Certbus > Fortinet > Network Security Architect > NSE7_SAC-6.2 > NSE7_SAC-6.2 Online Practice Questions and Answers

NSE7_SAC-6.2 Online Practice Questions and Answers

Questions 4

Refer to the exhibit.

In the WTP profile configuration shown in the exhibit, the AP profile is assigned to two FAP-320 APs that are installed in an open plan office.

1.

The first AP has 32 clients associated to the 5GHz radios and 22 clients associated to the 2.4GHz

radio.

2.

The second AP has 12 clients associated to the 5GHz radios and 20 clients associated to the 2.4GHz radio.

A dual band-capable client enters the office near the first AP and the first AP measures the new client at −33 dBm signal strength. The second AP measures the new client at −43 dBm signal strength.

In the new client attempts to connect to the corporate wireless network, to which AP radio will the client be associated?

A. The second AP 5GHz interface.

B. The first AP 2.4GHz interface.

C. The first AP 5GHz interface.

D. The second AP 2.4GHz interface.

Browse 30 Q&As
Questions 5

A wireless network in a school provides guest access using a captive portal to allow unregistered users to self-register and access the network. The administrator is requested to update the existing configuration to provide captive portal authentication through a secure connection (HTTPS) to protect and encrypt guest user credentials after they receive the login information when registered for the first time.

Which two changes must the administrator make to enforce HTTPS authentication? (Choose two.)

A. Provide instructions to users to use HTTPS to access the network.

B. Create a new SSID with the HTTPS captive portal URL.

C. Enable Redirect HTTP Challenge to a Secure Channel (HTTPS) in the user authentication settings

D. Update the captive portal URL to use HTTPS on FortiGate and FortiAuthenticator

Browse 30 Q&As
Questions 6

Refer to the exhibit.

A host machine connected to port2 on FortiSwitch cannot connect to the network. All ports on FortiSwitch are assigned a security policy to enforce 802.1X port authentication. While troubleshooting the issue, the administrator runs the debug command and obtains the output shown in the exhibit.

Which two scenarios are the likely cause of this issue? (Choose two.)

A. The host machine is not configured for 802.1X port authentication.

B. The host machine does not support 802. 1X authentication.

C. The host machine is quarantined due to a security incident.

D. The host machine is configured with wrong VLAN ID.

Browse 30 Q&As
Questions 7

What action does FortiSwitch take when it receives a loop guard data packet (LGDP) that was sent by itself?

A. The receiving port is shut down.

B. The sending port is shut down

C. The receiving port is moved to the STP blocking state.

D. The sending port is moved to the STP blocking state

Browse 30 Q&As
Questions 8

What does DHCP snooping MAC verification do?

A. Drops DHCP release packets on untrusted ports

B. Drops DHCP packets with no relay agent information (option 82) on untrusted ports

C. Drops DHCP offer packets on untrusted ports

D. Drops DHCP packets on untrusted ports when the client hardware address does not match the source MAC address

Browse 30 Q&As
Questions 9

Refer to the exhibits.

Examine the firewall policy configuration and SSID settings.

An administrator has configured a guest wireless network on FortiGate using the external captive portal. The administrator has verified that the external captive portal URL is correct. However, wireless users are not able to see the captive portal login page.

Given the configuration shown in the exhibit and the SSID settings, which configuration change should the administrator make to fix the problem?

A. Enable the captive-portal-exemptoption in the firewall policy with the ID 11.

B. Apply a guest.portal user group in the firewall policy with the ID 11.

C. Disable the user group from the SSID configuration.

D. Include the wireless client subnet range in the Exempt Source section.

Browse 30 Q&As
Questions 10

Refer to the exhibit.

Examine the configuration of the FortiSwitch security policy profile.

If the security profile shown in the exhibit is assigned on the FortiSwitch port for 802.1X.port authentication, which statement is correct?

A. Host machines that do support 802.1X authentication, but have failed authentication, will be assigned the guest VLAN.

B. All unauthenticated users will be assigned the auth-fail VLAN.

C. Authenticated users that are part of the wired-users group will be assigned the guest VLAN.

D. Host machines that do not support 802.1X authentication will be assigned the guest VLAN.

Browse 30 Q&As
Questions 11

Refer to the exhibits.

Examine the VAP configuration and the WiFi zones table shown in the exhibits.

