Fortinet FCSS_EFW_AD-7.6 Exam Questions Instant Access

Question 1

What does npu_flag=20 indicate for IPsec tunnels?

AInbound only

BOutbound only

CBoth SAs

DNo offload

Answer : C

Question 2

Which technology should you use to facilitate dynamic direct tunnels and automatic link optimization in a hub-and-spoke VPN topology?

AUse static IPsec tunnels

BUse ADVPN 2.0

CUse GRE over IPsec

DUse IP-in-IP tunneling

Answer : B

Question 3

Based on the TLS handshake shown, what can be inferred about the client?

ASupports TLS 1.0 only

BSupports TLS 1.2 and TLS 1.3

CSupports SSLv3

DSupports DTLS

Answer : B

Question 4

What happens when an SSO user logs into a downstream FortiGate?

ADenied

BReadonly admin

CSuper admin

DNo account

Answer : B

Question 5

How can you automate updates to firewall policies using a daily updated IP block list?

AAutomation stitch

BExternal Feeds

CCLI scripts

DZTNA

Answer : B

Question 6

An organization's guest Internet policy, operating in proxy mode, blocks access to artificial intelligence technology sites using FortiGuard.

However, a guest user accessed a page in this category using port 8443

Which configuration change must you make for FortiGate to analyze HTTPS traffic on nonstandard ports like 8443. when full SSL inspection is active in the guest policy?

ABlock traffic on nonstandard ports by enabling server certificate SNI check in the SSL/SSH inspection profile.

BEnable network protocol enforcement for port 8443 with the protocol HTTPS in FortiGuard application control.

CEnter 443, 8443 to analyze both standard (443) and non-standard (8443) HTTPS ports in the protocol port mapping section of the SSL/SSH inspection profile.

DBlock untrusted SSL certificates in the SSL/SSH inspection profile.

Answer : C

Question 7

What must be done for RIP routes to propagate into OSPF?

AEnable on FortiGate_A

BEnable on FortiGate_B

CDisable RIP

DStatic route

Answer : B

Fortinet FCSS - Enterprise Firewall 7.6 Administrator FCSS_EFW_AD-7.6 Exam Questions