Fortinet nse6-fnc-7-2 practice test

Exam Title: Fortinet NSE 6 - FortiNAC 7.2

Last update: Feb 14 ,2026
Question 1

How are logical networks assigned to endpoints?

  • A. Through device profiling rules
  • B. Through network access policies
  • C. Through Layer 3 polling configurations
  • D. Through FortiGate IPv4 policies
Answer:

A


Explanation:
Logical networks are assigned to endpoints through device profiling rules in FortiNAC. These
networks appear in device Model Configuration views and are used for endpoint isolation based on
the endpoint’s state or status

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 2

By default, if after a successful Layer 2 poll, more than 20 endpoints are seen connected on a single
switch port simultaneously, what happens to the port?

  • A. The port becomes a threshold uplink
  • B. The port is disabled
  • C. The port is added to the Forced Registration group
  • D. The port is switched into the Dead-End VLAN
Answer:

A


Explanation:
If more than 20 endpoints are seen connected on a single switch port simultaneously after a
successful Layer 2 poll, the port is designated as an uplink. FortiNAC will ignore all physical addresses
learned on an uplink port and will not perform any control operations on it

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 3

An administrator wants the Host At Risk event to generate an alarm. What is used to achieve this
result?

  • A. A security trigger activity
  • B. A security filter
  • C. An event to alarm mapping
  • D. An event to action mapping
Answer:

C


Explanation:
To generate an alarm from a Host At Risk event, an administrative user must create an Event to
Alarm Mapping for the Vulnerability Scan Failed event. Within this alarm mapping, a host security
action must be designated to mark the host at risk

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 4

Which three communication methods are used by FortiNAC to gather information from and control,
infrastructure devices? (Choose three.)

  • A. CLI
  • B. SMTP
  • C. SNMP
  • D. FTP
  • E. RADIUS
Answer:

ACE


Explanation:
FortiNAC Study Guide 7.2 | Page 11
FortiNAC uses various methods to communicate with infrastructure devices such as SNMP for
discovery and ongoing management, SSH or Telnet through the CLI for tasks related to the
infrastructure, and RADIUS for handling specific types of requests

vote your answer:
A
B
C
D
E
A 0 B 0 C 0 D 0 E 0
Comments
Question 5

An administrator is configuring FortiNAC to manage FortiGate VPN users. As part of the
configuration, the administrator must configure a few FortiGate firewall policies.
What is the purpose of the FortiGate firewall policy that applies to unauthorized VPN clients?

  • A. To deny access to only the production DNS server
  • B. To allow access to only the FortiNAC VPN interface
  • C. To allow access to only the production DNS server
  • D. To deny access to only the FortiNAC VPN interface
Answer:

B


vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 6

Which two policy types can be created on a FortiNAC Control Manager? (Choose two.)

  • A. Authentication
  • B. Network Access
  • C. Endpoint Compliance
  • D. Supplicant EasvConnect
Answer:

AB


Explanation:
Network Access policies as a common type of policy in FortiNAC, used to dynamically provision
access to connecting endpoints. While Authentication is typically a policy type in network access
control systems like FortiNAC

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 7

During the on-boarding process through the captive portal, what are two reasons why a host that
successfully registered would remain stuck in the Registration VLAN? (Choose two.)

  • A. The wrong agent is installed.
  • B. The port default VLAN is the same as the Registration VLAN.
  • C. Bridging is enabled on the host.
  • D. There is another unregistered host on the same port.
Answer:

B, D


vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 8

When FortiNAC is managing FortiGate VPN users, why is an endpoint compliance policy necessary?

  • A. To confirm installed security software
  • B. To validate the VPN user credentials
  • C. To designate the required agent type
  • D. To validate the VPN client being used
Answer:

A


vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Question 9

In a wireless integration, what method does FortiNAC use to obtain connecting MAC address
information?

  • A. SNMP traps
  • B. RADIUS
  • C. Endstation traffic monitoring D Link traps
Answer:

B


Explanation:
In a wireless integration, FortiNAC uses RADIUS to obtain connecting MAC address information. This
includes RADIUS requests to FortiNAC and subsequent RADIUS responses from FortiNAC to the
requesting device​

vote your answer:
A
B
C
A 0 B 0 C 0
Comments
Question 10

Which two agents can validate endpoint compliance transparently to the end user? (Choose two.)

  • A. Dissolvable
  • B. Mobile
  • C. Passive
  • D. Persistent
Answer:

A, D


Explanation:
Both dissolvable and persistent agents can be used to validate endpoint compliance transparently to
the end user. The persistent agent stays resident on the endpoint and performs scheduled scans in
the background. The dissolvable agent is a run-once agent that dissolves after reporting its results,
leaving no footprint on the endpoint

vote your answer:
A
B
C
D
A 0 B 0 C 0 D 0
Comments
Page 1 out of 5
Viewing questions 1-10 out of 57
Go To
page 2