Fortinet NSE6_FNC-9.1 Exam Practice Test Instant Access

Question 1

What causes a host's state to change to "at risk"?

AThe host has failed an endpoint compliance policy or admin scan.

BThe logged on user is not found in the Active Directory.

CThe host has been administratively disabled.

DThe host is not in the Registered Hosts group.

Answer : A

Failure -- Indicates that the host has failed the scan. This option can also be set manually. When the status is set to Failure the host is marked 'At Risk' for the selected scan.

p. 244 of the Study Guide, 'A state of at-risk indicates the host has failed a scan. This could be a compliance scan or an administrative scan.'

Question 2

By default, if more than 20 hosts are seen connected on a single port simultaneously, what will happen to the port?

AThe port is switched into the Dead-End VLAN.

BThe port becomes a threshold uplink.

CThe port is disabled.

DThe port is added to the Forced Registration group.

Answer : B

Admin Guide p. 754: Threshold Uplink---The Uplink mode has been set as Dynamic and FortiNAC has determined that the number of MAC addresses on the port exceeds the System Defined Uplink count. All hosts read on this port are ignored.

Question 3

When you create a user or host profile; which three criteria can you use? (Choose three.)

AAn applied access policy

BAdministrative group membership

CLocation

DHost or user group memberships

EHost or user attributes

Answer : C, D, E

Fortinac-admin-operations, P. 391

Question 4

Which three circumstances trigger Layer 2 polling of infrastructure devices? (Choose three.)

AManual polling

BScheduled poll timings

CA failed Layer 3 poll

DA matched security policy

ELinkup and Linkdown traps

Answer : A, B, E

Question 5

With enforcement for network access policies and at-risk hosts enabled, what will happen if a host matches a network access policy and has a state of "at risk"?

AThe host is provisioned based on the default access defined by the point of connection.

BThe host is provisioned based on the network access policy.

CThe host is isolated.

DThe host is administratively disabled.

Answer : C

https://training.fortinet.com/pluginfile.php/1912463/mod_resource/content/26/FortiNAC_7.2_Study_Guide-Online.pdf C. Page 327 - moved to the quarantine isolation network

Question 6

When FortiNAC passes a firewall tag to FortiGate, what determines the value that is passed?

ASecurity rule

BDevice profiling rule

CRADIUS group attribute

DLogical network

Answer : D

Question 7

Which agent can receive and display messages from FortiNAC to the end user?

ADissolvable

BPersistent

CPassive

DMDM

Answer : B

Fortinet NSE6_FNC-9.1 Fortinet NSE 6 - FortiNAC 9.1 Exam Practice Test