Fortinet NSE7_SAC-6.2 Exam Practice Test Instant Access

Question 1

What is the purpose of configuring the Windows Active Directory Domain Authentication feature?

AAllows FortiAuthentJcator to register itself as a Windows trusted device to proxy CHAP authentication using Kerberos.

BAllows FortiAuthenticator to use Windows administrator credentials to perform an LDAP lookup for a user search.

CAllows FortiAuthenticator to use a Windows CA certificate when authenticating RADIUS users.

DAllows FortiAuthenticator to authenticate users listed on Windows AD. Enables single sign-on services for VPN and wireless users.

Answer : D

https://docs.fortinet.com/document/fortiauthenticator/6.0.0/administration-guide/641286/remote-authentication-servers

Question 2

Refer to the exhibit.

Examine the configuration of the FortiSwitch security policy profile.

If the security profile shown in the exhibit is assigned on the FortiSwitch port for 802 1X. port authentication, which statement is correct?

AHost machines that do support 802.1X authentication, but have failed authentication, will be assigned the guest VLAN.

BAll unauthenticated users will be assigned the auth-fail VLAN.

CAuthenticated users that are part of the wired-users group will be assigned the guest VLAN.

DHost machines that do not support 802.1X authentication will be assigned the guest VLAN.

Answer : C

Question 3

Which two EAP methods can use MSCHAP2 for client authentication? (Choose two.)

AGPEAP

BEAP-TTLS

CEAP-TLS

DEAP-GTC

Answer : C, D

https://docs.fortinet.com/document/fortiauthenticator/6.0.0/administration-guide/125951/extensible-authentication-protocol

Question 4

Refer to the exhibit.

Examine the output of the debug command and port configuration shown in the exhibit.

FortiGate learned the MAC address 78:2b:cb:d8:36:68 dynamically.

What action does FortiSwitch take if there is an untagged frame coming to port1 will different MAC address?

AThe frame is accepted and assigned to the quarantine VLAN

BThe frame is accepted and FortiSwitch will update its mac address table with the new MAC address.

CThe frame is dropped.

DThe frame is accepted and assigned to the user VLAN.

Answer : A

Question 5

Examine the sections of the configuration shown in the following output;

What action will the FortiGate take when using OCSP certificate validation?

AFortiGate will reject the certificate if the OCSP server replies that the certificate is unknown.

BFortiGate will use the OCSP server 10.0.1.150 even when the OCSP URL field in the user certificate contains a different OCSP server IP address.

CFortiGate will use the OCSP server 10.0.1.150 even when there is a different OCSP IP address in the ocsp-override-server option under config user peer.

DFortiGate will invalidate the certificate if the OSCP server is unavailable.

Answer : D

Question 6

Which step can be taken to ensure that only FortiAP devices receive IP addresses from a DHCP server on FortiGate?

AChange the interface addressing mode to FortiAP devices.

BCreate a reservation list in the DHCP server settings.

CConfigure a VCI string value of FortiAP in the DHCP server settings.

DUse DHCP option 138 to assign IPs to FortiAP devices.

Answer : C

Question 7

An administrator is deploying APs that are connecting over an IPsec network. All APs have been configured to connect to FortiGate manually. FortiGate can discover the APs and authorize them. However, FortiGate is unable to establish CAPWAP tunnels to manage the APs.

Which configuration setting can the administrator perform to resolve the problem?

ADecrease the CAPWAP tunnel MTU size for APs to prevent fragmentation.

BEnable CAPWAP administrative access on the IPsec interface.

CUpgrade the FortiAP firmware image to ensure compatibility with the FortiOS version.

DAssign a custom AP profile for the remote APs with the set mpls-connection option enabled.

Answer : B

Fortinet NSE 7 - Secure Access 6.2 NSE7_SAC-6.2 Exam Practice Test