매달, 우리는 1000명 이상의 사람들이 시험 준비를 잘하고 시험을 잘 통과할 수 있도록 도와줍니다.
FCP - FortiGate 7.6 Administrator 온라인 연습
최종 업데이트 시간: 2025년06월18일
당신은 온라인 연습 문제를 통해 Fortinet FCP_FGT_AD-7.6 시험지식에 대해 자신이 어떻게 알고 있는지 파악한 후 시험 참가 신청 여부를 결정할 수 있다.
시험을 100% 합격하고 시험 준비 시간을 35% 절약하기를 바라며 FCP_FGT_AD-7.6 덤프 (최신 실제 시험 문제)를 사용 선택하여 현재 최신 267개의 시험 문제와 답을 포함하십시오.
정답:
Explanation:
If you enable split-task VDOM mode on the upstream FGT device, it can allow downstream FGT devices to join the Security Fabric in the root and FG-Traffic VDOMs. If split-task VDOM mode is enabled on the downstream FortiGate, it can only connect to the upstream FortiGate through the downstream FortiGate interface on the root VDOM.
정답:
Explanation:
Link aggregation (IEEE 802.3ad) enables you to bind two or more physical interfaces together to form an aggregated (combined) link. This new link has the bandwidth of all the links combined. If a link in the group fails, traffic is transferred automatically to the remaining interfaces with the only noticeable effect being a reduced bandwidth.
To increase network bandwidth and provide redundancy, an administrator can use an Aggregate Interface (also known as Link Aggregation or Port Channel). This interface type allows multiple physical interfaces to be combined into a single logical interface, providing increased bandwidth and fault tolerance. This logical interface appears as a single interface to the rest of the network, and it distributes traffic across the member interfaces.
정답:
Explanation:
The Services option has been added to VIP objects. When services and port forward are configured, only a single mapped port can be configured. However, multiple external ports can be mapped to that single internal port. This configuration was made possible to allow for complex scenarios where multiple sources of traffic are using multiple services to connect to a single computer, while requiring a combination of source and destination NAT, and not requiring numerous VIPs to be bundled into VIP groups. VIPs with different services are considered non-overlapping.
When the Services field is configured in a Virtual IP (VIP), it allows you to specify multiple services or ports for the same VIP. This eliminates the need to create separate VIPs for different services, as you can define multiple services within a single VIP using the Services field. This is particularly useful for simplifying configuration and management.
정답:
Explanation:
The correct options for the methods used by the collector agent for AD polling are:
A. WMI (Windows Management Instrumentation)
WMI is used by the collector agent to query Windows systems for information.
C. WinSecLog (Windows Security Log)
WinSecLog is used to capture security events, including login and logoff events, from Windows systems.
D. NetAPI (Network API)
NetAPI is used for polling user logins and logouts on Windows servers.
The options B and E (Novell API and FortiGate polling) are not typically used for AD polling with Fortinet's FortiGate collector agent.
정답:
Explanation:
Root VDOM is created by default when VDOMs are enabled.
configure on Fortigate:
- captive portal authentication required
- Authentication failed message for Sales users
- Authentication success for HR users
- second policy used by HR users
In FortiOS, when setting up a FortiGate in split VDOM mode, the default VDOMs created are FG-traffic and Root.
So, in this case, the correct answers would be A. FG-traffic and D. Root.
정답:
Explanation:
The correct answers are:
A. udp-echo
The udp-echo protocol option is available on the CLI for configuring an SD-WAN Performance SLA.
C. TWAMP
The TWAMP (Two-Way Active Measurement Protocol) is another protocol option available on the CLI for SD-WAN Performance SLA.
So, the correct choices are A and C.
In the GUI appears HTTP, DNS and Ping.
정답:
Explanation:
"NTP, FortiGuard updated/queries, SNMP, DNS Filtering, Log settings and other mgmt related services". B is wrong because PKI stands for Public Key Infrastructure and is associated with VPNS C is wrong because traffic shaping is configured on a 'Traffic Shaping Policy' A is correct because Fortigate will use Fortiguard for these queries
D is correct as the management VDOM (very similar to Palo Alto) can use DNS for DNS queries
The FortiGate uses DNS, FortiGuard and other servers through the management VDOM
Regardless of of question:
Global settings for vdom's are:
Hostname.
HA Settings.
Fortiguard Settings.
System time.
Administrative Accounts.
