FCP_FGT_AD-7.6 Online Practice Questions

Home / Fortinet / FCP_FGT_AD-7.6

Latest FCP_FGT_AD-7.6 Exam Practice Questions

The practice questions for FCP_FGT_AD-7.6 exam was last updated on 2025-08-24 .

Viewing page 1 out of 20 pages.

Viewing questions 1 out of 103 questions.

Question#1

Refer to the exhibit.



Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?

A. All traffic from a source IP to a destination IP is sent to the same interface.
B. Traffic is sent to the link with the lowest latency.
C. Traffic is distributed based on the number of sessions through each interface.
D. All traffic from a source IP is sent to the same interface

Explanation:
For traffic that does not match any of the defined SD-WAN rules, the default implicit SD-WAN rule is applied. By default, the FortiGate uses a "source-destination IP-based" algorithm, which means all traffic from a specific source IP to a specific destination IP is sent through the same interface. This ensures that a consistent path is used for traffic between the same source and destination IP addresses. Options B, C, and D do not apply because the default algorithm does not prioritize by latency, session count, or source IP alone.
Reference: FortiOS 7.4.1 Administration Guide: SD-WAN Load Balancing Algorithms​

Question#2

Which two statements are true about the FGCP protocol? (Choose two.)

A. Is used to discover FortiGate devices in different HA groups
B. Not used when FortiGate is in Transparent mode
C. Runs only over the heartbeat links
D. Elects the primary FortiGate device

Explanation:
C. Runs only over the heartbeat links: FGCP utilizes heartbeat links for exchanging heartbeat packets to monitor the health of the cluster. While heartbeat links play a crucial role, other interfaces can also be used for synchronization and communication within the cluster.
D. Elects the primary FortiGate device: FGCP is responsible for the election of the primary FortiGate device in a high availability (HA) cluster. The primary FortiGate manages the traffic while the secondary FortiGate stays in standby mode.

Question#3

Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?

A. To remove the NAT operation.
B. To generate logs
C. To finish any inspection operations.
D. To allow for out-of-order packets that could arrive after the FIN/ACK packets.

Explanation:
To allow for out-of-order packets that could arrive after the FIN/ACK packets.
TCP provides the ability for one end of a connection to terminate its output while still receiving data from the other end. This is called a half-close. FortiGate unit implements a specific timer before removing an entry in the firewall session table.
When a session is closed by both sides, FortiGate keeps it in the session table for a few seconds more, t‹ allow any out-of-order packets that could arrive after the FIN/ACK packet. This is the state value. One of the reasons FortiGate keeps TCP sessions in the session table for several seconds, even after both sides have terminated the session, is indeed to allow for out-of-order packets that could arrive after the FIN/ACK packets. This helps in handling potential network delays and ensuring that all relevant packets are processed before fully closing the session.

Question#4

Which two statements describe how the RPF check is used? (Choose two.)

A. The RPF check is run on the first sent packet of any new session.
B. The RPF check is run on the first reply packet of any new session.
C. The RPF check is run on the first sent and reply packet of any new session.
D. The RPF check is a mechanism that protects FortiGate and the network from IP spoofing attacks.

Explanation:
The Reverse Path Forwarding (RPF) check is run on the first sent packet of any new session to ensure that the packet arrives on a legitimate interface. This check protects the network from IP spoofing attacks by verifying that a return route exists from the receiving interface back to the source IP address. If the route is invalid or not found, the packet is discarded. Options B and C are incorrect because RPF checks are performed on the first sent packet, not the reply packet.
Reference: FortiOS 7.4.1 Administration Guide: Reverse Path Forwarding (RPF) Check

Question#5

Which two VDOMs are the default VDOMs created when FortiGate is set up in split VDOM mode? (Choose two.)

A. FG-traffic
B. Mgmt
C. FG-Mgmt
D. Root

Explanation:
Root VDOM is created by default when VDOMs are enabled.
configure on Fortigate:
- captive portal authentication required
- Authentication failed message for Sales users
- Authentication success for HR users
- second policy used by HR users
In FortiOS, when setting up a FortiGate in split VDOM mode, the default VDOMs created are FG-traffic and Root.
So, in this case, the correct answers would be A. FG-traffic and D. Root.

Exam Code: FCP_FGT_AD-7.6Q & A: 292 Q&AsUpdated:  2025-08-24

 Get All FCP_FGT_AD-7.6 Q&As

Top 20 Exams

CertQuestionsBank doesn't offer Real Microsoft, Amazon, Cisco Exam Questions. All CertQuestionsBank content is sourced from the Internet.

Important Links

Know Us

Follow Us

Copyright © 2025 CertQuestionsBank NETWORK CO.,LIMITED. All Rights Reserved.