NSE7_SAC-6.2 Online Practice Questions and Answers

Which step can be taken to ensure that only FortiAP devices receive IP addresses from a DHCP server on FortiGate?

A. Change the interface addressing mode to FortiAP devices.

B. Create a reservation list in the DHCP server settings.

C. Configure a VCI string value of FortiAP in the DHCP server settings.

D. Use DHCP option 138 to assign IPs to FortiAP devices.

Which two EAP methods can use MSCHAPV2 for client authentication? (Choose two.)

A. PEAP

B. EAP-TTLS

C. EAP-TLS

D. EAP-GTC

What action does FortiSwitch take when it receives a loop guard data packet (LGDP) that was sent by itself?

A. The receiving port is shut down.

B. The sending port is shut down

C. The receiving port is moved to the STP blocking state.

D. The sending port is moved to the STP blocking state

Default VLANs are created on FortiGate when the FortiLink interface is created. By default, which VLAN is set as Allowed VLANs on all FortiSwitch ports?

A. Sniffer VLAN

B. Camera VLAN

C. Quarantine VLAN

D. Voice VLAN

Refer to the exhibits.

Examine the firewall policy configuration and SSID settings.

An administrator has configured a guest wireless network on FortiGate using the external captive portal. The administrator has verified that the external captive portal URL is correct. However, wireless users are not able to see the captive portal login page.

Given the configuration shown in the exhibit and the SSID settings, which configuration change should the administrator make to fix the problem?

A. Enable the captive-portal-exemptoption in the firewall policy with the ID 11.

B. Apply a guest.portal user group in the firewall policy with the ID 11.

C. Disable the user group from the SSID configuration.

D. Include the wireless client subnet range in the Exempt Source section.

Refer to the exhibits.

Examine the VAP configuration and the WiFi zones table shown in the exhibits.

Which two statements describe FortiGate behavior regarding assignment of VLANs to wireless clients? (Choose two.)

A. FortiGate will load balance clients using VLAN 101 and VLAN 102 and assign them an IP address from the 10.0.3.0/24 subnet.

B. Clients connecting to APs in the Floor 1 group will not be able to receive an IP address.

C. All clients connecting to the Corp SSID will receive an IP address from the 10.0.3.1/24 subnet.

D. Clients connecting to APs in the Office group will be assigned an IP address from the 10.0.20.1/24 subnet.

Which CLI command should an administrator use to view the certificate validation process in real-time?

A. diagnose debug application certd -1

B. diagnose debug application fnbamd -1

C. diagnose debug application authd -1

D. diagnose debug application foauthd -1

Refer to the exhibit showing certificate values.

Wireless guest users are unable to authenticate because they are getting a certificate error while loading the captive portal login page. This URL string is the HTTPS POST URL guest wireless users see when attempting to access the network using the web browser:

https://fac.trainingad.training.com/guests/login/?loginandpost=https://auth.trainingad.training.1ab:1003/fgtauthandmagic=000a038293d1f411andusermac=b8:27:eb:d8:50:02andapmac=70:4c:a5:9d:0d:28andapip=10.10.100.2anduserip=10.0.3.1andssid=Guest03andapname=PS221ETF18000148andbssid=70:4c:a5:9d:0d:30

Which two settings are the likely causes of the issue? (Choose two.)

A. The external server FQDN is incorrect.

B. The FortiGate authentication interface address is using HTTPS.

C. The wireless user's browser is missing a CA certificate.

D. The user address is not in DDNS form.

Examine the following output from the FortiLink real-time debug.

Based on the output, what is the status of the communication between FortiGate and FortiSwitch?

A. FortiGate is unable to authorize the FortiSwitch.

B. FortiGate is unable to establish FortiLink tunnel to manage the FortiSwitch.

C. FortiGate is unable to located a previously managed FortiSwitch.

D. The FortiLink heartbeat is up.

An administrator has deployed dual band-capable wireless APs in a wireless network. Multiple 2.4 GHz wireless clients are connecting to the network, and subsequent monitoring shows that individual AP

2.4GHz interfaces are being overloaded with wireless connections. Which configuration change would best resolve the overloading issue?

A. Configure load balancing AP handoff on both the AP interfaces on all APs.

B. Configure load balancing AP handoff on only the 2.4GHz interfaces of all Aps.

C. Configure load balancing frequency handoff on both the AP interfaces.

D. Configure a client limit on the all AP 2.4GHz interfaces.