Download Fortinet NSE 7 - Secure Access 6.2.NSE7_SAC-6.2.VCEplus.2020-10-16.30q.vcex

Vendor: Fortinet
Exam Code: NSE7_SAC-6.2
Exam Name: Fortinet NSE 7 - Secure Access 6.2
Date: Oct 16, 2020
File Size: 4 MB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
Which step can be taken to ensure that only FortiAP devices receive IP addresses from a DHCP server on FortiGate?
  1. Change the interface addressing mode to FortiAP devices.
  2. Create a reservation list in the DHCP server settings.
  3. Configure a VCI string value of FortiAP in the DHCP server settings.
  4. Use DHCP option 138 to assign IPs to FortiAP devices.
Correct answer: C
Question 2
Refer to the exhibit.
 
In the WTP profile configuration shown in the exhibit, the AP profile is assigned to two FAP-320 APs that are installed in an open plan office.
  • The first AP has 32 clients associated to the 5GHz radios and 22 clients associated to the 2.4GHz radio. 
  • The second AP has 12 clients associated to the 5GHz radios and 20 clients associated to the 2.4GHz radio.
A dual band-capable client enters the office near the first AP and the first AP measures the new client at −33 dBm signal strength. The second AP measures the new client at −43 dBm signal strength.
In the new client attempts to connect to the corporate wireless network, to which AP radio will the client be associated?
  1. The second AP 5GHz interface.
  2. The first AP 2.4GHz interface.
  3. The first AP 5GHz interface.
  4. The second AP 2.4GHz interface.
Correct answer: A
Question 3
Which two EAP methods can use MSCHAPV2 for client authentication? (Choose two.)
  1. PEAP
  2. EAP-TTLS
  3. EAP-TLS
  4. EAP-GTC
Correct answer: AC
Explanation:
Reference: https://help.fortinet.com/fauth/3-3/Content/FortiAuthenticator%203_3%20Admin%20Guide/500/501_EAP.htm
Reference: https://help.fortinet.com/fauth/3-3/Content/FortiAuthenticator%203_3%20Admin%20Guide/500/501_EAP.htm
Question 4
Which two statements about the use of digital certificates are true? (Choose two.)
  1. An intermediate CA can sign server certificates.
  2. An intermediate CA can sign another intermediate CA certificate.
  3. The end entity's certificate can only be created by an intermediate CA.
  4. An intermediate CA can validate the end entity certificate signed by another intermediate CA.
Correct answer: BD
Question 5
802.1X port authentication is enabled on only those ports that the FortiSwitch security policy is assigned to.
Which configurable items are available when you configure the security policy on FortiSwitch? (Choose two.)
  1. FSSO groups
  2. Security mode
  3. User groups
  4. Default guest group
Correct answer: BC
Question 6
A wireless network in a school provides guest access using a captive portal to allow unregistered users to self-register and access the network. The administrator is requested to update the existing configuration to provide captive portal authentication through a secure connection (HTTPS) to protect and encrypt guest user credentials after they receive the login information when registered for the first time. Which two changes must the administrator make to enforce HTTPS authentication? (Choose two.)
  1. Provide instructions to users to use HTTPS to access the network.
  2. Create a new SSID with the HTTPS captive portal URL.
  3. Enable Redirect HTTP Challenge to a Secure Channel (HTTPS) in the user authentication settings 
  4. Update the captive portal URL to use HTTPS on FortiGate and FortiAuthenticator
Correct answer: BD
Question 7
An administrator is deploying APs that are connecting over an IPsec network. All APs have been configured to connect to FortiGate manually. FortiGate can discover the APs and authorize them. However, FortiGate is unable to establish CAPWAP tunnels to manage the APs.
Which configuration setting can the administrator perform to resolve the problem?
  1. Decrease the CAPWAP tunnel MTU size for APs to prevent fragmentation.
  2. Enable CAPWAP administrative access on the IPsec interface.
  3. Upgrade the FortiAP firmware image to ensure compatibility with the FortiOS version.
  4. Assign a custom AP profile for the remote APs with the set mpls-connection option enabled.
Correct answer: B
Question 8
Refer to the exhibit. 
 
A host machine connected to port2 on FortiSwitch cannot connect to the network. All ports on FortiSwitch are assigned a security policy to enforce 802.1X port authentication. While troubleshooting the issue, the administrator runs the debug command and obtains the output shown in the exhibit.
Which two scenarios are the likely cause of this issue? (Choose two.)
  1. The host machine is not configured for 802.1X port authentication.
  2. The host machine does not support 802. 1X authentication.
  3. The host machine is quarantined due to a security incident.
  4. The host machine is configured with wrong VLAN ID.
Correct answer: AB
Explanation:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD46428
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD46428
Question 9
What action does FortiSwitch take when it receives a loop guard data packet (LGDP) that was sent by itself?
  1. The receiving port is shut down.
  2. The sending port is shut down
  3. The receiving port is moved to the STP blocking state.
  4. The sending port is moved to the STP blocking state
Correct answer: B
Explanation:
Reference: https://www.scribd.com/document/468940309/Secure-Access-6-0-Study-Guide-Online-pdf
Reference: https://www.scribd.com/document/468940309/Secure-Access-6-0-Study-Guide-Online-pdf
Question 10
Default VLANs are created on FortiGate when the FortiLink interface is created.
By default, which VLAN is set as Allowed VLANs on all FortiSwitch ports? 
  1. Sniffer VLAN
  2. Camera VLAN
  3. Quarantine VLAN
  4. Voice VLAN
Correct answer: A
Question 11
Which step can be taken to ensure that only FortiAP devices receive IP addresses from a DHCP server on FortiGate?
  1. Change the interface addressing mode to FortiAP devices.
  2. Create a reservation list in the DHCP server settings.
  3. Configure a VCI string value of FortiAP in the DHCP server settings.
  4. Use DHCP option 138 to assign IPs to FortiAP devices.
Correct answer: C
Question 12
Refer to the exhibit.
 
