Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

FCP-FGT-AD-7-6 by Fortinet - Page 1 | ExamCademy

Mode Selection

Sort:

Question 1

Question 2

Question 3

Question 4

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Know a question that should be here? Contribute to this exam

An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when there is no inbound traffic.
Which DPD mode on FortiGate meets this requirement?

A Enabled
B On Idle
C Disabled
D On Demand

A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy.
When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and does not block the file, allowing it to be downloaded.
The administrator confirms that the traffic matches the configured firewall policy.
What are two reasons for the failed virus detection by FortiGate? (Choose two.)

A The selected SSL inspection profile has certificate inspection enabled.
B The website is exempted from SSL inspection.
C The El CAR test file exceeds the protocol options oversize limit.
D The browser does not trust the FortiGate self-signed CA certificate.

Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI.

Question Image

Based on the exhibit, which statement is true?

A The Underlay zone is the zone by default.
B The Underlay zone contains no member.
C port2 and port3 are not assigned to a zone.
D The virtual-wan-link and overlay zones can be deleted.

An administrator wanted to configure an IPS sensor to block traffic that triggers a signature set number of times during a specific time period.
How can the administrator achieve the objective?

A Use IPS group signatures, set rate-mode 60.
B Use IPS packet logging option with periodical filter option.
C Use IPS filter, rate-mode periodical option.
D Use IPS filter, rate-mode periodical option.