NSE7_SAC-6.2 Online Practice Questions and Answers

Refer to the exhibit.

In the WTP profile configuration shown in the exhibit, the AP profile is assigned to two FAP-320 APs that are installed in an open plan office.

1.

The first AP has 32 clients associated to the 5GHz radios and 22 clients associated to the 2.4GHz

radio.

2.

The second AP has 12 clients associated to the 5GHz radios and 20 clients associated to the 2.4GHz radio.

A dual band-capable client enters the office near the first AP and the first AP measures the new client at −33 dBm signal strength. The second AP measures the new client at −43 dBm signal strength.

In the new client attempts to connect to the corporate wireless network, to which AP radio will the client be associated?

A. The second AP 5GHz interface.

B. The first AP 2.4GHz interface.

C. The first AP 5GHz interface.

D. The second AP 2.4GHz interface.

Which two EAP methods can use MSCHAPV2 for client authentication? (Choose two.)

A. PEAP

B. EAP-TTLS

C. EAP-TLS

D. EAP-GTC

Which two statements about the use of digital certificates are true? (Choose two.)

A. An intermediate CA can sign server certificates.

B. An intermediate CA can sign another intermediate CA certificate.

C. The end entity's certificate can only be created by an intermediate CA.

D. An intermediate CA can validate the end entity certificate signed by another intermediate CA.

Refer to the exhibit.

A host machine connected to port2 on FortiSwitch cannot connect to the network. All ports on FortiSwitch are assigned a security policy to enforce 802.1X port authentication. While troubleshooting the issue, the administrator runs the debug command and obtains the output shown in the exhibit.

Which two scenarios are the likely cause of this issue? (Choose two.)

A. The host machine is not configured for 802.1X port authentication.

B. The host machine does not support 802. 1X authentication.

C. The host machine is quarantined due to a security incident.

D. The host machine is configured with wrong VLAN ID.

Default VLANs are created on FortiGate when the FortiLink interface is created. By default, which VLAN is set as Allowed VLANs on all FortiSwitch ports?

A. Sniffer VLAN

B. Camera VLAN

C. Quarantine VLAN

D. Voice VLAN

Which statement correctly describes the quest portal behavior on FortiAuthenticator?

A. Sponsored accounts cannot authenticate using guest portals.

B. FortiAuthenticator uses POST parameters and a RADIUS client configuration to map the request to a guest portal for authentication.

C. All guest accounts must be activated using SMS or email activation codes.

D. All self-registered and sponsored accounts are listed on the local Users GUI page on FortiAuthenticator.

Refer to the exhibit.

Examine the packet capture shown in the exhibit, which contains a RADIUS access request packet sent by FortiSwitch to a RADIUS server.

Why does the User-Name field in the RADIUS access request packet contain a MAC address?

A. The FortiSwitch interface is configured for 802.1X port authentication with MAC address bypass, and the connected device does not support 802.1X.

B. FortiSwitch authenticates itself using its MAC address as the user name.

C. The connected device is doing machine authentication.

D. FortiSwitch is replying to an access challenge packet sent by the RADIUS server and requesting the client MAC address.

Refer to the exhibit.

Given the network topology shown in the exhibit, which two ports should be configured as untrusted DHCP ports? (Choose two.)

A. FortiSwitch A, port2

B. FortiSwitch A, port1

C. FortiSwitch B, port1

D. FortiSwitch B, port2

An administrator has deployed dual band-capable wireless APs in a wireless network. Multiple 2.4 GHz wireless clients are connecting to the network, and subsequent monitoring shows that individual AP

2.4GHz interfaces are being overloaded with wireless connections. Which configuration change would best resolve the overloading issue?

A. Configure load balancing AP handoff on both the AP interfaces on all APs.

B. Configure load balancing AP handoff on only the 2.4GHz interfaces of all Aps.

C. Configure load balancing frequency handoff on both the AP interfaces.

D. Configure a client limit on the all AP 2.4GHz interfaces.

A FortiGate has the following LDAP configuration.

On the Windows LDAP server 10.0.1.10, the administrator used dsquery, which returned the following output:

>dsquery user -samid admin*

"CN=Administrator,CN=Users,DC=trainingAD,DC=training,DC=lab"

According to the output, which FortiGate LDAP setting is configured incorrectly?

A. dn

B. sAMAccountName

C. username

D. cnid