Fortinet NSE7_SAC-6.2 Exam Questions Instant Access

Question 1

Default VLANs are created on FortiGate when the FortiLink interface is created. By default, which VLAN is set as Allowed VLANs on all FortiSwitch ports?

ASniffer VLAN

BCamera VLAN

CQuarantine VLAN

DVoice VLAN

Answer : A

Question 2

What action does FortiSwitch take when it receives a loop guard data packet (LGDP) that was sent by itself?

AThe receiving port is shut down.

BThe sending port is shut down.

CThe receiving port is moved to the STP blocking state.

DThe sending port is moved to the STP blocking state

Answer : B

https://www.scribd.com/document/468940309/Secure-Access-6-0-Study-Guide-Online-pdf

Question 3

An administrator has deployed dual band-capable wireless APs in a wireless network. Multiple 2.4 GHz wireless clients are connecting to the network, and subsequent monitoring shows that individual AP 2.4GHz interfaces are being overloaded with wireless connections.

Which configuration change would best resolve the overloading issue?

AConfigure load balancing AP handoff on both the AP interfaces on all APs.

BConfigure load balancing AP handoff on only the 2.4GHz interfaces of all Aps.

CConfigure load balancing frequency handoff on both the AP interfaces.

DConfigure a client limit on the all AP 2.4GHz interfaces.

Answer : C

Question 4

Refer to the exhibit.

Examine the partial debug output shown in the exhibit.

Which two statements about the debug output are true? (Choose two.)

AThe connection to the LDAP server timed out.

BThe user authenticated successfully.

CThe LDAP server is configured to use regular bind.

DThe debug output shows multiple user authentications.

Answer : B, C

Question 5

Refer to the exhibit.

The exhibit shows two FortiGate devices in active-passive HA mode, including four FortiSwitch devices connected to a ring.

Which two configurations are required to deploy this network topology'' (Choose two.)

AConfigure link aggregation interfaces on the FortiLink interfaces.

BConfigure the trunk interfaces on the FortiSwitch devices as MCLAG-ISL.

CEnable f ortilink-split-interf ace on the FortiLink interfaces.

DEnable STP on the FortiGate interfaces.

Answer : C, D

https://www.fortinetguru.com/2019/07/fortilink-configuration-using-the-fortigate-gui/

Question 6

A wireless network in a school provides guest access using a captive portal to allow unregistered users to self-register and access the network. The administrator is requested to update the existing configuration to provide captive portal authentication through a secure connection (HTTPS) to protect and encrypt guest user credentials after they receive the login information when registered for the first time.

Which two changes must the administrator make to enforce HTTPS authentication? (Choose two.)

AProvide instructions to users to use HTTPS to access the network

BCreate a new SSID with the HTTPS captive portal URL

CEnable Redirect HTTP Challenge to a Secure Channel (HTTPS) in the user authentication settings

DUpdate the captive portal URL to use HTTPS on FortiGate and FortiAuthenticator

Answer : B, D

Question 7

Examine the following RADIUS configuration:

An administrator has configured a RADIUS server on FortiGate that points to FortiAuthenticator. FortiAuthenticator is acting as an authentication proxy and is configured to relay all authentication requests to a remote Windows AD server using LDAP.

While testing the configuration, the administrator notices that the diagnose test authserver command works with PAP, however, authentication requests fail when using MSCHAPv2.

Which two changes should the administrator make to get MSCHAPv2 to work? (Choose two.)

AForce FortiGate to use the PAP authentication method in the RADIUS server configuration.

BChange the remote authentication server from LDAP to RADIUS on FortiAuthenticator.

CUse MSCHAP instead of using MSCHAPv2.

DEnable Windows Active Directory Domain Authentication on FortiAuthenticator to add FortiAuthenticator to the Windows domain

Answer : B, D

https://docs.fortinet.com/document/fortiauthenticator/6.0.0/administration-guide/641286/remote-authentication-servers

Fortinet NSE 7 - Secure Access 6.2 NSE7_SAC-6.2 Exam Questions