View all questions & answers for the NSE 5 - FortiSwitch 7.6 Administrator Exam Materials exam


Question 35 Discussion

Which two are valid traffic processing actions that a FortiSwitch access control list (ACL) can apply to matching traffic? (Choose two answers)

  • A. Redirect frames to another port.
  • B. Assign traffic to a high-priority egress queue.
  • C. Encrypt frames
  • D. Drop frames.
Correct Answer: A,D

Brave-Dump Clients Votes

BD 66.67%
AD 33.33%

Comments



javaughn Bryan 2025-12-11 02:29:50

Selected Answers: A, D


PAGE: 358 | FORTISWITCH 7.6 ADMIN GJUIDE

ACLs enable you to perform multiple actions on matching traffic that enters and leaves the switch. You can configure FortiSwitch to perform the following type of actions on traffic:

Traffic processing: count, drop, redirect, or mirror frames
QoS: rate limit, set egress queue, or remark Class of Service (COS) and Differentiated Services Code Point (DSCP) values on frames .
VLAN: set outer VLAN tag on frames

To match traffic on ACLs, you configure classifiers.
Classifiers enable you to match traffic using multiple criteria such as destination and source IP addresses, destination and source MAC addresses, CoS and DSCP values, and VLAN ID. FortiSwitch checks ACL policies from top to bottom until it finds a match.

You can configure ACLs at different stages of the traffic processing pipeline. Depending on the FortiSwitch model, there are up to three different stages you can configure ACLs on:

Ingress: This is the second stage for ingress traffic. It supports a higher number of actions .
Prelookup: This is the first stage in the pipeline for ingress traffic. It takes place before the switch performs layer 2 and layer 3 lookups, and it supports a reduced number of actions. If the action you need is supported at this stage, then in most cases, it is better to apply the action at this point, before the switch handles the traffic any further.
Egress: Actions are applied on egress traffic only.

Most FortiSwitch models support ACLs at the ingress stage. However, only some models support ACLs at the prelookup and egress stages

John 2025-12-20 21:24:39

Selected Answers: B, D


B and D are correct. Option A is incorrect due to inaccurate wording and unsupported behavior.

From the FortiSwitch 7.6 Administrator Study Guide, page 358, under the section titled Access Control Lists (ACLs), Fortinet explicitly defines the actions that ACLs can apply to matching traffic.

Fortinet first states:

“ACLs enable you to perform multiple actions on matching traffic that enters and leaves the switch.”
— FortiSwitch 7.6 Administrator Study Guide, page 358

Fortinet then lists the actions ACLs can apply, broken into categories.

ACL Traffic Processing Actions

Fortinet states:

“Traffic processing: count, drop, redirect, or mirror frames.”
— Page 358

This explicitly supports option D (Drop frames).

ACL QoS Actions

In the same ACL section, Fortinet further states:

“QoS: set egress queue, or remark Class of Service (CoS) and Differentiated Services Code Point (DSCP) values on frames.”
— Page 358

Because this statement appears within the ACL section and is explicitly listed as an action ACLs can apply, assigning traffic to a high-priority egress queue is a valid ACL action. This directly supports option B.

Why Option A Is Incorrect

Option A states:

“Redirect frames to another port.”

While the study guide lists redirect as a traffic-processing action, Fortinet does not define ACL redirect as forwarding frames to another physical switch port.

Specifically:

The study guide provides no configuration syntax, no examples, and no description that allows an ACL to specify a destination port for redirected traffic.

When Fortinet intends port-based behavior, it documents it explicitly (for example, with traffic mirroring, which requires a monitor port).

No such port-based definition exists for ACL redirect.

Therefore, the phrase “to another port” introduces functionality that is not documented or supported by FortiSwitch ACLs and misrepresents the meaning of redirect in this context.

ACL redirect refers to internal traffic handling, not physical port-to-port forwarding.

Conclusion

B is correct because Fortinet explicitly states that ACLs can set the egress queue (page 358).

D is correct because Fortinet explicitly lists drop as an ACL traffic-processing action.

A is incorrect because Fortinet does not define ACL redirect as forwarding frames to another physical port, and the study guide provides no documentation supporting that behavior.

Accordingly, the correct answers are B and D.

John 2025-12-27 20:37:18

Selected Answers: B, D


B & D ARE CORRECT
B is clearly stated in FS 7.6 Study Guide pg.266 & (I HIGHLIGHTED IN ALL CAPS)


Exact Quote:
FortiSwitch supports QoS by offering the following mechanisms:
• Marking: FortiSwitch trusts the existing class of service (COS) or Differentiated Services Code Point
(DSCP) markings in a packet or can apply new ones (also known as remarking), USING ACCESS CONTROL LISTS (ACLs). You will learn more about ACLs in another lesson

D. WILL ALWAYS BE CORRECT FOR ANY ACL ON ANY SWITCH OR ROUTER THIS ONE IS A NO BRAINER.