Page: 1
/ 3
Total 37 questions
An administrator is testing the connectivity for a new VLAN. The devices in the VLAN are connected to a FortiSwitch device that is managed by FortiGate. Quarantine is disabled on FortiGate.
While testing, the administrator noticed that devices can ping FortiGate and FortiGate can ping the devices. The administrator also noticed that inter-VLAN communication works. However, intra-VLAN communication does not work.
Which scenario is likely to cause this issue?
- A. The native VLAN configured on the ports is incorrect.
- B. The FortiSwitch MAC address table is missing entries.
- C. The FortiGate ARP table is missing entries.
- D. Access VLAN is enabled on the VLAN.
Answer : D
Refer to the exhibit.
By default, FortiOS creates the following DHCP server scope for the FortiLink interface as shown in the exhibit.
What is the objective of the vci-string setting?
- A. To ignore DHCP requests coming from FortiSwitch and FortiExtender devices
- B. To reserve IP addresses for FortiSwitch and FortiExtender devices
- C. To restrict the IP address assignment to FortiSwitch and FortiExtender devices
- D. To restrict the IP address assignment to devices that have FortiSwitch or FortiExtender as their hostname
Answer : C
An administrator has configured an SSID in bridge mode for corporate employees. All APs are online and provisioned using default AP profiles. Employees are unable to locate the SSID to connect.
Which two configurations can the administrator verify? (Choose two.)
- A. Verify that the broadcast SSID option is enabled in the SSID configuration.
- B. Verify that the Block Intra-SSID Traffic (Intra-vap-privacy) option in the SSID configuration is disabled.
- C. Verify that the SSID to an AP group that should be broadcasting the SSID is applied.
- D. Verify that the SSID is manually applied on AP profiles for both 2.4 GHz and 5 GHz radios.
Answer : AC
What is the purpose of enabling Windows Active Directory Domain Authentication on FortiAuthenticator?
- A. It enables FortiAuthenticator to use Windows administrator credentials to perform an LDAP lookup for a user search.
- B. It enables FortiAuthenticator to use a Windows CA certificate when authenticating RADIUS users.
- C. It enables FortiAuthenticator to import users from Windows AD.
- D. It enables FortiAuthenticator to register itself as a Windows trusted device to proxy authentication using Kerberos.
Answer : D
Refer to the exhibit.
Examine the LDAP server configuration shown in the exhibit. Note that the Username setting has been expanded to display its full content.
On the Windows AD server 10.0.1.10, the administrator used dsquery, which returned the following output:
>dsquery user -samid student
"CN=student,CN=Users,DC=trainingAD,DC=training,DC=lab"
According to the output, which FortiGate LDAP setting is configured incorrectly?
- A. Common Name Identifier
- B. Bind Type
- C. Distinguished Name
- D. Username
Answer : C
Refer to the exhibit.
Examine the FortiGate configuration, FortiAnalyzer logs, and FortiGate widget shown in the exhibit.
An administrator is testing the Security Fabric quarantine automation. The administrator added FortiAnalyzer to the Security Fabric, and configured an automation stitch to automatically quarantine compromised devices. The test device (10.0.2.1) is connected to a managed FortiSwitch device.
After trying to access a malicious website from the test device, the administrator verifies that FortiAnalyzer has a log for the test connection. However, the device is not getting quarantined by FortiGate, as shown in the quarantine widget.
Which two scenarios are likely to cause this issue? (Choose two.)
- A. The web filtering rating service is not working.
- B. FortiAnalyzer does not have a valid threat detection services license.
- C. The device does not have FortiClient installed.
- D. FortiAnalyzer does not consider the malicious website an indicator of compromise (IOC).
Answer : BD
Refer to the exhibits.
Examine the troubleshooting outputs shown in the exhibits.
Users have been reporting issues with the speed of their wireless connection in a particular part of the wireless network. The interface that is having issues is the 2.4 GHz interface that is currently configured on channel 6.
The administrator of the wireless network has investigated and surveyed the local RF environment using the tools available at the AP and FortiGate.
