Online FCSS_EFW_AD-7.6 Practice TestMore Fortinet Products >

Free Fortinet FCSS_EFW_AD-7.6 Exam Dumps Questions

Fortinet FCSS_EFW_AD-7.6: FCSS - Enterprise Firewall 7.6 Administrator

- Get instant access to FCSS_EFW_AD-7.6 practice exam questions

- Get ready to pass the FCSS - Enterprise Firewall 7.6 Administrator exam right now using our Fortinet FCSS_EFW_AD-7.6 exam package, which includes Fortinet FCSS_EFW_AD-7.6 practice test plus an Fortinet FCSS_EFW_AD-7.6 Exam Simulator.

- The best online FCSS_EFW_AD-7.6 exam study material and preparation tool is here.

4.5

(9960 ratings)

Question 1

A company's guest internet policy, operating in proxy mode, blocks access to Artificial Intelligence Technology sites using FortiGuard. However, a guest user accessed a page in this category using port 8443.
Which configuration changes are required for FortiGate to analyze HTTPS traffic on nonstandard ports like 8443 when full SSL inspection is active in the guest policy?

A. Add a URL wildcard domain to the website CA certificate and use it in the SSL/SSH Inspection Profile.

B. In the Protocol Port Mapping section of the SSL/SSH Inspection Profile, enter 443, 8443 to analyze both standard (443) and non-standard (8443) HTTPS ports.

C. To analyze nonstandard ports in web filter profiles, use TLSv1.3 in the SSL/SSH Inspection Profile.

D. Administrators can block traffic on nonstandard ports by enabling the SNI check in the SSL/SSH Inspection Profile.

Correct Answer:B

Question 2

Refer to the exhibit, which shows a network diagram.
FCSS_EFW_AD-7.6 dumps exhibit
An administrator would like to modify the MED value advertised from FortiGate_1 to a BGP neighbor in the autonomous system 30.
What must the administrator configure on FortiGate_1 to implement this?

A. route-map-out

B. network-import-check

C. prefix-list-out

D. distribute-list-out

Correct Answer:A

Question 3

Refer to the exhibit, which contains the partial output of an OSPF command.
FCSS_EFW_AD-7.6 dumps exhibit
An administrator is checking the OSPF status of a FortiGate device and receives the output shown in the exhibit.
What two conclusions can the administrator draw? (Choose two.)

A. The FortiGate device is a backup designated router

B. The FortiGate device is connected to multiple areas

C. The FortiGate device injects external routing information

D. The FortiGate device has OSPF ECMP enabled

Correct Answer:BC

Question 4

Refer to the exhibit, which shows a hub and spokes deployment.
FCSS_EFW_AD-7.6 dumps exhibit
An administrator is deploying several spokes, including the BGP configuration for the spokes to connect to the hub.
Which two commands allow the administrator to minimize the configuration? (Choose two.)

A. neighbor-group

B. route-reflector-client

C. neighbor-range

D. ibgp-enforce-multihop

Correct Answer:AC

Question 5

A user reports that their computer was infected with malware after accessing a secured HTTPS website. However, when the administrator checks the FortiGate logs, they do not see that the website was detected as insecure despite having an SSL certificate and correct profiles applied on the policy.
How can an administrator ensure that FortiGate can analyze encrypted HTTPS traffic on a website?

A. The administrator must enable reputable websites to allow only SSL/TLS websites rated by FortiGuard web filter.

B. The administrator must enable URL extraction from SNI on the SSL certificate inspection to ensure the TLS three-way handshake is correctly analyzed by FortiGate.

C. The administrator must enable DNS over TLS to protect against fake Server Name Indication (SNI) that cannot be analyzed in common DNS requests on HTTPS websites.

D. The administrator must enable full SSL inspection in the SSL/SSH Inspection Profile to decrypt packets and ensure they are analyzed as expected.

Correct Answer:D

Question 6

How will configuring set tcp-mss-sender and set tcp-mss-receiver in a firewall policy affect the size and handling of TCP packets in the network?

A. The maximum segment size permitted in the firewall policy determines whether TCP packets are allowed or denied.

B. Applying commands in a firewall policy determines the largest payload a device can handle in a single TCP segment.

C. The administrator must consider the payload size of the packet and the size of the IP header to configure a correct value in the firewall policy.

D. The TCP packet modifies the packet size only if the size of the packet is less than the one the administrator configured in the firewall policy.

Correct Answer:B

START FCSS_EFW_AD-7.6 EXAM