Fortinet nse7-zta-7-2 practice test

What happens when FortiClient EMS is configured as an MDM connector on FortiNAC?

• A. FortiNAC sends the host data to FortiClient EMS to update its host database.
• B. FortiClient EMS verifies with FortiNAC that the device is registered.
• C. FortiNAC polls FortiClient EMS periodically to update already registered hosts in FortiNAC.
• D. FortiNAC checks for device vulnerabilities and compliance with FortiClient.

Which configuration is required for FortiNAC to perform an automated incident response based on the FortiGate traffic?

• A. FortiNAC should be added as a participant in the Security Fabric.
• B. FortiNAC requires read-write SNMP access to FortiGate.
• C. FortiNAC should be configured as a syslog server on FortiGate.
• D. FortiNAC requires HTTPS access to FortiGate for API calls.

An administrator wants to prevent direct host-to-host communication at layer 2 and use only FortiGate to inspect all the VLAN traffic.
What three things must the administrator configure on FortiGate to allow traffic between the hosts? (Choose three.)

• A. Block intra-VLAN traffic in the VLAN interface settings.
• B. Add the VLAN interface to a software switch.
• C. Configure static routes to allow subnets.
• D. Configure a firewall policy to allow the desired traffic between hosts.
• E. Configure proxy ARP to allow traffic.

Which statement is true about FortiClient EMS in a ZTNA deployment?

• A. Uses endpoint information to grant or deny access to the network.
• B. Provides network and user identity authentication services.
• C. Generates and installs client certificates on managed endpoints.
• D. Acts as ZTNA access proxy for managed endpoints.

Refer to the exhibit.

User student is not able to log in to SSL VPN.
Given the output showing a real-time debug, which statement describes the login failure?

• A. Unable to verify chain of trust for the peer certificate.
• B. CN does not match the user peer configuration.
• C. student is not part of the usergroup SSL_VPN_Users.
• D. Client certificate has expired.

Refer to the exhibit.

Which two statements are true about the hr endpoint? (Choose two.)

• A. The endpoint application inventory could not be retrieved.
• B. The endpoint is marked as a rogue device.
• C. The endpoint has failed the compliance scan.
• D. The endpoint will be moved to the remediation VLAN.

FortiNAC has alarm mappings configured for MDM compliance failure, and FortiClient EMS is added as an MDM connector.
When an endpoint is quarantined by FortiClient EMS, what action does FortiNAC perform?

• A. The host is isolated in the registration VLAN.
• B. The host is marked at risk.
• C. The host is forced to authenticate again.
• D. The host is disabled.

What are two functions of NGFW in a ZTA deployment? (Choose two.)

• A. Acts as segmentation gateway
• B. Endpoint vulnerability management
• C. Device discovery and profiling
• D. Packet Inspection

Refer to the exhibit.

Based on the ZTNA logs provided, which statement is true?

• A. The Remote_User ZTNA tag has matched the ZTNA rule.
• B. An authentication scheme is configured.
• C. The external IP for ZTNA server is 10.122.0.139.
• D. Traffic is allowed by firewall policy 1.

In which FortiNAC configuration stage do you define endpoint compliance?

• A. Device onboarding
• B. Management configuration
• C. Policy configuration
• D. Network modeling