Fortinet NSE6_FNC-7.2 Exam Questions Instant Access

Question 1

An administrator wants the Host At Risk event to generate an alarm. What is used to achieve this result?

AA security trigger activity

BA security filter

CAn event to alarm mapping

DAn event to action mapping

Answer : C

To generate an alarm from a Host At Risk event, an administrative user must create an Event to Alarm Mapping for the Vulnerability Scan Failed event. Within this alarm mapping, a host security action must be designated to mark the host at risk

Question 2

How does FortiGate update FortiNAC about VPN session information?

AAPI calls to FortiNAC

BSyslog messages

CSNMP traps

DSecurity Fabric Integration

Answer : B

Question 3

Which three capabilities does FortiNAC Control Manager provide? (Choose three.)

AGlobal visibility

BGlobal authentication security policies

CGlobal infrastructure device inventory

DGlobal version control

EPooled licenses

Answer : A, D, E

Question 4

Which two of the following are required for endpoint compliance monitors? (Choose two.)

APersistent agent

BLogged on user

CSecurity rule

DCustom scan

Answer : A, D

DirectDefense's analysis of FireEye Endpoint attests that the products help meet the HIPAA Security Rule.

In the menu on the left click the + sign next to Endpoint Compliance to open it.

https://docs.fortinet.com/document/fortinac/7.2.2/administration-guide/92047/add-or-modify-a-scan

Question 5

Which two methods can be used to gather a list of installed applications and application details from a host? (Choose two.)

AAgent technology

BPortal page on-boarding options

CMDM integration

DApplication layer traffic inspection

Answer : A, C

To gather a list of installed applications and application details from a host, two methods can be used:

Agent technology: FortiNAC uses agent technology to collect all installed applications on an endpoint.

Integration with MDMs (Mobile Device Management systems): MDMs that support application gathering can be integrated with FortiNAC to collect application information.

Reference

FortiNAC 7.2 Study Guide, page 302

Question 6

Where do you look to determine when and why the FortiNAC made an automated network access change?

AThe Event view

BThe Port Changes view

CThe Connections view

DThe Admin Auditing view

Answer : B

Study Guide p. 356: Any time FortiNAC changes network access for an endpoint, the change is documented on the Port Changes view. This provides an administrator with valuable information when validating control configurations and enforcement.

Question 7

Where should you configure MAC notification traps on a supported switch?

AConfigure them only after you configure linkup and linkdown traps.

BConfigure them on all ports on the switch.

CConfigure them only on ports set as 802 1g trunks.

DConfigure them on all ports except uplink ports.

Answer : C

In general, for network switches supporting MAC notification traps, it's advisable to configure these traps on all ports except uplink ports. Uplink ports are used for connecting to other switches or network infrastructure devices and typically don't need MAC notification traps, which are more relevant for end-device connectivity monitoring.

The study guide specifies that MAC notification traps should not be configured on interfaces that are uplinks. They are the preferred method for learning and updating Layer 2 information and should be used whenever available, but not on uplink interfaces.

Fortinet NSE 6 - FortiNAC 7.2 NSE6_FNC-7.2 Exam Questions