Ask Question
Fortinet NSE6_FWF-6.4 Practice Test - Questions Answers
List of questions
Question 1
Refer to the exhibit.
What does the asterisk (*) symbol beside the channel mean?
Indicates channels that can be used only when Radio Resource Provisioning is enabled
Indicates channels that cannot be used because of regulatory channel restrictions
Indicates channels that will be scanned by the Wireless Intrusion Detection System (WIDS)
Indicates channels that are subject to dynamic frequency selection (DFS) regulations
This frequencies are also used by other licensed applications, wireless LANs have to use a specific method to gain access to certain higher frequencies and this method is known as DFS.
Question 2
What is the first discovery method used by FortiAP to locate the FortiGate wireless controller in the default configuration?
DHCP
Static
Broadcast
Multicast
According to the web search results, the first discovery method used by FortiAP to locate the FortiGate wireless controller in the default configuration is static. This means that the FortiAP sends discovery requests to a preconfigured IP address that the controller owns. This is useful if the FortiAP and the controller are not in the same subnet and other discovery methods will not work. The other discovery methods are used in sequence if the static method fails or is not configured.
Reference:Advanced WiFi controller discovery | FortiAP / FortiWiFi 7.4.0
Question 3
When deploying a wireless network that is authenticated using EAP PEAP, which two configurations are required? (Choose two.)
An X.509 certificate to authenticate the client
An X.509 to authenticate the authentication server
A WPA2 or WPA3 personal wireless network
A WPA2 or WPA3 Enterprise wireless network
Question 4
Which statement is correct about security profiles on FortiAP devices?
Security profiles on FortiAP devices can use FortiGate subscription to inspect the traffic
Only bridge mode SSIDs can apply the security profiles
Disable DTLS on FortiAP
FortiGate performs inspection the wireless traffic
If a bridge mode SSID is configured for a managed FortiAP, you can add a security profile group to the wireless controller, if the FortiAP model supports the security profile. This is supported only in bridge mode.
Question 5
How are wireless clients assigned to a dynamic VLAN configured for hash mode?
Using the current number of wireless clients connected to the SSID and the number of IPs available in the least busy VLAN
Using the current number of wireless clients connected to the SSID and the number of clients allocated to each of the VLANs
Using the current number of wireless clients connected to the SSID and the number of VLANs available in the pool
Using the current number of wireless clients connected to the SSID and the group the FortiAP is a member of
VLAN from the VLAN pool based on a hash of the current number of SSID clients and the number of entries in the VLAN pool.
Question 6
A tunnel mode SSID is configured on a FortiGate wireless controller.
Which task must be completed before the SSID can be used?
The new network must be manually assigned to a FortiAP profile.
The wireless network interface must be assigned a Layer 3 address.
Security Fabric and HTTPS must be enabled on the wireless network interface.
The wireless network to Internet firewall policy must be configured.
The wireless network interface must be assigned a Layer 3 address because it acts as the gateway for the tunnel mode SSID traffic. The FortiGate wireless controller uses this interface to communicate with the FortiAPs and the wireless clients. Without a valid IP address, the tunnel mode SSID cannot function properly.
Reference:Secure Wireless LAN Course Description, page 5; [FortiOS 6.4.0 Handbook - Wireless Controller], page 24.
Question 7
When using FortiPresence as a captive portal, which two types of public authentication services can be used to access guest Wi-Fi? (Choose two.)
Social networks authentication
Software security token authentication
Short message service authentication
Hardware security token authentication
According to the web search results, FortiPresence supports social networks authentication and short message service authentication as public authentication services for guest Wi-Fi access. Social networks authentication allows visitors to log in using their existing social media accounts, such as Facebook, Twitter, LinkedIn, Google, and Instagram. Short message service authentication allows visitors to receive a one-time password via SMS to their mobile phone number. These authentication methods are convenient and secure for visitors and provide valuable data for businesses. Software security token authentication and hardware security token authentication are not supported by FortiPresence as public authentication services for guest Wi-Fi access.
Reference:Configuring Captive Portal | FortiPresence 1.2.0,Configuring Captive Portal | FortiPresence 22.4.0
Question 8
Six APs are located in a remotely based branch office and are managed by a centrally hosted FortiGate. Multiple wireless users frequently connect and roam between the APs in the remote office.
The network they connect to, is secured with WPA2-PSK. As currently configured, the WAN connection between the branch office and the centrally hosted FortiGate is unreliable.
Which configuration would enable the most reliable wireless connectivity for the remote clients?
Configure a tunnel mode wireless network and enable split tunneling to the local network
Configure a bridge mode wireless network and enable the Local standalone configuration option
Configure a bridge mode wireless network and enable the Local authentication configuration option
Install supported FortiAP and configure a bridge mode wireless network
Look for ''Continued FortiAP operation when WiFi controller connection is down'' im the link here: https://docs.fortinet.com/document/fortiap/7.0.4/fortiwifi-and-fortiap-configuration-guide/442078/how-to-configure-a-fortiap-local-bridge-private-cloud-managed-ap
Question 9
Which of the following is a requirement to generate analytic reports using on-site FortiPresence deployment?
SQL services must be running
Two wireless APs must be sending data
DTLS encryption on wireless traffic must be turned off
Wireless network security must be set to open
https://docs.fortinet.com/document/fortipresence-vm/1.2.0/administration-guide/546812/introduction
Question 10
Which two statements about distributed automatic radio resource provisioning (DARRP) are correct? (Choose two.)
DARRP performs continuous spectrum analysis to detect sources of interference. It uses this information to allow the AP to select the optimum channel.
DARRP performs measurements of the number of BSSIDs and their signal strength (RSSI). The controller then uses this information to select the optimum channel for the AP.
DARRP measurements can be scheduled to occur at specific times.
DARRP requires that wireless intrusion detection (WIDS) be enabled to detect neighboring devices.
According to Fortinet training: 'When using DARRP, the AP selects the best channel available to use based on the scan results of BSSID/receive signal strength (RSSI) to AC' and 'To set the running time for DARRP optimization, use the following CLI command within the wireless controller setting: set darrp-optimize {integer}. Note that DARRP doesn't do continuous spectrum analysis...'
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question