www.facebook.com

in the Static URL Filter.

Change the type as Simple in the Static URL Filter section.

Set the Social Networking action as warning in the FortiGuard Category Based Filter.

You should use the protocol IKEv2.

You can use SSL VPN tunnel mode to prevent problems with blocked ESP and UDP ports (500 or 4500).

You can configure a hub-and-spoke topology with SSL VPN tunnels to bypass blocked UDP ports.

You can turn on fragmentation to fix large certificate negotiation problems.

Create an Aggregate interface that includes port1 and port2 to create a single firewall policy.

Select port1 and port2 subnets in a single firewall policy.

Replace port1 and port2 with the any interface in a single firewall policy.

Enable Multiple Interface Policies to select port1 and port2 in the same firewall policy.

On BR1-FGT, set Seconds to 43200.

On HQ-NGFW, enable Diffie-Hellman Group 2.

On BR1-FGT, set Remote Address to 10.0.11.0/255.255.255.0

On HQ-NGFW. set Encryption to AES256

The firewall policy is in no-inspection mode instead of deep-inspection.

The inspection mode in the firewall policy is not matching with web filter profile feature set.

The web filter profile is already referenced in another firewall policy.

The naming convention used in the web filter profile is restricting it in the firewall policy.

By default. SD-WAN rules are skipped if the included SD-WAN members do not have a valid route to the destination.

SD-WAN rules have precedence over any other type of routes.

Regular policy routes have precedence over SD-WAN rules.

By default. SD-WAN rules are skipped if only one route to the destination is available.

By default. SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member.

To allow the FortiGate to dynamically change interfaces for all active sessions when a WAN link fails

To make sure all sessions without source NAT enabled always use the primary WAN link

To improve security by forcing users to authenticate again when the WAN link changes

To ensure that existing SSL VPN connections remain on the same interface even if route changes occur

Move NOC_Access to the top of the list to ensure all profile settings take effect.

Increase the offline value of the Override Idle Timeout parameter in the NOC_Access admin profile.

Ensure that all NOC_Access users are assigned the super_admin role to guarantee access

Increase the admintimeout value under config system accprofile NOC_Access.