ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam FCP_FGT_AD-7.6 All Questions

View all questions & answers for the FCP_FGT_AD-7.6 exam
Go to Exam

Exam FCP_FGT_AD-7.6 topic 1 question 35 discussion

Actual exam question from Fortinet's FCP_FGT_AD-7.6
Question #: 35
Topic #: 1
[All FCP_FGT_AD-7.6 Questions]

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.
Based on the phase 2 configuration shown in the exhibit, which two configuration changes will bring phase 2 up? (Choose two.)

  • A. On BR1-FGT, set Seconds to 43200.
  • B. On HQ-NGFW, enable Diffie-Hellman Group 2.
  • C. On BR1-FGT, set Remote Address to
    10.0.11.0/255.255.255.0
  • D. On HQ-NGFW. set Encryption to AES256
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by 19e1af9 at July 24, 2025, 1:57 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mirko1976
7 hours, 16 minutes ago
Selected Answer: CD
@ 833685d check the IP address The remote subnet selectors don’t match. Set BR1-FGT’s Remote Address to 10.0.11.0/255.255.255.0 (C). The phase-2 proposal algorithms don’t match. Change HQ-NGFW Encryption from AES128 to AES256 to match BR1-FGT (D).
upvoted 1 times
...
833685d
1 week, 1 day ago
Selected Answer: AD
On HQ-NGFW. set Encryption to AES256
upvoted 1 times
monben
1 day, 21 hours ago
A.C. Encryption Won't matter if it can't reach the remote address
upvoted 1 times
...
mirko1976
7 hours, 14 minutes ago
Key lifetime mismatch wouldn’t prevent the tunnel from coming up, and enabling DH Group 2 isn’t the issue shown
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel