How are logical networks assigned to endpoints?
A
Explanation:
Logical networks are assigned to endpoints through device profiling rules in FortiNAC. These
networks appear in device Model Configuration views and are used for endpoint isolation based on
the endpoint’s state or status
By default, if after a successful Layer 2 poll, more than 20 endpoints are seen connected on a single
switch port simultaneously, what happens to the port?
A
Explanation:
If more than 20 endpoints are seen connected on a single switch port simultaneously after a
successful Layer 2 poll, the port is designated as an uplink. FortiNAC will ignore all physical addresses
learned on an uplink port and will not perform any control operations on it
An administrator wants the Host At Risk event to generate an alarm. What is used to achieve this
result?
C
Explanation:
To generate an alarm from a Host At Risk event, an administrative user must create an Event to
Alarm Mapping for the Vulnerability Scan Failed event. Within this alarm mapping, a host security
action must be designated to mark the host at risk
Which three communication methods are used by FortiNAC to gather information from and control,
infrastructure devices? (Choose three.)
ACE
Explanation:
FortiNAC Study Guide 7.2 | Page 11
FortiNAC uses various methods to communicate with infrastructure devices such as SNMP for
discovery and ongoing management, SSH or Telnet through the CLI for tasks related to the
infrastructure, and RADIUS for handling specific types of requests
An administrator is configuring FortiNAC to manage FortiGate VPN users. As part of the
configuration, the administrator must configure a few FortiGate firewall policies.
What is the purpose of the FortiGate firewall policy that applies to unauthorized VPN clients?
B
Which two policy types can be created on a FortiNAC Control Manager? (Choose two.)
AB
Explanation:
Network Access policies as a common type of policy in FortiNAC, used to dynamically provision
access to connecting endpoints. While Authentication is typically a policy type in network access
control systems like FortiNAC
During the on-boarding process through the captive portal, what are two reasons why a host that
successfully registered would remain stuck in the Registration VLAN? (Choose two.)
B, D
When FortiNAC is managing FortiGate VPN users, why is an endpoint compliance policy necessary?
A
In a wireless integration, what method does FortiNAC use to obtain connecting MAC address
information?
B
Explanation:
In a wireless integration, FortiNAC uses RADIUS to obtain connecting MAC address information. This
includes RADIUS requests to FortiNAC and subsequent RADIUS responses from FortiNAC to the
requesting device
Which two agents can validate endpoint compliance transparently to the end user? (Choose two.)
A, D
Explanation:
Both dissolvable and persistent agents can be used to validate endpoint compliance transparently to
the end user. The persistent agent stays resident on the endpoint and performs scheduled scans in
the background. The dissolvable agent is a run-once agent that dissolves after reporting its results,
leaving no footprint on the endpoint