Fortinet FCSS_EFW_AD-7.6 - NSE 7 - Enterprise Firewall 7.6 Administrator Exam
Page: 1 / 7
Total 34 questions
Question #1 (Topic: Exam A)
You must minimize CPU and RAM use on a FortiGate firewall while also enabling essential security features, such as web filtering and application control for HTTPS traffic.
Which SSL inspection setting reduces system load while also enabling security features, such as web filtering and application control for encrypted HTTPS traffic?
Which SSL inspection setting reduces system load while also enabling security features, such as web filtering and application control for encrypted HTTPS traffic?
A. Enable SSL certificate inspection mode to perform basic checks without decrypting traffic.
B. Disable SSL inspection to preserve resources.
C. Use deep SSL inspection to inspect encrypted HTTPS traffic.
D. Configure SSL inspection to handle HTTPS traffic efficiently.
Answer: A
Question #2 (Topic: Exam A)
Refer to the exhibits.
The configuration of Windows PC, PC 1, with a default MTU of 1500 bytes, FortiGate interfaces with an MTU of 1000 bytes, and the results of PC 1 pinging over server 172.16.0.251 are shown.
Why is the PC1 user unable to ping server 172.16.0.254 and seeing the message: Packet needs to be fragmented but DF set?
The configuration of Windows PC, PC 1, with a default MTU of 1500 bytes, FortiGate interfaces with an MTU of 1000 bytes, and the results of PC 1 pinging over server 172.16.0.251 are shown.
Why is the PC1 user unable to ping server 172.16.0.254 and seeing the message: Packet needs to be fragmented but DF set?
A. The user must adjust the TCP maximum segment size (MSS) to 1000 for the ping to succeed
B. The ip.flags.mf option must be enabled on FortiGate. The user must adjust the ping MTU to 1000 to succeed.
C. The user must account for the size of the Ethernet header when configuring the MTU value.
D. FortiGate honors the do not fragment bit and the packets are dropped. The user must adjust the ping MTU to 972 to succeed.
Answer: D
Question #3 (Topic: Exam A)
Refer to the exhibit.
An enterprise network connected to an ISP is shown.
You must configure a loopback as a BGP source to connect to the ISP.
Which two commands must you use to establish the connection? (Choose two.)
An enterprise network connected to an ISP is shown.
You must configure a loopback as a BGP source to connect to the ISP.
Which two commands must you use to establish the connection? (Choose two.)
A. ibgp-enfогсе-multihop
B. ebgp-enfоrce-multihop
C. recursive-next-hop
D. update-source
Answer: BD
Question #4 (Topic: Exam A)
Refer to the exhibit.
A network topology and a FortiGate routing table is shown.
What must you configure in the BGP section to add only the subnet 100.64.2.0/24 in the routing table of FortiGate_A?
A network topology and a FortiGate routing table is shown.
What must you configure in the BGP section to add only the subnet 100.64.2.0/24 in the routing table of FortiGate_A?
A. Configure route-map-in on FortiGate_A.
B. Configure connected routes redistribution on FortiGate_C.
C. Configure BGP route redistribution on FortiGate_B.
D. Configure the 100.64.2.0/24 network on FortiGate_C.
Answer: D
Question #5 (Topic: Exam A)
Refer to the exhibit.
An HA configuration of an active-active (A-A) cluster with the same HA uptime shown.
You want HQ-NGFW-2 to handle the Core2 VDOM traffic.
Which modification must you make to achieve this outcome?
An HA configuration of an active-active (A-A) cluster with the same HA uptime shown.
You want HQ-NGFW-2 to handle the Core2 VDOM traffic.
Which modification must you make to achieve this outcome?
A. Enable override in virtual duster 2 for HQ-NGFW-2.
B. Change the priority from 120 to 200 for HQ-NGFW-2.
C. Change the priority from 100 to 160 for HQ-NGFW-2.
D. Reboot HQ-NGFW-2.
Answer: B
