Fortinet NSE6_FNC-7.2 Exam Practice Test Instant Access

Question 1

How are logical networks assigned to endpoints?

AThrough device profiling rules

BThrough network access policies

CThrough Layer 3 polling configurations

DThrough FortiGate IPv4 policies

Answer : A

Logical networks are assigned to endpoints through device profiling rules in FortiNAC. These networks appear in device Model Configuration views and are used for endpoint isolation based on the endpoint's state or status

Question 2

Which devices would be evaluated by device profiling rules?

ARogue devices, each time they connect

BAll hosts, each time they connect

CKnown trusted devices, each time they change location

DRogue devices, only when they are initially added to the database

Answer : B

Device profiling rules in FortiNAC are used to evaluate and classify rogue devices. These rules can be configured to automatically, manually, or through sponsorship evaluate and classify unknown untrusted devices as they are identified and created.

Reference

FortiNAC 7.2 Study Guide, page 98

Question 3

Two FortiNAC devices have been configured in an HA configuration. After five failed heartbeats between the primary device and secondary device, the primary device fail to ping the designated gateway. What happens next?

AThe primary device continues to operate as the in-control device and changes the status or secondary device to contact lost.

BThe primary device changes its designation to secondary, and the secondary device changes to primary.

CThe primary device shuts down NAC processes and changes to a management down status.

DThe primary device waits 3 minutes and attempts to re-establish the HA heartbeat before attempting a second ping of the gateway.

Answer : C

Question 4

Which command line shell and scripting language does FortiNAC use for WinRM?

ALinux

BBash

CDOS

DPowershell

Answer : D

Open Windows PowerShell or a command prompt. Run the following command to determine if you already have WinRM over HTTPS configured.

Admin Guide on p. 362, 'Matches if the device successfully responds to a WinRM client session request. User name and password credentials are required. If there are multiple credentials, each set of credentials will be attempted to find a potential match. The commands are used to automate interaction with the device. Each command is run via Powershell.'

Question 5

In which view would you find who made modifications to a Group?

AThe Event Management view

BThe Security Events view

CThe Alarms view

DThe Admin Auditing view

Answer : D

It's important to audit Group Policy changes in order to determine the details of changes made to Group Policies by delegated users.

Question 6

Which three communication methods are used by FortiNAC to gather information from and control, infrastructure devices? (Choose three.)

ACLI

BSMTP

CSNMP

DFTP

ERADIUS

Answer : A, C, E

FortiNAC Study Guide 7.2 | Page 11

FortiNAC uses various methods to communicate with infrastructure devices such as SNMP for discovery and ongoing management, SSH or Telnet through the CLI for tasks related to the infrastructure, and RADIUS for handling specific types of requests

Question 7

What agent is required in order to detect an added USB drive?

APersistent

BDissolvable

CMobile

DPassive

Answer : A

Expand the Persistent Agent folder. Select USB Detection from the tree.

1. Click System > Settings.

2. Expand the Persistent Agent folder.

3. Select USB Detection from the tree.

4. Click Add or select an existing USB drive and click Modify.

Fortinet NSE 6 - FortiNAC 7.2 NSE6_FNC-7.2 Exam Practice Test