Which configuration would improve the wireless connection?
- A. Change the AP 2.4 GHz channel to 11
- B. Change the AP 2.4 GHz channel to 1
- C. Change the AP 2.4 GHz channel to 9.
- D. Change the AP 2.4 GHz channel to 13.
Answer : B
Refer to the exhibit.
Examine the debug output shown in the exhibit.
Which two statements about the RADIUS debug output are true? (Choose two.)
- A. The user student belongs to the SSLVPN group.
- B. User authentication failed.
- C. The RADIUS server sent a vendor-specific attribute in the RADIUS response.
- D. User authentication succeeded using MSCHAP.
Answer : AC
Which two statements about FortiSwitch manager are true? (Choose two.)
- A. Per-device management is the default management mode on FortiManager.
- B. FortiManager obtains the FortiSwitch status information by querying the FortiGate REST API every three minutes.
- C. If the administrator makes any changes on FortiSwitch manager, they must also install those changes on FortiGate so that those changes are applied on the managed switches.
- D. Any switch discovered or authorized on FortiGate must be added manually on FortiSwitch manager.
Answer : AC
Which two statements about MAC address quarantine by redirect mode are true? (Choose two.)
- A. The quarantined device is moved to the quarantine VLAN.
- B. The device MAC address is added to the QuarantinedDevices firewall address group.
- C. It is the default mode for MAC address quarantine.
- D. The quarantined device is kept in the current VLAN.
Answer : BD
Refer to the exhibit.
Examine the FortiSwitch security policy shown in the exhibit.
If the security profile shown in the exhibit is assigned to all ports on a FortiSwitch device for 802.1X authentication, which statement about the switch is correct?
- A. FortiSwitch cannot authenticate multiple devices connected to the same port.
- B. FortiSwitch will try to authenticate non-802.1X devices using the device MAC address as the username and password.
- C. FortiSwitch will assign non-802.1X devices to the onboarding VLAN.
- D. All EAP messages will be terminated on FortiSwitch.
Answer : C
You are configuring a FortiGate wireless network to support automated wireless client quarantine using IOC.
Which two configurations must you put in place for a wireless client to be quarantined successfully? (Choose two.)
- A. Configure the wireless network to be in tunnel mode.
- B. Configure the FortiGate device in the Security Fabric with a FortiAnalyzer device.
- C. Configure a firewall policy to allow communication.
- D. Configure the wireless network to be in bridge mode.
Answer : BC
Refer to the exhibit.
Examine the RADIUS server configuration shown in the exhibit.
An administrator has configured a RADIUS server on FortiGate that points to FortiAuthenticator. FortiAuthenticator is acting as an authentication proxy and is configured to relay all authentication requests to a remote Windows AD server using LDAP.
While testing the configuration, the administrator noticed that the diagnose test authserver command worked with PAP; however, authentication requests failed when using MSCHAP2.
Which two solutions can the administrator implement to get MSCHAP2 authentication to work? (Choose two.)
- A. On FortiAuthenticator, enable Windows Active Directory Domain Authentication to add FortiAuthenticator to the Windows domain.
- B. On FortiGate, configure the NAS IP setting on the RADIUS server.
- C. On FortiAuthenticator, change the back-end authentication server from LDAP to RADIUS.
- D. On FortiGate, update the Secret setting on the RADIUS server.
Answer : AB
Where can FortiGate learn the FortiManager IP address or FQDN for zero-touch provisioning?
- A. From an LDAP server using a simple bind operation
- B. From a TFTP server
- C. From a DHCP server using options 240 and 241
- D. From a DNS server using A or AAAA records
Answer : C
Which FortiSwitch VLANs are automatically created on FortiGate when the first FortiSwitch device is discovered?
- A. default, quarantine, rspan, voice, video, onboarding, and nac_segment
- B. access, quarantine, rspan, voice, video, and onboarding
- C. default, quarantine, rspan, voice, video, and nac_segment
- D. fortilink, quarantine, erspan, voice, video, and onboarding
Answer : D
30 days access 