Fortinet nse7-zta-7-2 practice test

Refer to the exhibit.

User student is not able to log in to SSL VPN.
Given the output showing a real-time debug, which statement describes the login failure?

• A. Unable to verify chain of trust for the peer certificate.
• B. CN does not match the user peer configuration.
• C. student is not part of the usergroup SSL_VPN_Users.
• D. Client certificate has expired.

Refer to the exhibits.


Which statement is true about the configuration shown in the exhibit?

• A. The domain that FortiClient is connecting to should match the domain to which the certificate is issued.
• B. If the FortiClient EMS server certificate is invalid, FortiClient connects silently.
• C. The connection from FortiClient to FortiClient EMS uses TCP and TLS 1.2.
• D. default_ZTNARoot CA signs the FortiClient certificate for the SSL connectivity to FortiClient EMS.

Refer to exhibit.

Which statement is true about the hr endpoint?

• A. The endpoint is a rogue device.
• B. The endpoint is disabled.
• C. The endpoint is unauthenticated.
• D. The endpoint has been marked at risk.

An administrator is trying to create a separate web filtering profile for off-fabric and on-fabric clients and push it to managed FortiClient devices.
Where can you enable this feature on FortiClient EMS?

• A. Endpoint policy
• B. ZTNA connection rules
• C. System settings
• D. On-fabric rule sets

Which factor is a prerequisite on FortiNAC to add a Layer 3 router to its inventory?

• A. Allow HTTPS access from the router to the FortiNAC eth0 IP address.
• B. Allow FTP access to the FortiNAC database from the router.
• C. The router responding to ping requests from the FortiNAC eth1 IP address.
• D. SNMP or CLI access to the router to carry out remote tasks.

Which statement is true about FortiClient EMS in a ZTNA deployment?

• A. Uses endpoint information to grant or deny access to the network.
• B. Provides network and user identity authentication services.
• C. Generates and installs client certificates on managed endpoints.
• D. Acts as ZTNA access proxy for managed endpoints.

Refer to the exhibit.

Based on the ZTNA logs provided, which statement is true?

• A. The Remote_User ZTNA tag has matched the ZTNA rule.
• B. An authentication scheme is configured.
• C. The external IP for ZTNA server is 10.122.0.139.
• D. Traffic is allowed by firewall policy 1.

Refer to the exhibit.

Which port group membership should you enable on FortiNAC to isolate rogue hosts?

• A. Forced Authentication
• B. Forced Registration
• C. Forced Remediation
• D. Reset Forced Registration

Which one of the supported communication methods does FortiNAC use for initial device identification during discovery?

• A. LLDP
• B. SNMP
• C. API
• D. SSH

Which three core products are mandatory in the Fortinet ZTNA solution? (Choose three.)

• A. FortiClient EMS
• B. FortiClient
• C. FortiToken
• D. FortiGate
• E. FortiAuthenticator