Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Oracle
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Fortinet
  3. FCP_FGT_AD-7.6

Fortinet FCP_FGT_AD-7.6 Exam (page: 1)
Fortinet FCP - FortiGate 7.6 Administrator
Updated on: 18-Nov-2025

Viewing Page 1 of 12
FCP_FGT_AD-7.6 PDF 84 Questions

An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when there is no inbound traffic.

Which DPD mode on FortiGate meets this requirement?

  1. Enabled
  2. On Idle
  3. Disabled
  4. On Demand

Answer(s): B

Explanation:

The "On Idle" DPD mode configures FortiGate to send DPD probes only when no inbound traffic is detected, meeting the requirement to send probes only when the tunnel is idle.



Which two statements about equal-cost multi-path (ECMP) configuration on FortiGate are true? (Choose two.)

  1. If SD-WAN is disabled, you can configure the parameter v4-ecmp-mode to volume-based.
  2. If SD-WAN is enabled, you can configure routes with unequal distance and priority values to be part of ECMP.
  3. If SD-WAN is disabled, you configure the load balancing algorithm in config system settings.
  4. If SD-WAN is enabled, you control the load balancing algorithm with the parameter load-balance-mode.

Answer(s): A,D

Explanation:

When SD-WAN is disabled, FortiGate supports volume-based ECMP mode via the v4-ecmp-mode parameter.
When SD-WAN is enabled, the load balancing algorithm is controlled by the load-balance-mode parameter within the SD-WAN configuration.



You have created a web filter profile named restrict_media-profile with a daily category usage quota.

When you are adding the profile to the firewall policy, the restrict_media-profile is not listed in the available web profile drop down.

What could be the reason?

  1. The firewall policy is in no-inspection mode instead of deep-inspection.
  2. The inspection mode in the firewall policy is not matching with web filter profile feature set.
  3. The web filter profile is already referenced in another firewall policy.
  4. The naming convention used in the web filter profile is restricting it in the firewall policy.

Answer(s): B

Explanation:

Web filter profiles with category usage quotas require the firewall policy to be in proxy-based (deep) inspection mode; if the inspection mode does not match this requirement, the profile will not appear in the drop-down list.



Refer to the exhibit.



As an administrator you have created an IPS profile, but it is not performing as expected.
While testing you got the output as shown in the exhibit.

What could be the possible reason of the diagnose output shown in the exhibit?

  1. There is a no firewall policy configured with an IPS security profile.
  2. FortiGate entered into IPS fail open state.
  3. Administrator entered the command diagnose test application ipsmonitor 5.
  4. Administrator entered the command diagnose test application ipsmonitor 99.

Answer(s): A

Explanation:

The output shows the IPS engine count as 0, indicating no active IPS engines are running. This typically means no firewall policy is referencing the IPS security profile, so the IPS profile is not being applied or triggered.



Refer to the exhibit.



The predefined deep-inspection and custom-deep-inspection profiles exclude some web categories from SSL

inspection, as shown in the exhibit.

For which two reasons are these web categories exempted? (Choose two.)

  1. The FortiGate temporary certificate denies the browser's access to websites that use HTTP Strict Transport Security.
  2. These websites are in an allowlist of reputable domain names maintained by FortiGuard.
  3. The resources utilization is optimized because these websites are in the trusted domain list on FortiGate.
  4. The legal regulation aims to prioritize user privacy and protect sensitive information for these websites.

Answer(s): A,D

Explanation:

FortiGate's temporary SSL certificate may cause access denial to sites using HTTP Strict Transport Security (HSTS), so such sites are exempted from deep SSL inspection.
Legal regulations require exemption of certain categories to protect user privacy and sensitive information, so these web categories are excluded from SSL inspection.



Refer to the exhibit.



The NOC team connects to the FortiGate GUI with the NOC_Access admin profile. They request that their GUI sessions do not disconnect too early during inactivity.

What must the administrator configure to answer this specific request from the NOC team?

  1. Move NOC_Access to the top of the list to ensure all profile settings take effect.
  2. Increase the offline value of the Override Idle Timeout parameter in the NOC_Access admin profile.
  3. Ensure that all NOC_Access users are assigned the super_admin role to guarantee access
  4. Increase the admintimeout value under config system accprofile NOC_Access.

Answer(s): D

Explanation:

The admintimeout setting in the admin access profile controls the inactivity timeout for GUI sessions.
Increasing this value will extend the session duration before automatic disconnection.



Refer to the exhibit.



Based on this partial configuration, what are the two possible outcomes when FortiGate enters conserve mode? (Choose two.)

  1. Administrators cannot change the configuration.
  2. FortiGate skips quarantine actions.
  3. Administrators must restart FortiGate to allow new session.
  4. FortiGate drops new sessions requiring inspection.

Answer(s): B,D

Explanation:

In fail-open mode, FortiGate skips quarantine actions to maintain traffic flow despite IPS or antivirus failures.
FortiGate drops new sessions that require inspection when in conserve mode and fail-open is enabled, to protect the network from potentially harmful traffic.



What is the primary FortiGate election process when the HA override setting is enabled?

