Fortinet NSE7_SAC-6.2 Exam Practice Test Instant Access

Question 1

Refer to the exhibit.

Examine the VAP configuration and the WiFi zones table shown in the exhibits.

Which two statements describe FortiGate behavior regarding assignment of

AFortiGate will load balance clients using VLAN 101 and VLAN 102 and assign them an IP address from the 10.0.3.0/24 subnet.

BClients connecting to APs in the Floor l group will notbe able to receive an IP address.

CAll clients connecting to the Corp SSID will receive an IP address from the 10.0.3.1/24 subnet.

DClients connecting to APs in the office group will be assigned an IP address from the 10.0.20.1/24 subnet.

Answer : B, D

Question 2

Which two statements about the use of digital certificates are true? (Choose two.)

AAn intermediate CA can sign server certificates.

BAn intermediate CA can sign another intermediate CA certificate.

CThe end entity's certificate can only be created by an intermediate CA.

DAn intermediate CA can validate the end entity certificate signed by another intermediate CA

Answer : B, D

Question 3

Which CLI command should an administrator use to view the certificate validation process in real-time?

Adiagnose debug application certd -1

Bdiagnose debug application fnbamd -1

Cdiagnose debug application authd -1

Ddiagnose debug application foauthd -1

Answer : B

Question 4

What does DHCP snooping MAC verification do?

ADrops DHCP release packets on untrusted ports

BDrops DHCP packets with no relay agent information (option 82) on untrusted ports

CDrops DHCP offer packets on untrusted ports

DDrops DHCP packets on untrusted ports when the client hardware address does not match the source MAC address

Answer : D

https://docs.fortinet.com/document/fortiswitch/6.4.2/administration-guide/335964/dhcp-snooping (note)

Question 5

Refer to the exhibit.

Given the network topology shown in the exhibit, which two ports should be configured as untrusted DHCP ports? (Choose two.)

AFortiSwitch B, port1

BFortiSwitch A, port2

CFortiSwitch B, port2

DFortiSwitch A, port1

Answer : C, D

Question 6

Refer to the exhibit.

Examine the output of the debug command and port configuration shown in the exhibit.

FortiGate learned the MAC address 78:2b:cb:d8:36:68 dynamically.

What action does FortiSwitch take if there is an untagged frame coming to port1 will different MAC address?

AThe frame is accepted and assigned to the quarantine VLAN

BThe frame is accepted and FortiSwitch will update its mac address table with the new MAC address.

CThe frame is dropped.

DThe frame is accepted and assigned to the user VLAN.

Answer : A

Question 7

Refer to the exhibit showing certificate values.

Wireless guest users are unable to authenticate because they are getting a certificate error while loading the captive portal login page This URL string is the HTTPS POST URL guest wireless users see when attempting to access the network using the web browser:

Which two settings are the likely causes of the issue? (Choose two.)

AThe external server FQDN is incorrect.

BThe FortiGate authentication interface address is using Hi IPS.

CThe wireless user's browser is missing a CA certificate.

DThe user address is not in DDNS form.

Answer : A, C

Fortinet NSE7_SAC-6.2 Fortinet NSE 7 - Secure Access 6.2 Exam Practice Test