Fortinet NSE6_FNC-7.2 Exam Practice Test Instant Access

Question 1

Which two policy types can be created on a FortiNAC Control Manager? (Choose two.)

AAuthentication

BNetwork Access

CEndpoint Compliance

DSupplicant EasvConnect

Answer : A, B

Network Access policies as a common type of policy in FortiNAC, used to dynamically provision access to connecting endpoints. While Authentication is typically a policy type in network access control systems like FortiNAC

Question 2

Which three communication methods are used by FortiNAC to gather information from and control, infrastructure devices? (Choose three.)

ACLI

BSMTP

CSNMP

DFTP

ERADIUS

Answer : A, C, E

FortiNAC Study Guide 7.2 | Page 11

FortiNAC uses various methods to communicate with infrastructure devices such as SNMP for discovery and ongoing management, SSH or Telnet through the CLI for tasks related to the infrastructure, and RADIUS for handling specific types of requests

Question 3

What would occur if both an unknown (rogue) device and a known (trusted) device simultaneously appeared on a port that is a member of the Forced Registration port group?

AThe port would be provisioned for the normal state host, and both hosts would have access to that VLAN.

BThe port would not be managed, and an event would be generated.

CThe port would be provisioned to the registration network, and both hosts would be isolated.

DThe port would be administratively shut down.

Answer : C

When a rogue device connects to a port in the Forced Registration port group, FortiNAC's response is to isolate that device by moving it to a registration captive network. This is part of FortiNAC's state-based control mechanism, where the system acts based on the state of the device (normal, rogue, etc.) and the group or port it is connected to. In this specific scenario, the focus is on the isolation of the rogue device, and the guide does not explicitly detail the simultaneous handling of the normal device.

Question 4

Which two methods can be used to gather a list of installed applications and application details from a host? (Choose two.)

AAgent technology

BPortal page on-boarding options

CMDM integration

DApplication layer traffic inspection

Answer : A, C

To gather a list of installed applications and application details from a host, two methods can be used:

Agent technology: FortiNAC uses agent technology to collect all installed applications on an endpoint.

Integration with MDMs (Mobile Device Management systems): MDMs that support application gathering can be integrated with FortiNAC to collect application information.

Reference

FortiNAC 7.2 Study Guide, page 302

Question 5

Where do you look to determine which network access policy, if any is being applied to a particular host?

AThe Policy Details view for the host

BThe Connections view

CThe Port Properties view of the hosts port

DThe Policy Logs view

Answer : A

To determine which network access policy is applied to a particular host, you should look at the Policy Details window. This window provides information about the types of policies applied (such as Network Access, Authentication, Supplicant, etc.), including the profile name, policy name, configuration name, and any settings that make up the configuration.

FortiNAC p 382: 'Under Network Access Settings - Policy Name - Name of the Network Access Policy that currently applies to the host.'

Question 6

View the command and output shown in the exhibit.

What is the current state of this host?

ARogue

BRegistered

CNot authenticated

DAt-Risk

Answer : A

The exhibit's command and output detail various attributes for a specific host, including the MAC address, connection status, and various other parameters. The status 'Connected' and state 'Initial' indicate that the host has been detected on the network but has not yet completed any authentication process. The lines 'Client Not Authenticated = true' and 'Client needs to authenticate = false' suggest that the host has not yet been authenticated. Therefore, the current state of the host is 'Not authenticated,' since there is a clear indication that the authentication process has not been completed for this host.

Question 7

In an isolation VLAN which three services does FortiNAC supply? (Choose three.)

ANTP

BDHCP

CWeb

DDNS

EISMTP

Answer : B, C, D

In an isolation VLAN, FortiNAC supplies DHCP and DNS services. The guide specifies that FortiNAC has a DHCP scope defined for a particular VLAN and should be the only DHCP server available to hosts on that VLAN. Additionally, hosts on the VLAN would get a DNS server configuration of the FortiNAC IP for that VLAN

Fortinet NSE 6 - FortiNAC 7.2 NSE6_FNC-7.2 Exam Practice Test