Free Fortinet FCSS_EFW_AD-7.6 Practice Test & Real Exam Questions

What must be done for RIP routes to propagate into OSPF?

If you configure set tcp-mss-sender and set tcp-mss-receiver in a firewall policy, how does it affect the size and handling of TCP packets in the network?

You applied a block-all intrusion prevention system (IPS) profile for client and server targets to secure the server, but the database team reported that applications stopped working immediately after. How can you apply IPS in a way that ensures it does not disrupt existing applications in the network?

A company that acquired multiple branches across different countries needs to install new FortiGate devices on each of those branches. However, the IT staff lacks sufficient knowledge to implement the initial configuration on the FortiGate devices.
Which three approaches can the company take to successfully deploy advanced initial configurations on remote branches? (Choose three.)

A vulnerability scan report has revealed that a user has generated traffic to the website example.com (10.10.10.10) using a weak SSL/TLS version supported by the HTTPS web server.
What can the firewall administrator do to block all outdated SSL/TLS versions on any HTTPS web server to prevent possible attacks on user traffic?

What can be inferred from the OSPF status output shown?

Which two recommendations prevent invalid paths when using zero phase 2 selectors?

An organization acquired multiple branches across different countries and must install FortiGate devices at each branch. However, their IT staff lacks the knowledge required to implement the initial configuration on the FortiGate devices. Which three approaches can the organization take to successfully deploy advanced initial configurations on the FortiGate devices at their remote branches? (Choose three.)

What is the initial step performed by FortiGate when handling the first packets of a session?

Refer to the exhibit, which shows an SSL certification inspection configuration.
SSL certification inspection configuration

While testing, the administrator updated the ssl-ssh-profile configuration with the command set sni-server-cert-check strict.
The administrator found that the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate.
With respect to the set sni-server-cert-check strict command, which action does FortiGate take?

Refer to the exhibit, which shows the ADVPN network topology and partial BGP configuration.


Which two parameters must an administrator configure in the config neighbor range for spokes shown in the exhibit? (Choose two.)

Refer to the exhibit, which shows the VDOM section of a FortiGate device.

An administrator discovers that webfilter stopped working in Core1 and Core2 after a maintenance window.
Which two reasons could explain why webfilter stopped working? (Choose two.)

What should be configured to provide hardware-accelerated inter-VDOM traffic?

Refer to the exhibit.

An administrator wants to expand the network by adding two additional FortiGate devices into AS
6500.
Which configuration is the most effective way to improve BGP convergence in this scenario?