  1. Connected monitored ports > Priority > HA uptime > FortiGate serial number
  2. Connected monitored ports > Priority > System uptime > FortiGate serial number
  3. Connected monitored ports > HA uptime > Priority > FortiGate serial number
  4. Connected monitored ports > System uptime > Priority > FortiGate serial number

Answer(s): A

Explanation:

When HA override is enabled, FortiGate uses the following election order: number of connected monitored ports, then device priority, followed by HA uptime, and finally FortiGate serial number as a tiebreaker.



Viewing Page 1 of 12



Share your comments for Fortinet FCP_FGT_AD-7.6 exam with other users:

Rita Rony 11/27/2023 1:36:00 PM

nice, first step to exams
Anonymous


Aloke Paul 9/11/2023 6:53:00 AM

is this valid for chfiv9 as well... as i am reker 3rd time...
CHINA


Calbert Francis 1/15/2024 8:19:00 PM

great exam for people taking 220-1101
UNITED STATES


Ayushi Baria 11/7/2023 7:44:00 AM

this is very helpfull for me
Anonymous


alma 8/25/2023 1:20:00 PM

just started preparing for the exam
UNITED KINGDOM


CW 7/10/2023 6:46:00 PM

these are the type of questions i need.
UNITED STATES


Nobody 8/30/2023 9:54:00 PM

does this actually work? are they the exam questions and answers word for word?
Anonymous


Salah 7/23/2023 9:46:00 AM

thanks for providing these questions
Anonymous


Ritu 9/15/2023 5:55:00 AM

interesting
CANADA


Ron 5/30/2023 8:33:00 AM

these dumps are pretty good.
Anonymous


Sowl 8/10/2023 6:22:00 PM

good questions
UNITED STATES


Blessious Phiri 8/15/2023 2:02:00 PM

dbua is used for upgrading oracle database
Anonymous


Richard 10/24/2023 6:12:00 AM

i am thrilled to say that i passed my amazon web services mls-c01 exam, thanks to study materials. they were comprehensive and well-structured, making my preparation efficient.
Anonymous


Janjua 5/22/2023 3:31:00 PM

please upload latest ibm ace c1000-056 dumps
GERMANY


Matt 12/30/2023 11:18:00 AM

if only explanations were provided...
FRANCE


Rasha 6/29/2023 8:23:00 PM

yes .. i need the dump if you can help me
Anonymous


Anonymous 7/25/2023 8:05:00 AM

good morning, could you please upload this exam again?
SPAIN


AJ 9/24/2023 9:32:00 AM

hi please upload sre foundation and practitioner exam questions
Anonymous


peter parker 8/10/2023 10:59:00 AM

the exam is listed as 80 questions with a pass mark of 70%, how is your 50 questions related?
Anonymous


Berihun 7/13/2023 7:29:00 AM

all questions are so important and covers all ccna modules
Anonymous


nspk 1/19/2024 12:53:00 AM

q 44. ans:- b (goto setup > order settings > select enable optional price books for orders) reference link --> https://resources.docs.salesforce.com/latest/latest/en-us/sfdc/pdf/sfom_impl_b2b_b2b2c.pdf(decide whether you want to enable the optional price books feature. if so, select enable optional price books for orders. you can use orders in salesforce while managing price books in an external platform. if you’re using d2c commerce, you must select enable optional price books for orders.)
Anonymous


Muhammad Rawish Siddiqui 12/2/2023 5:28:00 AM

"cost of replacing data if it were lost" is also correct.
SAUDI ARABIA


Anonymous 7/14/2023 3:17:00 AM

pls upload the questions
UNITED STATES


Mukesh 7/10/2023 4:14:00 PM

good questions
UNITED KINGDOM


Elie Abou Chrouch 12/11/2023 3:38:00 AM

question 182 - correct answer is d. ethernet frame length is 64 - 1518b. length of user data containing is that frame: 46 - 1500b.
Anonymous


Damien 9/23/2023 8:37:00 AM

i need this exam pls
Anonymous


Nani 9/10/2023 12:02:00 PM

its required for me, please make it enable to access. thanks
UNITED STATES


ethiopia 8/2/2023 2:18:00 AM

seems good..
ETHIOPIA


whoAreWeReally 12/19/2023 8:29:00 PM

took the test last week, i did have about 15 - 20 word for word from this site on the test. (only was able to cram 600 of the questions from this site so maybe more were there i didnt review) had 4 labs, bgp, lacp, vrf with tunnels and actually had to skip a lab due to time. lots of automation syntax questions.
EUROPEAN UNION


vs 9/2/2023 12:19:00 PM

no comments
Anonymous


john adenu 11/14/2023 11:02:00 AM

nice questions bring out the best in you.
Anonymous


Osman 11/21/2023 2:27:00 PM

really helpful
Anonymous


Edward 9/13/2023 5:27:00 PM

question #50 and question #81 are exactly the same questions, azure site recovery provides________for virtual machines. the first says that it is fault tolerance is the answer and second says disater recovery. from my research, it says it should be disaster recovery. can anybody explain to me why? thank you
CANADA


Monti 5/24/2023 11:14:00 PM

iam thankful for these exam dumps questions, i would not have passed without this exam dumps.
UNITED STATES