Fortinet NSE6_FNC-7.2 Exam Questions Instant Access

Question 1

Which command line shell and scripting language does FortiNAC use for WinRM?

ALinux

BBash

CDOS

DPowershell

Answer : D

Open Windows PowerShell or a command prompt. Run the following command to determine if you already have WinRM over HTTPS configured.

Admin Guide on p. 362, 'Matches if the device successfully responds to a WinRM client session request. User name and password credentials are required. If there are multiple credentials, each set of credentials will be attempted to find a potential match. The commands are used to automate interaction with the device. Each command is run via Powershell.'

Question 2

Which three communication methods are used by FortiNAC to gather information from and control, infrastructure devices? (Choose three.)

ACLI

BSMTP

CSNMP

DFTP

ERADIUS

Answer : A, C, E

FortiNAC Study Guide 7.2 | Page 11

FortiNAC uses various methods to communicate with infrastructure devices such as SNMP for discovery and ongoing management, SSH or Telnet through the CLI for tasks related to the infrastructure, and RADIUS for handling specific types of requests

Question 3

When FortiNAC is managing VPN clients connecting through FortiGate. why must the clients run a FortiNAC agent?

ATo collect user authentication details

BTo meet the client security profile rule for scanning connecting clients

CTo collect the client IP address and MAC address

DTo transparently update the client IP address upon successful authentication

Answer : B

Question 4

Refer to the exhibit.

What would happen if the highlighted port with connected hosts was placed in both the Forced Registration and Forced Remediation port groups?

AMultiple enforcement groups could not contain the same port.

BOnly the higher ranked enforcement group would be applied.

CBoth types of enforcement would be applied.

DEnforcement would be applied only to rogue hosts.

Answer : B

In systems like FortiNAC, when a port is designated to be in multiple enforcement groups, it is common for only the higher-priority or higher-ranked group's policies to be applied. This is to prevent conflicting enforcement actions from being attempted on the same port. Although the specific details of the priority or ranking system are not provided in the extracted references, the principle of hierarchical policy enforcement suggests that only the policies of the higher-ranked group would be applied to the port.

Reference

FortiNAC documentation would typically outline this behavior in sections discussing port group enforcement or policy application.

Question 5

Which group type can have members added directly from the FortiNAC Control Manager?

AAdministrator

BDevice

CPort

DHost

Answer : B

The study guide explains that there are six different types of groups in FortiNAC, including device, host, IP phone, port, user, and administrator groups. Groups created by administrative users or imported as a result of an LDAP integration can be used to organize elements but do not enforce any type of control or functionality directly

Question 6

Which three are components of a security rule? (Choose three.)

AMethods

BSecurity String

CTrigger

DUser or host profile

EAction

Answer : C, D, E

Components of a security rule in FortiNAC include:

Trigger: The condition or event that initiates the evaluation of the rule.

User or Host Profile: A requirement that can be added to a rule to specify the user or host profile that must be matched.

Action: The activities or responses that FortiNAC performs when the rule is matched.

Reference

FortiNAC 7.2 Study Guide, page 419

Question 7

In a wireless integration, what method does FortiNAC use to obtain connecting MAC address information?

ASNMP traps

BRADIUS

CEndstation traffic monitoring
D Link traps

Answer : B

In a wireless integration, FortiNAC uses RADIUS to obtain connecting MAC address information. This includes RADIUS requests to FortiNAC and subsequent RADIUS responses from FortiNAC to the requesting device

Fortinet NSE 6 - FortiNAC 7.2 NSE6_FNC-7.2 Exam Questions