Fortinet NSE7_SAC-6.2 Exam Practice Test Instant Access

Question 1

Refer to the exhibit.

Given the network topology shown in the exhibit, which two ports should be configured as untrusted DHCP ports? (Choose two.)

AFortiSwitch B, port1

BFortiSwitch A, port2

CFortiSwitch B, port2

DFortiSwitch A, port1

Answer : C, D

Question 2

Refer to the exhibit.

A host machine connected to port2 on ForitSwitch cannot connect to the network. All ports on FortiSwitch are assigned a security policy to enforce 802.1X port authentication. While troubleshooting the issue, the administrator runs the debug command and obtains the output shown in the exhibit.

Which two scenarios are the likely cause of this issue? (Choose two.)

AThe host machine is not configured for 802.1X port authentication.

BThe host machine does not support 802.1X authentication

CThe host machine is quarantined due to a security incident.

DThe host machine is configured with wrong VLAN ID.

Answer : A, B

https://kb.fortinet.com/kb/documentLink.do?externalID=FD46428

Question 3

Examine the sections of the configuration shown in the following output;

What action will the FortiGate take when using OCSP certificate validation?

AFortiGate will reject the certificate if the OCSP server replies that the certificate is unknown.

BFortiGate will use the OCSP server 10.0.1.150 even when the OCSP URL field in the user certificate contains a different OCSP server IP address.

CFortiGate will use the OCSP server 10.0.1.150 even when there is a different OCSP IP address in the ocsp-override-server option under config user peer.

DFortiGate will invalidate the certificate if the OSCP server is unavailable.

Answer : D

Question 4

Which statement correctly describes the guest portal behavior on FortiAuthenticator?

ASponsored accounts cannot authenticate using guest portals.

BFortiAuthenticator uses POST parameters and a RADIUS client configuration to map the request to a guest portal for authentication.

CAll guest accounts must be activated using SMS or email activation codes.

DAll self-registered and sponsored accounts are listed on the local Users GUI page on FortiAuthenticator.

Answer : A

Question 5

Default VLANs are created on FortiGate when the FortiLink interface is created. By default, which VLAN is set as Allowed VLANs on all FortiSwitch ports?

ASniffer VLAN

BCamera VLAN

CQuarantine VLAN

DVoice VLAN

Answer : A

Question 6

Refer to the exhibit.

Examine the network topology shown in the exhibit.

Which port should have root guard enabled?

AFortiSwitch A, port2

BFortiSwitch A, port1

CFortiSwitch B. port1

DFortiSwitch B. port2

Answer : A

https://docs.fortinet.com/document/fortiswitch/6.4.2/administration-guide/364614/spanning-tree-protocol

Question 7

Refer to the exhibit.

Examine the partial debug output shown in the exhibit.

Which two statements about the debug output are true? (Choose two.)

AThe connection to the LDAP server timed out.

BThe user authenticated successfully.

CThe LDAP server is configured to use regular bind.

DThe debug output shows multiple user authentications.

Answer : B, C

Fortinet NSE 7 - Secure Access 6.2 NSE7_SAC-6.2 Exam Practice Test