Fortinet NSE 7 - SecureAccess 6.2

Version: Demo

[ Total Questions: 10]

Web: www.certsout.com

Email: support@certsout.com

Fortinet

NSE7_SAC-6.2

IMPORTANT NOTICE

Feedback

We have developed quality product and state-of-art service to ensure our customers interest. If you have anysuggestions, please feel free to contact us at feedback@certsout.com

Support

If you have any questions about our product, please provide the following items:

exam codescreenshot of the questionlogin id/email

please contact us at and our technical experts will provide support within 24 hours.support@certsout.com

Copyright

The product of each order has its own encryption code, so you should use it independently. Any unauthorizedchanges will inflict legal punishment. We reserve the right of final explanation for this statement.

Fortinet - NSE7_SAC-6.2Certs Exam

1 of 7Pass with Valid Exam Questions Pool

A.

B.

C.

D.

A.

B.

C.

D.

Question #:1

Which statement correctly describes the guest portal behavior on FortiAuthenticator?

Sponsored accounts cannot authenticate using guest portals.

FortiAuthenticator uses POST parameters and a RADIUS client configuration to map the request to aguest portal for authentication.

All guest accounts must be activated using SMS or email activation codes.

All self-registered and sponsored accounts are listed on the local Users GUI page on FortiAuthenticator.

Answer: A

Question #:2

Examine the sections of the configuration shown in the following output;

What action will the FortiGate take when using OCSP certificate validation?

FortiGate will reject the certificate if the OCSP server replies that the certificate is unknown.

FortiGate will use the OCSP server 10.0.1.150 even when the OCSP URL field in the user certificatecontains a different OCSP server IP address.

FortiGate will use the OCSP server 10.0.1.150 even when there is a different OCSP IP address in theocsp-override-server option under config user peer.

FortiGate will invalidate the certificate if the OSCP server is unavailable.

Answer: C

Fortinet - NSE7_SAC-6.2Certs Exam

2 of 7Pass with Valid Exam Questions Pool

A.

B.

C.

D.

A.

B.

C.

D.

A.

Question #:3

Which two EAP methods can use MSCHAP2 for client authentication? (Choose two.)

GPEAP

EAP-TTLS

EAP-TLS

EAP-GTC

Answer: C D

Explanation

https://docs.fortinet.com/document/fortiauthenticator/6.0.0/administration-guide/125951/extensible-authentication-protocol

Question #:4

Examine the following output from the FortiLink real-time debug.:

Based on the output, what is the status of the communication between FortiGate and FortiSwitch?

FortiGate is unable to authorize the FortiSwitch.

FortiGate is unable to establish FortiLmk tunnel to manage the FortiSwitch.

FortiGate is unable to located a previously managed FortiSwitch.

The FortiLink heartbeat is up.

Answer: A

Question #:5

What does DHCP snooping MAC verification do?

Drops DHCP release packets on untrusted ports

Fortinet - NSE7_SAC-6.2Certs Exam

3 of 7Pass with Valid Exam Questions Pool

B.

C.

D.

A.

B.

C.

D.

Drops DHCP packets with no relay agent information (option 82) on untrusted ports

Drops DHCP offer packets on untrusted ports

Drops DHCP packets on untrusted ports when the client hardware address does not match the sourceMAC address

Answer: C

Question #:6

802.1X port authentication is enabled on only those ports that the FortiSwitch security policy is assigned to.Which configurable items are available when you configure the security policy on FortiSwitch? (Choose two.)

FSSO groups

Security mode

User groups

Default guest group

Answer: C D

Question #:7

Refer to the exhibit.

Fortinet - NSE7_SAC-6.2Certs Exam

4 of 7Pass with Valid Exam Questions Pool

The exhibit shows a network topology and SSID settings.

FortiGate is configured to use an external captive portal. However, wireless users are not able to see thecaptive portal login page.

Fortinet - NSE7_SAC-6.2Certs Exam

5 of 7Pass with Valid Exam Questions Pool

A.

B.

C.

D.

A.

B.

C.

Which configuration change should the administrator make to fix the problem?

Create a firewall policy to allow traffic from the Guest SSID to FortiAuthenticator and Windows ADdevices.

Enable the captive-portal-exempt option in the firewall policy with the ID 10.

Remove guest.portal user group in the firewall policy.

FortiAuthenticator and WindowsAD address objects should be added as exempt sources.

Answer: C

Question #:8

Refer to the exhibit.

The exhibit shows two FortiGate devices in active-passive HA mode, including four FortiSwitch devicesconnected to a ring.

Which two configurations are required to deploy this network topology'' (Choose two.)

Configure link aggregation interfaces on the FortiLink interfaces.

Configure the trunk interfaces on the FortiSwitch devices as MCLAG-ISL.

Enable f ortilink-split-interf ace on the FortiLink interfaces.

Fortinet - NSE7_SAC-6.2Certs Exam

6 of 7Pass with Valid Exam Questions Pool

D.

A.

B.

C.

D.

A.

B.

C.

D.

Enable STP on the FortiGate interfaces.

Answer: B

Question #:9

Refer to the exhibit.

Given the network topology shown in the exhibit, which two ports should be configured as untrusted DHCPports? (Choose two.)

FortiSwitch B, port1

FortiSwitch A, port2

FortiSwitch B, port2

FortiSwitch A, port1

Answer: D

Question #:10

Which CLI command should an administrator use to view the certificate validation process in real-time?

diagnose debug application certd -1

diagnose debug application fnbamd -1

diagnose debug application authd -1

diagnose debug application foauthd -1

Fortinet - NSE7_SAC-6.2Certs Exam

7 of 7Pass with Valid Exam Questions Pool

Answer: A

About certsout.comcertsout.com was founded in 2007. We provide latest & high quality IT / Business Certification Training ExamQuestions, Study Guides, Practice Tests.

We help you pass any IT / Business Certification Exams with 100% Pass Guaranteed or Full Refund. EspeciallyCisco, CompTIA, Citrix, EMC, HP, Oracle, VMware, Juniper, Check Point, LPI, Nortel, EXIN and so on.

View list of all certification exams: All vendors

We prepare state-of-the art practice tests for certification exams. You can reach us at any of the email addresses listedbelow.

Sales: sales@certsout.comFeedback: feedback@certsout.comSupport: support@certsout.com

Any problems about IT certification or our products, You can write us back and we will get back to you within 24hours.