FCP_FGT_AD-7.6 Online Practice Questions

Home / Fortinet / FCP_FGT_AD-7.6

Latest FCP_FGT_AD-7.6 Exam Practice Questions

The practice questions for FCP_FGT_AD-7.6 exam was last updated on 2026-04-10 .

Viewing page 1 out of 2 pages.

Viewing questions 1 out of 14 questions.

Question#1

You have configured an application control profile, set peer-to-peer traffic to Block under the Categories tab, and applied it to the firewall policy. However, your peer-to-peer traffic on known ports is passing through the FortiGate without being blocked.
What FortiGate settings should you check to resolve this issue?

A. FortiGuard category ratings
B. Application and Filter Overrides
C. Network Protocol Enforcement
D. Replacement Messages for UDP-based Applications

Explanation:
Network Protocol Enforcement settings control how FortiGate inspects and enforces protocols on traffic, including peer-to-peer applications on known ports. If not properly enabled, peer-to-peer traffic may bypass blocking despite the application control profile.

Question#2

You are encountering connectivity problems caused by intermediate devices blocking IPsec traffic.
In which two ways can you effectively resolve the problem? (Choose two.)

A. You can use SSL VPN tunnel mode to prevent problems with blocked ESP and UDP ports (500 or 4500).
B. You can configure a hub-and-spoke topology with SSL VPN tunnels to bypass blocked UDP ports.
C. You can turn on fragmentation to fix large certificate negotiation problems.
D. You should use the protocol IKEv2.

Explanation:
Using SSL VPN tunnel mode avoids issues with blocked ESP (IP protocol 50) and UDP ports (500/4500), since SSL VPN uses HTTPS (TCP 443), which is usually allowed.
Switching to IKEv2 helps with NAT traversal and firewall compatibility because it supports UDP encapsulation on port 4500 and is more robust than IKEv1.

Question#3

Refer to the exhibit.



The predefined deep-inspection and custom-deep-inspection profiles exclude some web categories from SSL inspection, as shown in the exhibit.
For which two reasons are these web categories exempted? (Choose two.)

A. The FortiGate temporary certificate denies the browser's access to websites that use HTTP Strict Transport Security.
B. These websites are in an allowlist of reputable domain names maintained by FortiGuard.
C. The resources utilization is optimized because these websites are in the trusted domain list on FortiGate.
D. The legal regulation aims to prioritize user privacy and protect sensitive information for these websites.

Explanation:
FortiGate's temporary SSL certificate may cause access denial to sites using HTTP Strict Transport Security (HSTS), so such sites are exempted from deep SSL inspection.
Legal regulations require exemption of certain categories to protect user privacy and sensitive information, so these web categories are excluded from SSL inspection.

Question#4

FortiGate is operating in NAT mode and has two physical interfaces connected to the LAN and DMZ networks respectively.
Which two statements about the requirements of connected physical interfaces on FortiGate are true? (Choose two.)

A. Both interfaces must have the interface role assigned.
B. Both interfaces must have directly connected routes on the routing table.
C. Both interfaces must have DHCP enabled and interfaces set to LAN and DMZ roles assigned.
D. Both interfaces must have IP addresses assigned.

Explanation:
Interfaces must have directly connected routes in the routing table to forward traffic correctly.
Interfaces must have IP addresses assigned to communicate within their respective networks.

Question#5

When configuring a FortiGate in a multi-WAN setup, why would an administrator enable session preservation on an interface?

A. To allow the FortiGate to dynamically change interfaces for all active sessions when a WAN link fails
B. To make sure all sessions without source NAT enabled always use the primary WAN link
C. To improve security by forcing users to authenticate again when the WAN link changes
D. To ensure that existing SSL VPN connections remain on the same interface even if route changes occur

Explanation:
Session preservation keeps active sessions, such as SSL VPNs, tied to the original interface to prevent disruption when WAN routes change.

Disclaimer

This page is for educational and exam preparation reference only. It is not affiliated with Fortinet, FCP in Network Security, or the official exam provider. Candidates should refer to official documentation and training for authoritative information.

Exam Code: FCP_FGT_AD-7.6Q & A: 88 Q&AsUpdated:  2026-04-10

  Get All FCP_FGT_AD-7.6 Q&As

Top 20 Exams

CertQuestionsBank doesn't offer Real Microsoft, Amazon, Cisco Exam Questions. All CertQuestionsBank content is sourced from the Internet.

Important Links

Know Us

Follow Us

Payment Methods

Payment Methods

Copyright © 2026 Certquestionbank.com Limited. All Rights Reserved.