Where should you configure MAC notification traps on a supported switch?
- A . Configure them only after you configure linkup and linkdown traps.
- B . Configure them on all ports on the switch.
- C . Configure them only on ports set as 802 1g trunks.
- D . Configure them on all ports except uplink ports.
Where do you look to determine which network access policy, if any is being applied to a particular host?
- A . The Policy Details view for the host
- B . The Connections view
- C . The Port Properties view of the hosts port
- D . The Policy Logs view
A
Explanation:
FortiNAC p 382: "Under Network Access Settings – Policy Name – Name of the Network Access Policy that currently applies to the host."
While troubleshooting a network connectivity issue, an administrator determines that a device was being automatically provisioned to an incorrect VLAN.
Where would the administrator look to determine when and why FortiNAC made the network access change?
- A . The Event view
- B . The Admin Auditing view
- C . The Port Changes view
- D . The Connections view
Which agent can receive and display messages from FortiNAC to the end user?
- A . Dissolvable
- B . Persistent
- C . Passive
- D . MDM
When FortiNAC passes a firewall tag to FortiGate, what determines the value that is passed?
- A . Security rule
- B . Device profiling rule
- C . RADIUS group attribute
- D . Logical network
What capability do logical networks provide?
- A . Point of access-base autopopulation of device groups’
- B . Interactive topology view diagrams
- C . Application of different access values from a single access policy
- D . IVLAN -based inventory reporting
C
Explanation:
Logical Networks allow you to create fewer Network Access Policies than before. (FortiNAC – What’s new in FortiNAC 8.5)
Which two device classification options can register a device automatically and transparently to the end user? (Choose two.)
- A . Dissolvable agent
- B . DotlxAuto Registration
- C . Device importing
- D . MDM integration
- E . Captive portal
In an isolation VLAN which three services does FortiNAC supply? (Choose three.)
- A . NTP
- B . DHCP
- C . Web
- D . DNS
- E . ISMTP
Which group type can have members added directly from the FortiNAC Control Manager?
- A . Administrator
- B . Device
- C . Port
- D . Host
Which system group will force at-risk hosts into the quarantine network, based on point of connection?
- A . Physical Address Filtering
- B . Forced Quarantine
- C . Forced Isolation
- D . Forced Remediation
B
Explanation:
Forced Quarantine, study guide 7.2 pag 245 and 248
How are logical networks assigned to endpoints?
- A . Through device profiling rules
- B . Through network access policies
- C . Through Layer 3 polling configurations
- D . Through FortiGate IPv4 policies
By default, if after a successful Layer 2 poll, more than 20 endpoints are seen connected on a single switch port simultaneously, what happens to the port?
- A . The port becomes a threshold uplink
- B . The port is disabled
- C . The port is added to the Forced Registration group
- D . The port is switched into the Dead-End VLAN
An administrator wants the Host At Risk event to generate an alarm.
What is used to achieve this result?
- A . A security trigger activity
- B . A security filter
- C . An event to alarm mapping
- D . An event to action mapping
Which three communication methods are used by FortiNAC to gather information from and control, infrastructure devices? (Choose three.)
- A . CLI
- B . SMTP
- C . SNMP
- D . FTP
- E . RADIUS
ACE
Explanation:
FortiNAC Study Guide 7.2 | Page 11
An administrator is configuring FortiNAC to manage FortiGate VPN users. As part of the configuration, the administrator must configure a few FortiGate firewall policies.
What is the purpose of the FortiGate firewall policy that applies to unauthorized VPN clients?
- A . To deny access to only the production DNS server
- B . To allow access to only the FortiNAC VPN interface
- C . To allow access to only the production DNS server
- D . To deny access to only the FortiNAC VPN interface