In the WTP profile configuration shown in the exhibit, the AP profile is assigned to two FAP-320 APs that are installed in an open plan office.
  • The first AP has 32 clients associated to the 5GHz radios and 22 clients associated to the 2.4GHz radio. 
  • The second AP has 12 clients associated to the 5GHz radios and 20 clients associated to the 2.4GHz radio.
A dual band-capable client enters the office near the first AP and the first AP measures the new client at −33 dBm signal strength. The second AP measures the new client at −43 dBm signal strength.
In the new client attempts to connect to the corporate wireless network, to which AP radio will the client be associated?
  1. The second AP 5GHz interface.
  2. The first AP 2.4GHz interface.
  3. The first AP 5GHz interface.
  4. The second AP 2.4GHz interface.
Correct answer: A
Question 13
Which two EAP methods can use MSCHAPV2 for client authentication? (Choose two.)
  1. PEAP
  2. EAP-TTLS
  3. EAP-TLS
  4. EAP-GTC
Correct answer: AC
Explanation:
Reference: https://help.fortinet.com/fauth/3-3/Content/FortiAuthenticator%203_3%20Admin%20Guide/500/501_EAP.htm
Reference: https://help.fortinet.com/fauth/3-3/Content/FortiAuthenticator%203_3%20Admin%20Guide/500/501_EAP.htm
Question 14
Which two statements about the use of digital certificates are true? (Choose two.)
  1. An intermediate CA can sign server certificates.
  2. An intermediate CA can sign another intermediate CA certificate.
  3. The end entity's certificate can only be created by an intermediate CA.
  4. An intermediate CA can validate the end entity certificate signed by another intermediate CA.
Correct answer: BD
Question 15
802.1X port authentication is enabled on only those ports that the FortiSwitch security policy is assigned to.
Which configurable items are available when you configure the security policy on FortiSwitch? (Choose two.)
  1. FSSO groups
  2. Security mode
  3. User groups
  4. Default guest group
Correct answer: BC
Question 16
A wireless network in a school provides guest access using a captive portal to allow unregistered users to self-register and access the network. The administrator is requested to update the existing configuration to provide captive portal authentication through a secure connection (HTTPS) to protect and encrypt guest user credentials after they receive the login information when registered for the first time. Which two changes must the administrator make to enforce HTTPS authentication? (Choose two.)
  1. Provide instructions to users to use HTTPS to access the network.
  2. Create a new SSID with the HTTPS captive portal URL.
  3. Enable Redirect HTTP Challenge to a Secure Channel (HTTPS) in the user authentication settings 
  4. Update the captive portal URL to use HTTPS on FortiGate and FortiAuthenticator
Correct answer: BD
Question 17
An administrator is deploying APs that are connecting over an IPsec network. All APs have been configured to connect to FortiGate manually. FortiGate can discover the APs and authorize them. However, FortiGate is unable to establish CAPWAP tunnels to manage the APs.
Which configuration setting can the administrator perform to resolve the problem?
  1. Decrease the CAPWAP tunnel MTU size for APs to prevent fragmentation.
  2. Enable CAPWAP administrative access on the IPsec interface.
  3. Upgrade the FortiAP firmware image to ensure compatibility with the FortiOS version.
  4. Assign a custom AP profile for the remote APs with the set mpls-connection option enabled.
Correct answer: B
Question 18
Refer to the exhibit. 
 
A host machine connected to port2 on FortiSwitch cannot connect to the network. All ports on FortiSwitch are assigned a security policy to enforce 802.1X port authentication. While troubleshooting the issue, the administrator runs the debug command and obtains the output shown in the exhibit.
Which two scenarios are the likely cause of this issue? (Choose two.)
  1. The host machine is not configured for 802.1X port authentication.
  2. The host machine does not support 802. 1X authentication.
  3. The host machine is quarantined due to a security incident.
  4. The host machine is configured with wrong VLAN ID.
Correct answer: AB
Explanation:
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD46428
Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD46428
Question 19
What action does FortiSwitch take when it receives a loop guard data packet (LGDP) that was sent by itself?
  1. The receiving port is shut down.
  2. The sending port is shut down
  3. The receiving port is moved to the STP blocking state.
  4. The sending port is moved to the STP blocking state
Correct answer: B
Explanation:
Reference: https://www.scribd.com/document/468940309/Secure-Access-6-0-Study-Guide-Online-pdf
Reference: https://www.scribd.com/document/468940309/Secure-Access-6-0-Study-Guide-Online-pdf
Question 20
Default VLANs are created on FortiGate when the FortiLink interface is created.
By default, which VLAN is set as Allowed VLANs on all FortiSwitch ports? 
  1. Sniffer VLAN
  2. Camera VLAN
  3. Quarantine VLAN
  4. Voice VLAN
Correct answer: A
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!