● Fortinet NSE 6 - FortiNAC 7.2 Actual Exam Materials

The Actual questions for Fortinet NSE 6 - FortiNAC 7.2 (NSE6_FNC-7.2) - Updated Weekly
Exam Questions: 51
Question #1
Comment Image Comment Image

Which devices are evaluated by device profiling rules? (Choose one answer)

  • A. All hosts, each time they connect
  • B. Known trusted devices, each time they connect
  • C. Rogue devices, only when they are initially added to the database
  • D. Rogue devices, each time they change location

Question #2
Comment Image Comment Image

Where should you configure MAC notification traps on a supported switch? (Choose one answer)

  • A. Configure them only on ports that generate linkup and linkdown traps.
  • B. Configure them only on uplink ports.
  • C. Configure them on all ports on the switch.
  • D. Configure them on all ports except uplink ports.

Question #3
Comment Image Comment Image

Which group type can have members added directly from the FortiNAC Control Manager? (Choose one answer)

  • A. Port
  • B. Host
  • C. Administrator
  • D. Device

Question #4
Comment Image Comment Image

Which two methods can be used to gather a list of installed applications and application details, from a host? (Choose two answers)

  • A. Application layer traffic inspection
  • B. Agent technology
  • C. MDM integration
  • D. Portal page on-boarding options

Question #5
Comment Image Comment Image

When creating a user or host profile, which three criteria can you apply? (Choose three answers)

  • A. Location
  • B. An applied access policy
  • C. Host or user group memberships
  • D. Administrative group membership
  • E. Host or user attributes

Question #6
Comment Image Comment Image

When FortiNAC passes a firewall tag to FortiGate, what determines the value that is passed? (Choose one answer)

  • A. RADIUS group attribute
  • B. Device profiling rule
  • C. Logical network
  • D. Security rule

Question #7
Comment Image Comment Image

With enforcement for network access policies and at-risk hosts enabled, what happens if a host matches a network access policy and has a state of “at risk”? (Choose one answer)

  • A. The host is isolated
  • B. The host is provisioned based on the network access policy
  • C. The host is administratively disabled
  • D. The host is provisioned based on the default access defined by the point of connection

Question #8
Comment Image Comment Image

What is the purpose of the FortiGate firewall policy that applies to clients not yet authorized by FortiNAC? (Choose one answer)

  • A. To allow access to only the production DNS server
  • B. To deny access to only the FortiNAC VPN interface
  • C. To deny access to only the production DNS server
  • D. To allow access to only the FortiNAC VPN interface

Question #9
Comment Image Comment Image

When FortiNAC is managing VPN clients connecting through FortiGate, why must the clients run a FortiNAC agent? (Choose one answer)

  • A. To meet the client security profile rule for scanning connecting clients
  • B. To transparently update the client IP address upon successful authentication
  • C. To collect user authentication details
  • D. To collect the client IP address and MAC address

Question #10
Comment Image Comment Image

Which three are components of a security rule? (Choose three answers)

  • A. Methods
  • B. User or host profile
  • C. Security String
  • D. Action
  • E. Trigger