Which two statements describe FortiGate behavior regarding assignment of VLANs to wireless clients? (Choose two.)

A. FortiGate will load balance clients using VLAN 101 and VLAN 102 and assign them an IP address from the 10.0.3.0/24 subnet.

B. Clients connecting to APs in the Floor 1 group will not be able to receive an IP address.

C. All clients connecting to the Corp SSID will receive an IP address from the 10.0.3.1/24 subnet.

D. Clients connecting to APs in the Office group will be assigned an IP address from the 10.0.20.1/24 subnet.

Browse 30 Q&As
Questions 12

What is the purpose of configuring the Windows Active Directory Domain Authentication feature?

A. Allows FortiAuthenticator to register itself as a Windows trusted device to proxy CHAP authentication using Kerberos.

B. Allows FortiAuthenticator to use Windows administrator credentials to perform an LDAP lookup for a user search.

C. Allows FortiAuthenticator to use a Windows CA certificate when authenticating RADIUS users.

D. Allows FortiAuthenticator to authenticate users listed on Windows AD. Enables single sign-on services for VPN and wireless users.

Browse 30 Q&As
Questions 13

Refer to the exhibit.

Examine the partial debug output shown in the exhibit.

Which two statements about the debug output are true? (Choose two.)

A. The connection to the LDAP server timed out.

B. The user authenticated successfully.

C. The LDAP server is configured to use regular bind.

D. The debug output shows multiple user authentications.

Browse 30 Q&As
Questions 14

Which CLI command should an administrator use to view the certificate validation process in real-time?

A. diagnose debug application certd -1

B. diagnose debug application fnbamd -1

C. diagnose debug application authd -1

D. diagnose debug application foauthd -1

Browse 30 Q&As
Questions 15

Refer to the exhibit.

The exhibit shows two FortiGate devices in active-passive HA mode, including four FortiSwitch devices

connected to a ring.

Which two configurations are required to deploy this network topology? (Choose two.)

A. Configure link aggregation interfaces on the FortiLink interfaces.

B. Configure the trunk interfaces on the FortiSwitch devices as MCLAG-ISL.

C. Enable fortilink-split-interfaceon the FortiLink interfaces.

D. Enable STP on the FortiGate interfaces.

Browse 30 Q&As
Questions 16

Refer to the exhibit showing certificate values.

Wireless guest users are unable to authenticate because they are getting a certificate error while loading the captive portal login page. This URL string is the HTTPS POST URL guest wireless users see when attempting to access the network using the web browser:

https://fac.trainingad.training.com/guests/login/?loginandpost=https://auth.trainingad.training.1ab:1003/fgtauthandmagic=000a038293d1f411andusermac=b8:27:eb:d8:50:02andapmac=70:4c:a5:9d:0d:28andapip=10.10.100.2anduserip=10.0.3.1andssid=Guest03andapname=PS221ETF18000148andbssid=70:4c:a5:9d:0d:30

Which two settings are the likely causes of the issue? (Choose two.)

A. The external server FQDN is incorrect.

B. The FortiGate authentication interface address is using HTTPS.

C. The wireless user's browser is missing a CA certificate.

D. The user address is not in DDNS form.

Browse 30 Q&As
Questions 17

Examine the following output from the FortiLink real-time debug.

Based on the output, what is the status of the communication between FortiGate and FortiSwitch?

A. FortiGate is unable to authorize the FortiSwitch.

B. FortiGate is unable to establish FortiLink tunnel to manage the FortiSwitch.

C. FortiGate is unable to located a previously managed FortiSwitch.

D. The FortiLink heartbeat is up.

Browse 30 Q&As
Questions 18

A FortiGate has the following LDAP configuration.

On the Windows LDAP server 10.0.1.10, the administrator used dsquery, which returned the following output:

>dsquery user -samid admin*

"CN=Administrator,CN=Users,DC=trainingAD,DC=training,DC=lab"

According to the output, which FortiGate LDAP setting is configured incorrectly?

A. dn

B. sAMAccountName

C. username

D. cnid

Browse 30 Q&As
Exam Code: NSE7_SAC-6.2
Exam Name: Fortinet NSE 7 - Secure Access 6.2
Last Update: Mar 24, 2024
Questions: 30 Q&As

PDF

$45.99

VCE

$49.99

PDF + VCE

$59.99