Fortinet NSE7_SAC-6.2 Exam Practice Test Instant Access

Question 1

What action does FortiSwitch take when it receives a loop guard data packet (LGDP) that was sent by itself?

AThe receiving port is shut down.

BThe sending port is shut down.

CThe receiving port is moved to the STP blocking state.

DThe sending port is moved to the STP blocking state

Answer : B

https://www.scribd.com/document/468940309/Secure-Access-6-0-Study-Guide-Online-pdf

Question 2

Refer to the exhibit.

Examine the VAP configuration and the WiFi zones table shown in the exhibits.

Which two statements describe FortiGate behavior regarding assignment of

AFortiGate will load balance clients using VLAN 101 and VLAN 102 and assign them an IP address from the 10.0.3.0/24 subnet.

BClients connecting to APs in the Floor l group will notbe able to receive an IP address.

CAll clients connecting to the Corp SSID will receive an IP address from the 10.0.3.1/24 subnet.

DClients connecting to APs in the office group will be assigned an IP address from the 10.0.20.1/24 subnet.

Answer : B, D

Question 3

A wireless network in a school provides guest access using a captive portal to allow unregistered users to self-register and access the network. The administrator is requested to update the existing configuration to provide captive portal authentication through a secure connection (HTTPS) to protect and encrypt guest user credentials after they receive the login information when registered for the first time.

Which two changes must the administrator make to enforce HTTPS authentication? (Choose two.)

AProvide instructions to users to use HTTPS to access the network

BCreate a new SSID with the HTTPS captive portal URL

CEnable Redirect HTTP Challenge to a Secure Channel (HTTPS) in the user authentication settings

DUpdate the captive portal URL to use HTTPS on FortiGate and FortiAuthenticator

Answer : B, D

Question 4

Refer to the exhibit.

Examine the packet capture shown in the exhibit, which contains a RADIUS access request packet sent by FortiSwitch to a RADIUS server.

Why does the User-Name field in the RADIUS access request packet contain a MAC address?

AThe FortiSwitch interface is configured for 802 IX port authentication with MAC address bypass, and the connected device does not support 802.1X.

BFortiSwitch authenticates itself using its MAC address as the user name.

CThe connected device is doing machine authentication

DFortiSwitch is replying to an access challenge packet sent by the RADIUS server and requesting the client MAC address.

Answer : D

Question 5

Refer to the exhibit.

A host machine connected to port2 on ForitSwitch cannot connect to the network. All ports on FortiSwitch are assigned a security policy to enforce 802.1X port authentication. While troubleshooting the issue, the administrator runs the debug command and obtains the output shown in the exhibit.

Which two scenarios are the likely cause of this issue? (Choose two.)

AThe host machine is not configured for 802.1X port authentication.

BThe host machine does not support 802.1X authentication

CThe host machine is quarantined due to a security incident.

DThe host machine is configured with wrong VLAN ID.

Answer : A, B

https://kb.fortinet.com/kb/documentLink.do?externalID=FD46428

Question 6

Which two statements about the use of digital certificates are true? (Choose two.)

AAn intermediate CA can sign server certificates.

BAn intermediate CA can sign another intermediate CA certificate.

CThe end entity's certificate can only be created by an intermediate CA.

DAn intermediate CA can validate the end entity certificate signed by another intermediate CA

Answer : B, D

Question 7

Refer to the exhibit showing certificate values.

Wireless guest users are unable to authenticate because they are getting a certificate error while loading the captive portal login page This URL string is the HTTPS POST URL guest wireless users see when attempting to access the network using the web browser:

Which two settings are the likely causes of the issue? (Choose two.)

AThe external server FQDN is incorrect.

BThe FortiGate authentication interface address is using Hi IPS.

CThe wireless user's browser is missing a CA certificate.

DThe user address is not in DDNS form.

Answer : A, C

Fortinet NSE7_SAC-6.2 Fortinet NSE 7 - Secure Access 6.2 Exam Practice Test