File Info
| Exam | Fortinet NSE 6 - FortiNAC 8.5 |
| Number | NSE6_FNC-8.5 |
| File Name | Fortinet.NSE6_FNC-8.5.NewDumps.2021-07-01.30q.vcex |
| Size | 149 KB |
| Posted | Jul 01, 2021 |
| Download | Fortinet.NSE6_FNC-8.5.NewDumps.2021-07-01.30q.vcex |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
Which three communication methods are used by the FortiNAC to gather information from, and control,infrastructure devices? (Choose three.)
- SNMP
- RADIUS
- FTP
- CLI
- SMTP
Correct answer: ABC
Explanation:
Set up SNMP communication with FortiNAC RADIUS Server that is used by FortiNAC to communicate FortiNAC can be configured via CLI to use HTTP or HTTPS for OS updates instead of FTP. Reference: https://docs.fortinet.com/document/fortinac/8.3.0/administration-guide/28966/snmphttps://docs.fortinet.com/document/fortinac/8.8.0/administration-guide/938271/configure-radius-settingshttps://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/e7ebbdaa-cabf-11ea-8b7d-00505692583a/FortiNAC_Deployment_Guide.pdf Set up SNMP communication with FortiNAC
RADIUS Server that is used by FortiNAC to communicate
FortiNAC can be configured via CLI to use HTTP or HTTPS for OS updates instead of FTP.
Reference: https://docs.fortinet.com/document/fortinac/8.3.0/administration-guide/28966/snmp
https://docs.fortinet.com/document/fortinac/8.8.0/administration-guide/938271/configure-radius-settings
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/e7ebbdaa-cabf-11ea-8b7d-00505692583a/FortiNAC_Deployment_Guide.pdf
Question 2
Which three circumstances trigger Layer 2 polling of infrastructure devices? (Choose three.)
- A matched security policy
- Scheduled poll timings
- Linkup and Linkdown traps
- Manual polling
- A failed Layer 3 poll
Correct answer: BCD
Question 3
How should you configure MAC notification traps on a supported switch?
- Configure them only on ports set as 802.1q trunks
- Configure them on all ports except uplink ports
- Configure them on all ports on the switch
- Configure them only after you configure linkup and linkdown traps
Correct answer: B
Explanation:
Configure SNMP MAC Notification traps on all access ports (do not include uplinks). Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/be7fcde9-9685-11e9-81a4-00505692583a/Configuring_Traps_for_MAC_Notification.pdf Configure SNMP MAC Notification traps on all access ports (do not include uplinks).
Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/be7fcde9-9685-11e9-81a4-00505692583a/Configuring_Traps_for_MAC_Notification.pdf
Question 4
Which connecting endpoints are evaluated against all enabled device profiling rules?
- Known trusted devices each time they change location
- Rogues devices, each time they connect
- Rogues devices, only when they connect for the first time
- All hosts, each time they connect
Correct answer: A
Explanation:
FortiNAC process to classify rogue devices and create an organized inventory of known trusted registered devices. Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/9529d49c-892c-11e9-81a4-00505692583a/FortiNAC_Device_Profiler_Configuration.pdf FortiNAC process to classify rogue devices and create an organized inventory of known trusted registered devices.
Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/9529d49c-892c-11e9-81a4-00505692583a/FortiNAC_Device_Profiler_Configuration.pdf
Question 5
What agent is required in order to detect an added USB drive?
- Mobile
- Passive
- Dissolvable
- Persistent
Correct answer: D
Explanation:
Expand the Persistent Agent folder. Select USB Detection from the tree. Reference: https://docs.fortinet.com/document/fortinac/8.5.2/administration-guide/814147/usb-detection Expand the Persistent Agent folder. Select USB Detection from the tree.
Reference: https://docs.fortinet.com/document/fortinac/8.5.2/administration-guide/814147/usb-detection
Question 6
Which two of the following are required for endpoint compliance monitors? (Choose two.)
- Logged on user
- Security rule
- Persistent agent
- Custom scan
Correct answer: BD
Explanation:
DirectDefense’s analysis of FireEye Endpoint attests that the products help meet the HIPAA Security Rule. In the menu on the left click the + sign next to Endpoint Compliance to open it. Reference: https://www.fireeye.com/content/dam/fireeye-www/products/pdfs/cg-pci-and-hipaa-compliances.pdf https://docs.fortinet.com/document/fortinac/8.5.2/administration-guide/92047/add-or-modify-a-scan DirectDefense’s analysis of FireEye Endpoint attests that the products help meet the HIPAA Security Rule.
In the menu on the left click the + sign next to Endpoint Compliance to open it.
Reference: https://www.fireeye.com/content/dam/fireeye-www/products/pdfs/cg-pci-and-hipaa-compliances.pdf
https://docs.fortinet.com/document/fortinac/8.5.2/administration-guide/92047/add-or-modify-a-scan
Question 7
By default, if more than 20 hosts are seen connected on a single port simultaneously, what will happen to the port?
- The port is added to the Forced Registration group.
- The port is disabled.
- The port is switched into the Dead-End VLAN.
- The port becomes a threshold uplink.
Correct answer: B
Question 8
In a wireless integration, how does FortiNAC obtain connecting MAC address information?
- Link traps
- End station traffic monitoring
- MAC notification traps
- RADIUS
Correct answer: D
Explanation:
Intelligent Access Points (IAPs) and controllers support two methods of RADIUS based authentication:RADIUS MAC authentication and 802.1x authentication. Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/9019f7f8-200d-11e9-b6f6-f8bc1258b856/FortiNAC_Wireless_Integration_Overview.pdf Intelligent Access Points (IAPs) and controllers support two methods of RADIUS based authentication:
RADIUS MAC authentication and 802.1x authentication.
Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/9019f7f8-200d-11e9-b6f6-f8bc1258b856/FortiNAC_Wireless_Integration_Overview.pdf
Question 9
Which system group will force at-risk hosts into the quarantine network, based on point of connection?
- Forced Quarantine
- Forced Remediation
- Forced Isolation
- Physical Address Filtering
Correct answer: B
Explanation:
A remediation plan is established, including a forensic analysis and a reload of the system. Also, users are forced to change their passwords as the system held local user accounts. Reference: https://oit.rice.edu/quarantining-process-used-it-staff-members-introduction A remediation plan is established, including a forensic analysis and a reload of the system. Also, users are forced to change their passwords as the system held local user accounts.
Reference: https://oit.rice.edu/quarantining-process-used-it-staff-members-introduction
Question 10
During the on-boarding process through the captive portal, why would a host that successfully registered remain stuck in the Registration VLAN? (Choose two.)
- The wrong agent is installed.
- Bridging is enabled on the host.
- There is another unregistered host on the same port.
- The ports default VLAN is the same as the Registration VLAN.
Correct answer: AD
Explanation:
Scenario 4: NAT detection disabled, using endpoint compliance policy and agent.Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/868f1267-7299-11e9-81a4-00505692583a/fortinac-admin-operation-85.pdf Scenario 4: NAT detection disabled, using endpoint compliance policy and agent.
Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/868f1267-7299-11e9-81a4-00505692583a/fortinac-admin-operation-85.pdf
