Ask Question
Fortinet NSE6_FNC-7.2 Practice Test - Questions Answers
List of questions
Question 1
Where should you configure MAC notification traps on a supported switch?
Configure them only after you configure linkup and linkdown traps.
Configure them on all ports on the switch.
Configure them only on ports set as 802 1g trunks.
Configure them on all ports except uplink ports.
In general, for network switches supporting MAC notification traps, it's advisable to configure these traps on all ports except uplink ports. Uplink ports are used for connecting to other switches or network infrastructure devices and typically don't need MAC notification traps, which are more relevant for end-device connectivity monitoring.
The study guide specifies that MAC notification traps should not be configured on interfaces that are uplinks. They are the preferred method for learning and updating Layer 2 information and should be used whenever available, but not on uplink interfaces.
Question 2
Where do you look to determine which network access policy, if any is being applied to a particular host?
The Policy Details view for the host
The Connections view
The Port Properties view of the hosts port
The Policy Logs view
To determine which network access policy is applied to a particular host, you should look at the Policy Details window. This window provides information about the types of policies applied (such as Network Access, Authentication, Supplicant, etc.), including the profile name, policy name, configuration name, and any settings that make up the configuration.
FortiNAC p 382: 'Under Network Access Settings - Policy Name - Name of the Network Access Policy that currently applies to the host.'
Question 3
While troubleshooting a network connectivity issue, an administrator determines that a device was being automatically provisioned to an incorrect VLAN.
Where would the administrator look to determine when and why FortiNAC made the network access change?
The Event view
The Admin Auditing view
The Port Changes view
The Connections view
Question 4
Which agent can receive and display messages from FortiNAC to the end user?
Dissolvable
Persistent
Passive
MDM
The persistent agent has the ability to display messages on the desktop of an endpoint. These messages can target an individual host, a group of hosts, or all hosts with the persistent agent installed. The messaging options include sending a message content with an optional web address link
Question 5
When FortiNAC passes a firewall tag to FortiGate, what determines the value that is passed?
Security rule
Device profiling rule
RADIUS group attribute
Logical network
Question 6
What capability do logical networks provide?
Point of access-base autopopulation of device groups'
Interactive topology view diagrams
Application of different access values from a single access policy
IVLAN -based inventory reporting
Logical Networks allow you to create fewer Network Access Policies than before. (FortiNAC - What's new in FortiNAC 7.2)
Logical networks in FortiNAC decouple a policy from a specific access value, allowing for the application of different access values from a single access policy. This is done based on the point of connection, significantly reducing the number of network access policies needed and simplifying network access policy management
Question 7
Which two device classification options can register a device automatically and transparently to the end user? (Choose two.)
Dissolvable agent
DotlxAuto Registration
Device importing
MDM integration
Captive portal
The FortiNAC 7.2 Study Guide does not explicitly mention Dot1x Auto Registration and MDM integration as the specific device classification options for automatic and transparent registration to the end user. However, based on the general functioning of FortiNAC, Dot1x Auto Registration and MDM integration are typically used for such purposes. The guide discusses automatic device registration in the context of profiling rules
Question 8
In an isolation VLAN which three services does FortiNAC supply? (Choose three.)
NTP
DHCP
Web
DNS
ISMTP
In an isolation VLAN, FortiNAC supplies DHCP and DNS services. The guide specifies that FortiNAC has a DHCP scope defined for a particular VLAN and should be the only DHCP server available to hosts on that VLAN. Additionally, hosts on the VLAN would get a DNS server configuration of the FortiNAC IP for that VLAN
Question 9
Which group type can have members added directly from the FortiNAC Control Manager?
Administrator
Device
Port
Host
The study guide explains that there are six different types of groups in FortiNAC, including device, host, IP phone, port, user, and administrator groups. Groups created by administrative users or imported as a result of an LDAP integration can be used to organize elements but do not enforce any type of control or functionality directly
Question 10
Which system group will force at-risk hosts into the quarantine network, based on point of connection?
Physical Address Filtering
Forced Quarantine
Forced Isolation
Forced Remediation
Forced Quarantine, study guide 7.2 pag 245 and 248
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question