Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. FCP_FGT_AD-7.6

Fortinet FCP_FGT_AD-7.6 Exam
FCP - FortiGate 7.6 Administrator (Page 7 )

Updated On: 7-Feb-2026
Page 5 of 27
PDF with 128 Questions

Which three statements about SD-WAN performance SLAs are true? (Choose three.)

  1. They rely on session loss and jitter.
  2. They can be measured actively or passively.
  3. They are applied in a SD-WAN rule lowest cost strategy.
  4. They monitor the state of the FortiGate device.
  5. All the SLA targets can be configured.

Answer(s): B,C,E



Which two statements are true about an HA cluster? (Choose two.)

  1. An HA cluster cannot have both in-band and out-of-band management interfaces at the same time.
  2. Link failover triggers a failover if the administrator sets the interface down on the primary device.
  3. When sniffing the heartbeat interface, the administrator must see the IP address 169.254.0.2.
  4. HA incremental synchronization includes FIB entries and IPsec SAs.

Answer(s): B,D

Explanation:

Setting an interface down on the primary device triggers a failover due to link failover detection.
HA incremental synchronization includes forwarding information base (FIB) entries and IPsec security associations (SAs) to maintain session continuity.



A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy.

When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file.
When downloading the same file through HTTPS, FortiGate does not detect the virus and does not block the file, allowing it to be downloaded.

The administrator confirms that the traffic matches the configured firewall policy.

What are two reasons for the failed virus detection by FortiGate? (Choose two.)

  1. The selected SSL inspection profile has certificate inspection enabled.
  2. The website is exempted from SSL inspection.
  3. The El CAR test file exceeds the protocol options oversize limit.
  4. The browser does not trust the FortiGate self-signed CA certificate.

Answer(s): A,B



You have configured the below commands on a FortiGate.



What would be the impact of this configuration on FortiGate?

  1. FortiGate will enable strict RPF on all its interfaces and port1 will be enabled for asymmetric routing.
  2. FortiGate will enable strict RPF on all its interfaces and port1 will be exempted from RPF checks.
  3. Port1 will be enabled with flexible RPF, and all other interfaces will be enabled for strict RPF
  4. The global configuration will take precedence and FortiGate will enable strict RPF on all interfaces.

Answer(s): B

Explanation:

The global setting enables strict source checking (RPF) on all interfaces by default. The per-interface setting disables the source check on port1, exempting it from strict RPF enforcement.



Refer to the exhibit.



What would be the impact of these settings on the Server certificate SNI check configuration on FortiGate?

  1. FortiGate will accept and use the CN in the server certificate for URL filtering if the SNI does not match the CN or SAN fields.
  2. FortiGate will accept the connection with a warning if the SNI does not match the CN or SAN fields.
  3. FortiGate will close the connection if the SNI does not match the CN or SAN fields.
  4. FortiGate will close the connection if the SNI does not match the CN and SAN fields

Answer(s): C



Viewing page 7 of 27
Viewing questions 31 - 35 out of 128 questions



Post your Comments and Discuss Fortinet FCP_FGT_AD-7.6 exam prep with other Community members:

Join the FCP_FGT_AD-7.6 Discussion