FCSS_EFW_AD-7.6 Fortinet Exam Questions and Free Practice Test

Question 13

Refer to the exhibit, which shows a physical topology and a traffic log.
FCSS_EFW_AD-7.6 dumps exhibit
The administrator is checking on FortiAnalyzer traffic from the device with IP address 10.1.10.1, located behind the FortiGate ISFW device.
The firewall policy in on the ISFW device does not have UTM enabled and the administrator is surprised to see a log with the action Malware, as shown in the exhibit.
What are the two reasons FortiAnalyzer would display this log? (Choose two.)

A. Security rating is enabled in ISFW.

B. ISFW is in a Security Fabric environment.

C. ISFW is not connected to FortiAnalyzer and must go through NGFW-1.

D. The firewall policy in NGFW-1 has UTM enabled.

Correct Answer:BD

Question 14

Refer to the exhibits.
FCSS_EFW_AD-7.6 dumps exhibit

The Administrators section of a root FortiGate device and the Security Fabric Settings section of a downstream FortiGate device are shown.
When prompted to sign in with Security Fabric in the downstream FortiGate device, a user enters the AdminSSO credentials.
What is the next status for the user?

A. The user is prompted to create an SSO administrator account for AdminSSO.

B. The user receives an authentication failure message.

C. The user accesses the downstream FortiGate with super_admin_readonly privileges.

D. The user accesses the downstream FortiGate with super_admin privileges.

Correct Answer:C

Question 15

What action can be taken on a FortiGate to block traffic using IPS protocol decoders, focusing on network transmission patterns and application signatures?

A. Use the DNS filter to block application signatures and protocol decoders.

B. Use application control to limit non-URL-based software handling.

C. Enable application detection-based SD-WAN rules.

D. Configure a web filter profile in flow mode.

Correct Answer:B

Question 16

Refer to the exhibit.
FCSS_EFW_AD-7.6 dumps exhibit
The routing tables of FortiGate_A and FortiGate_B are shown. FortiGate_A and FortiGate_B are in the same autonomous system.
The administrator wants to dynamically add only route 172.16.1.248/30 on FortiGate_A. What must the administrator configure?

A. The prefix 172.16.1.248/30 in the BGP Networks section on FortiGate_B

B. A BGP route map out for 172.16.1.248/30 on FortiGate_B

C. Enable Redistribute Connected in the BGP section on FortiGate_B.

D. A BGP route map in for 172.16.1.248/30 on FortiGate_A

Correct Answer:B

Question 17

Refer to the exhibit, which shows an ADVPN network
FCSS_EFW_AD-7.6 dumps exhibit
An administrator must configure an ADVPN using IBGP and EBGP to connect overlay network 1 with 2.
What two options must the administrator configure in BGP? (Choose two.)

A. set ebgp-enforce-multrhop enable

B. set next-hop-self enable

C. set ibgp-enforce-multihop advpn

D. set attribute-unchanged next-hop

Correct Answer:AB

START FCSS_EFW_AD-7.6 EXAM