Fortinet NSE7_SAC-6.2 Exam Questions Instant Access

Question 1

Refer to the exhibit.

Examine the configuration of the FortiSwitch security policy profile.

If the security profile shown in the exhibit is assigned on the FortiSwitch port for 802 1X. port authentication, which statement is correct?

AHost machines that do support 802.1X authentication, but have failed authentication, will be assigned the guest VLAN.

BAll unauthenticated users will be assigned the auth-fail VLAN.

CAuthenticated users that are part of the wired-users group will be assigned the guest VLAN.

DHost machines that do not support 802.1X authentication will be assigned the guest VLAN.

Answer : C

Question 2

Refer to the exhibit.

Examine the VAP configuration and the WiFi zones table shown in the exhibits.

Which two statements describe FortiGate behavior regarding assignment of

AFortiGate will load balance clients using VLAN 101 and VLAN 102 and assign them an IP address from the 10.0.3.0/24 subnet.

BClients connecting to APs in the Floor l group will notbe able to receive an IP address.

CAll clients connecting to the Corp SSID will receive an IP address from the 10.0.3.1/24 subnet.

DClients connecting to APs in the office group will be assigned an IP address from the 10.0.20.1/24 subnet.

Answer : B, D

Question 3

Refer to the exhibit.

Examine the output of the debug command and port configuration shown in the exhibit.

FortiGate learned the MAC address 78:2b:cb:d8:36:68 dynamically.

What action does FortiSwitch take if there is an untagged frame coming to port1 will different MAC address?

AThe frame is accepted and assigned to the quarantine VLAN

BThe frame is accepted and FortiSwitch will update its mac address table with the new MAC address.

CThe frame is dropped.

DThe frame is accepted and assigned to the user VLAN.

Answer : A

Question 4

Refer to the exhibit.

The exhibit shows a network topology and SSID settings.

FortiGate is configured to use an external captive portal. However, wireless users are not able to see the captive portal login page.

Which configuration change should the administrator make to fix the problem?

ACreate a firewall policy to allow traffic from the Guest SSID to FortiAuthenticator and Windows AD devices.

BEnable the captive-portal-exempt option in the firewall policy with the ID 10.

CRemove guest.portal user group in the firewall policy.

DFortiAuthenticator and WindowsAD address objects should be added as exempt sources.

Answer : B

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/868644/captive-portals

Question 5

What does DHCP snooping MAC verification do?

ADrops DHCP release packets on untrusted ports

BDrops DHCP packets with no relay agent information (option 82) on untrusted ports

CDrops DHCP offer packets on untrusted ports

DDrops DHCP packets on untrusted ports when the client hardware address does not match the source MAC address

Answer : D

https://docs.fortinet.com/document/fortiswitch/6.4.2/administration-guide/335964/dhcp-snooping (note)

Question 6

What action does FortiSwitch take when it receives a loop guard data packet (LGDP) that was sent by itself?

AThe receiving port is shut down.

BThe sending port is shut down.

CThe receiving port is moved to the STP blocking state.

DThe sending port is moved to the STP blocking state

Answer : B

https://www.scribd.com/document/468940309/Secure-Access-6-0-Study-Guide-Online-pdf

Question 7

A FotliGate has the following LDAP configuration

On the Windows LDAP server 10.0.1.10, the administrator used dsqueryT which returned the following output:

>dsquery user -samid admin* "CN=AdministratorrCN=UsersiDC=trainingAD;DC=trainingiDC=lab"

According to the output, which FortiGate LDAP setting is configured incorrectly?

Adn

BsAMAccountName

Cusername

Dcnid

Answer : B

Fortinet NSE 7 - Secure Access 6.2 NSE7_SAC-6.2 Exam Questions