View all questions & answers for the NSE 5 - FortiSwitch 7.6 Administrator Exam Materials exam


Question 60 Discussion

Which statement about 802.1X security profiles using MAC-based authentication mode is true? (Choose one answer)

  • A. FortiSwitch can implement the use of an access point (AP) for this mode.
  • B. FortiSwitch can grant each device a different access level based on the credentials provided.
  • C. FortiSwitch must communicate with the RADIUS server to authenticate devices.
  • D. FortiSwitch allows connectivity to all hosts connected to a port, if one host is authenticated.
Correct Answer: B

Brave-Dump Clients Votes

B 100%

Comments



javaughn Bryan 2025-12-18 18:26:23

Selected Answers: B


To configure 802.1X authentication on FortiSwitch, you must first create a security policy. When you configure a security policy, you must select Port-based or MAC-based in the Security mode field. Port-based is preferred when you expect a single host per port to authenticate, even though multiple hosts may connect to the same port. Under this scenario, FortiSwitch authenticates a single host and opens the port to other devices behind the port.

A use case for this scenario could be an access point (AP). After the AP authenticates against the switch, any of its connected devices can access the network, despite them using a different MAC address from the one used by the AP during authentication. In addition, all devices are granted the same access level assigned to the AP. However, if you want to authenticate each device behind a port, and optionally, grant each device a different access level based on the credentials provided, then MAC-based is required. Security-wise, MAC-based is preferred because each host (or MAC address) behind the port must authenticate to access the network. Performance-wise, port-based is better because only a single host is required to authenticate.

PAGE: 215 | FORTISWITCH 7.6 ADMIN GUIDE