정답:
Explanation:
When IPsec SAs expire, FortiGate needs to negotiate new SAs to continue sending and receiving traffic over the IPsec tunnel. Technically, FortiGate deletes the expired SAs from the respective phase 2 selectors, and installs new ones. If IPsec SA renegotiation takes too much time, then FortiGate might drop interesting traffic because of the absence of active SAs. To prevent this, you can enable Auto-negotiate. When you do this, FortiGate not only negotiates new SAs before the current SAs expire, but it also starts using the new SAs right away. The latter prevents traffic disruption by IPsec SA renegotiation. Enable auto-negotiate by default enabling auto-keep-alive too which brings up tunnel automatically. Answer B is little bit tricky, auto-negotiate will negotiate new SA "before" existing SA expired not "after" existing SA expired.
정답:
Explanation:
A. Standard mode uses Windows convention-NetBios: Domain\Username:
In the standard access mode, the collector agent uses the Windows convention for identifying users, which is in the format of NetBios: Domain\Username.
C. Standard mode security profiles apply to user groups:
In standard access mode, security profiles are applied based on user groups. This means that you can define security policies and profiles that are specific to certain user groups, allowing for more granular control and customization.
These features help in efficiently managing and applying security policies in a network environment using Fortinet's collector agent in standard access mode.
B is incorrect. Standard Mode does not do OU, advanced mode does.
D is incorrect. Standard Mode cannot do nested groups.
정답:
Explanation:
Apple facetime will be blocked according to the "Excessive Bandwidth" filter.
Facetime belongs to VoIP category which is monitored here and therefore should be allowed, however, because of the behavior of the facetime "Excessive-Bandwidth", the custom filter Excessive-Bandwidth will block Facetime and the lookup won't continue to the second filter.
The excessive bandwidth filter contains facetime and is referenced by the application sensor with the action to block. There is no reference to a bandwidth threshold at which point the filter is applied so the number of calls is irrelevant.
정답:
Explanation:
Antivirus and IPS is enhanced by the IPS Engine, so that is why B is the right answer.
When you enable policy-based inspection in NGFW (Next-Generation Firewall) mode, the security profile configuration that typically does not change is:
B. Antivirus So, the correct answer is B. Antivirus.
정답:
Explanation:
The correct answer is C. FortiAnalyzer.
Explanation:
In a Security Fabric configuration, after the devices are added to the Security Fabric, the final step is to authorize these devices. This authorization process is typically done through FortiAnalyzer, which manages and controls the Security Fabric. FortiAnalyzer allows administrators to centrally manage and monitor the Security Fabric, including authorizing devices to participate in the Security Fabric.
All devices must be authorized on the root Fortigate, and then after this step all must be authorized on the FortiAnalyzer.
정답:
Explanation:
Packet Capture Verbosity Level which is set to 5 in the exhibit, if it was level 6 it should also include ethernet headers. Application headers are never included.
This is Correct:
Packet payload
IP header
Interface name
Sniffer with verbose 5: IP header, IP payload, Port name.
정답:
Explanation:
When SSL certificate inspection is enabled, FortiGate uses the following three pieces of information to identify the hostname of the SSL server:
A. The subject field in the server certificate
The subject field typically contains the common name (CN) that represents the hostname.
C. The server name indication (SNI) extension in the client hello message
SNI is an extension to the TLS protocol that indicates the hostname to which the client is attempting to connect.
D. The subject alternative name (SAN) field in the server certificate
The SAN field can include additional hostnames (alternative names) that are valid for the certificate.
So, the correct choices are A, C, and D.
Fortigate firtsly uses SNI, if there is no SNI it uses Subject or Subject Alternatives.
During the exchange of hello messages at the beginning of an SSL handshake, FortiGate parses server name indication (SNI) from client Hello, which is an extension of the TLS protocol. The SNI tells FortiGate the hostname of the SSL server, which is validated against the DNS name before receipt of the server certificate. If there is no SNI exchanged, then FortiGate identifies the server by the value in the Subject field or SAN (subject alternative name) field in the server certificate.
정답:
Explanation:
Security policy: If the traffic is allowed as per the consolidated policy, FortiGate will then process it based on the security policy to analyze additional criteria, such as URL categories for web filtering and application control. Also, if enabled, the security policy further inspects traffic using security profiles such as IPS and AV.
When FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy, you can also apply Antivirus scanning and Intrusion Prevention security profiles. These additional security profiles enhance the overall security posture of the network.
Extra explanation:
In addition to web filtering and application control, you can apply the following security profiles to the security policy on a FortiGate firewall:
A. Antivirus scanning: This profile scans traffic for viruses, malware, and other malicious content to prevent them from entering the network.
D. Intrusion prevention: This profile protects against network threats by inspecting traffic for known attack patterns and malicious activities, helping to prevent unauthorized access and data breaches. So, the correct answers are A. Antivirus scanning and D. Intrusion prevention