Fortinet NSE7_SAC-6.2 Exam Practice Test Instant Access

Question 1

Refer to the exhibit.

A host machine connected to port2 on ForitSwitch cannot connect to the network. All ports on FortiSwitch are assigned a security policy to enforce 802.1X port authentication. While troubleshooting the issue, the administrator runs the debug command and obtains the output shown in the exhibit.

Which two scenarios are the likely cause of this issue? (Choose two.)

AThe host machine is not configured for 802.1X port authentication.

BThe host machine does not support 802.1X authentication

CThe host machine is quarantined due to a security incident.

DThe host machine is configured with wrong VLAN ID.

Answer : A, B

https://kb.fortinet.com/kb/documentLink.do?externalID=FD46428

Question 2

Refer to the exhibits.

Examine the firewall policy configuration and SSID settings.

An administrator has configured a guest wireless network on FortiGate using the external captive portal. The administrator has verified that the external captive portal URL is correct. However, wireless users are not able to see the captive portal login page.

Given the configuration shown in the exhibit and the SSID settings, which configuration change should the administrator make to fix the problem?

AEnable the caprive-por-al-exempt option in the firewall policy with the ID 11.

BApply a guest.portal user group in the firewall policy with the ID 11.

CDisable the user group from the SSID configuration.

DInclude the wireless client subnet range in the Exempt Source section.

Answer : C

Question 3

A FotliGate has the following LDAP configuration

On the Windows LDAP server 10.0.1.10, the administrator used dsqueryT which returned the following output:

>dsquery user -samid admin* "CN=AdministratorrCN=UsersiDC=trainingAD;DC=trainingiDC=lab"

According to the output, which FortiGate LDAP setting is configured incorrectly?

Adn

BsAMAccountName

Cusername

Dcnid

Answer : B

Question 4

An administrator is deploying APs that are connecting over an IPsec network. All APs have been configured to connect to FortiGate manually. FortiGate can discover the APs and authorize them. However, FortiGate is unable to establish CAPWAP tunnels to manage the APs.

Which configuration setting can the administrator perform to resolve the problem?

ADecrease the CAPWAP tunnel MTU size for APs to prevent fragmentation.

BEnable CAPWAP administrative access on the IPsec interface.

CUpgrade the FortiAP firmware image to ensure compatibility with the FortiOS version.

DAssign a custom AP profile for the remote APs with the set mpls-connection option enabled.

Answer : B

Question 5

Refer to the exhibit.

Examine the network topology shown in the exhibit.

Which port should have root guard enabled?

AFortiSwitch A, port2

BFortiSwitch A, port1

CFortiSwitch B. port1

DFortiSwitch B. port2

Answer : A

https://docs.fortinet.com/document/fortiswitch/6.4.2/administration-guide/364614/spanning-tree-protocol

Question 6

Refer to the exhibit.

The exhibit shows two FortiGate devices in active-passive HA mode, including four FortiSwitch devices connected to a ring.

Which two configurations are required to deploy this network topology'' (Choose two.)

AConfigure link aggregation interfaces on the FortiLink interfaces.

BConfigure the trunk interfaces on the FortiSwitch devices as MCLAG-ISL.

CEnable f ortilink-split-interf ace on the FortiLink interfaces.

DEnable STP on the FortiGate interfaces.

Answer : C, D

https://www.fortinetguru.com/2019/07/fortilink-configuration-using-the-fortigate-gui/

Question 7

Refer to the exhibit.

In the WTP profile configuration shown in the exhibit, the AP profile is assigned to two FAP-320 APs that are installed in an open plan office

*The first AP has 32 clients associated to the 5GHz radios and 22 clients associated to the 2.4GHz radio.

*The second AP has 12 clients associated to the 5GHz radios and 20 clients associated to the 2.4GHz radio.

A dual band-capable client enters the office near the first AP and the first AP measures the new client at -33 dBm signal strength. The second AP measures the new client at - 4 3 dBm signal strength.

If the new client attempts to connect to the corporate wireless network, to which AP radio will the client be associated?

AThe second AP 5GHz interface.

BThe first AP 2.4GHz interface.

CThe first AP 5GHz interface.

DThe second AP 2.4GHz interface.

Answer : A

Fortinet NSE7_SAC-6.2 Fortinet NSE 7 - Secure Access 6.2 Exam Practice Test