Fortinet NSE6_FNC-7.2 Practice Test - Questions Answers, Page 3

To gather a list of installed applications and application details from a host, two methods can be used:

Agent technology: FortiNAC uses agent technology to collect all installed applications on an endpoint.

Integration with MDMs (Mobile Device Management systems): MDMs that support application gathering can be integrated with FortiNAC to collect application information.

Reference

FortiNAC 7.2 Study Guide, page 302

Device profiling rules in FortiNAC are used to evaluate and classify rogue devices. These rules can be configured to automatically, manually, or through sponsorship evaluate and classify unknown untrusted devices as they are identified and created.

Reference

FortiNAC 7.2 Study Guide, page 98

Components of a security rule in FortiNAC include:

Trigger: The condition or event that initiates the evaluation of the rule.

User or Host Profile: A requirement that can be added to a rule to specify the user or host profile that must be matched.

Action: The activities or responses that FortiNAC performs when the rule is matched.

Reference

FortiNAC 7.2 Study Guide, page 419

Looking at the provided exhibit which shows the Modify User/Host Profile window, the following must be true for a host to match the user/host profile:

The host must be connected to a port within the 'Building 1 First Floor Ports' group.

The host must fulfill at least one of the following attributes:

Have a role value of 'Contractor'

Have an installed persistent agent with the security and access value of 'Contractor'

The host must be connected between the specified times of 6 AM and 5 PM on any day of the week.

The profile specifies that the host can match the profile by having any one of the listed attributes (Role as Contractor, Persistent Agent installed with specific security & access value), and the time condition must also be met. Therefore, the correct answer is D, which includes 'or' conditions for the role value and persistent agent and specifies the correct time frame.

The exhibit shows the status of two hosts connected to a wired infrastructure and indicates their respective MAC addresses and the rule name associated with them. When a port is a member of the Forced Registration port group, and multiple hosts with different statuses are connected to that port, FortiNAC will provision the port to the registration network, which is designed to isolate hosts until they are verified or registered. This ensures that unregistered or unauthorized hosts do not gain access to the network. Therefore, both hosts will be isolated in the registration network according to FortiNAC policy for such scenarios.

The exhibit shows a configuration panel where VLAN IDs are specified for different states, such as Default, Registration, and Authentication. When forcing the registration of unknown (rogue) hosts, if an unknown host connects to a port on the switch, the FortiNAC system will move the host to the VLAN designated for Registration. In the exhibit, the VLAN ID for Registration is set to 111, hence the host would be moved to VLAN 111 to undergo the registration process.

The exhibit's command and output detail various attributes for a specific host, including the MAC address, connection status, and various other parameters. The status 'Connected' and state 'Initial' indicate that the host has been detected on the network but has not yet completed any authentication process. The lines 'Client Not Authenticated = true' and 'Client needs to authenticate = false' suggest that the host has not yet been authenticated. Therefore, the current state of the host is 'Not authenticated,' since there is a clear indication that the authentication process has not been completed for this host.

The command and output shown in the exhibit indicate that the host FortiNAC-Secondary is referencing FortiNAC-Primary, and it states 'Slave is active.' In database replication terminology within a high availability setup, the term 'Slave is active' typically means that the secondary server (slave) is actively receiving data from the primary server (master). This implies that the synchronization process from the primary to the secondary database has been successful and is currently active.

Reference

FortiNAC 7.2 Study Guide, Security Policies section

In systems like FortiNAC, when a port is designated to be in multiple enforcement groups, it is common for only the higher-priority or higher-ranked group's policies to be applied. This is to prevent conflicting enforcement actions from being attempted on the same port. Although the specific details of the priority or ranking system are not provided in the extracted references, the principle of hierarchical policy enforcement suggests that only the policies of the higher-ranked group would be applied to the port.

Reference

FortiNAC documentation would typically outline this behavior in sections discussing port group enforcement or policy application.