FCP_FGT_AD-7.6 Fortinet Exam Questions and Free Practice Test

Question 7

What is the primary FortiGate election process when the HA override setting is enabled?

A. Connected monitored ports > Priority > HA uptime > FortiGate serial number

B. Connected monitored ports > Priority > System uptime > FortiGate serial number

C. Connected monitored ports > HA uptime > Priority > FortiGate serial number

D. Connected monitored ports > System uptime > Priority > FortiGate serial number

Correct Answer:A
When HA override is enabled, FortiGate uses the following election order: number of connected monitored ports, then device priority, followed by HA uptime, and finally FortiGate serial number as a tiebreaker.

Question 8

Refer to the exhibits.
FCP_FGT_AD-7.6 dumps exhibit
The exhibits show the system performance output and default configuration of high memory usage thresholds on a FortiGate device.
Based on the system performance output, what are the two possible outcomes? (Choose two.)

A. FortiGate has entered conserve mode.

B. Administrators can access FortiGate only through the console port.

C. Administrators can change the configuration.

D. FortiGate drops new sessions.

Correct Answer:CD
Since memory usage is at 90%, exceeding the red threshold (88%), FortiGate enters a state where configuration changes are still allowed.
In this state, FortiGate drops new sessions to preserve resources and maintain stability.

Question 9

You have configured the below commands on a FortiGate.
FCP_FGT_AD-7.6 dumps exhibit
What would be the impact of this configuration on FortiGate?

A. FortiGate will enable strict RPF on ail its interfaces and port1 will be enable for asymmetric routing.

B. FortiGate will enable strict RPF on all its interfaces and port1 will be exempted from RPF checks.

C. Port1 will be enabled with flexible RPF, and all other interfaces will be enabled for strict RPF

D. The global configuration will take precedence and FortiGate will enable strict RPF on all interfaces.

Correct Answer:B
The global setting enables strict source checking (RPF) on all interfaces by default. The per-interface setting disables the source check on port1, exempting it from strict RPF enforcement.

Question 10

Which two statements are correct when FortiGate enters conserve mode? (Choose two.)

A. FortiGate continues to run critical security actions, such as quarantine.

B. FortiGate refuses to accept configuration changes.

C. FortiGate halts complete system operation and requires a reboot to regain available resources.

D. FortiGate continues to transmit packets without IPS inspection when the fail-open global setting in IPS is enabled.

Correct Answer:BD
In conserve mode, FortiGate restricts configuration changes to preserve system stability.
When IPS fail-open is enabled, FortiGate continues forwarding traffic without IPS inspection during resource constraints (conserve mode).

Question 11

Refer to the exhibits.
FCP_FGT_AD-7.6 dumps exhibit
An administrator wants to add HQ-ISFW-2 in the Security Fabric. HQ-ISFW-2 is in the same subnet as HQ- ISFW. After configuring the Security Fabric settings on HQ-ISFW-2, the status staysPending.
What can be the two possible reasons? (Choose two.)

A. Upstream FortiGate IP must be set to 10.0.11.254.

B. SAML Single Sign-On must be set to Manual.

C. HQ-ISFW-2 must be authorized on HQ-ISFW.

D. Management IP must be set to 10.0.13.254.

Correct Answer:AC
The Upstream FortiGate IP should match the IP address of the Fabric Root interface, which is 10.0.11.254, not 10.0.13.254.
The new device (HQ-ISFW-2) must be authorized on the Fabric Root (HQ-ISFW) before it can join the Security Fabric, otherwise the status remains pending.

Question 12

An administrator wanted to configure an IPS sensor to block traffic that triggers a signature set number of times during a specific time period.
How can the administrator achieve the objective?

A. Use IPS group signatures, set rate-mode 60.

B. Use IPS packet logging option with periodical filter option.

C. Use IPS filter, rate-mode periodical option.

D. Use IPS filter, rate-mode periodical option.

Correct Answer:C
The IPS filter with the rate-mode set to "periodical" allows the administrator to block traffic that triggers a signature a specified number of times within a defined time period, meeting the requirement.

START FCP_FGT_AD-7.6 EXAM