Fortinet NSE6_FNC-7.2 Fortinet NSE 6 - FortiNAC 7.2 Exam Practice Test

In general, for network switches supporting MAC notification traps, it's advisable to configure these traps on all ports except uplink ports. Uplink ports are used for connecting to other switches or network infrastructure devices and typically don't need MAC notification traps, which are more relevant for end-device connectivity monitoring.

The study guide specifies that MAC notification traps should not be configured on interfaces that are uplinks. They are the preferred method for learning and updating Layer 2 information and should be used whenever available, but not on uplink interfaces​​.

In a wireless integration, FortiNAC uses RADIUS to obtain connecting MAC address information. This includes RADIUS requests to FortiNAC and subsequent RADIUS responses from FortiNAC to the requesting device​

Looking at the provided exhibit which shows the Modify User/Host Profile window, the following must be true for a host to match the user/host profile:

The host must be connected to a port within the "Building 1 First Floor Ports" group.

The host must fulfill at least one of the following attributes:

Have a role value of "Contractor"

Have an installed persistent agent with the security and access value of "Contractor"

The host must be connected between the specified times of 6 AM and 5 PM on any day of the week.

The profile specifies that the host can match the profile by having any one of the listed attributes (Role as Contractor, Persistent Agent installed with specific security & access value), and the time condition must also be met. Therefore, the correct answer is D, which includes "or" conditions for the role value and persistent agent and specifies the correct time frame.

Components of a security rule in FortiNAC include:

Trigger: The condition or event that initiates the evaluation of the rule.

User or Host Profile: A requirement that can be added to a rule to specify the user or host profile that must be matched.

Action: The activities or responses that FortiNAC performs when the rule is matched​​.

References

FortiNAC 7.2 Study Guide, page 419

The exhibit shows a configuration panel where VLAN IDs are specified for different states, such as Default, Registration, and Authentication. When forcing the registration of unknown (rogue) hosts, if an unknown host connects to a port on the switch, the FortiNAC system will move the host to the VLAN designated for Registration. In the exhibit, the VLAN ID for Registration is set to 111, hence the host would be moved to VLAN 111 to undergo the registration process.

Forced Quarantine, study guide 7.2 pag 245 and 248

In systems like FortiNAC, when a port is designated to be in multiple enforcement groups, it is common for only the higher-priority or higher-ranked group's policies to be applied. This is to prevent conflicting enforcement actions from being attempted on the same port. Although the specific details of the priority or ranking system are not provided in the extracted references, the principle of hierarchical policy enforcement suggests that only the policies of the higher-ranked group would be applied to the port.

References

FortiNAC documentation would typically outline this behavior in sections discussing port group enforcement or policy application.

https://training.fortinet.com/pluginfile.php/1912463/mod_resource/content/26/FortiNAC_7.2_Study_Guide-Online.pdf C. Page 327 - moved to the quarantine isolation network

Expand the Persistent Agent folder. Select USB Detection from the tree.

The FortiNAC 7.2 Study Guide does not explicitly mention Dot1x Auto Registration and MDM integration as the specific device classification options for automatic and transparent registration to the end user. However, based on the general functioning of FortiNAC, Dot1x Auto Registration and MDM integration are typically used for such purposes. The guide discusses automatic device registration in the context of profiling rules

FortiNAC Study Guide 7.2 | Page 11

FortiNAC uses various methods to communicate with infrastructure devices such as SNMP for discovery and ongoing management, SSH or Telnet through the CLI for tasks related to the infrastructure, and RADIUS for handling specific types of requests

In an isolation VLAN, FortiNAC supplies DHCP and DNS services. The guide specifies that FortiNAC has a DHCP scope defined for a particular VLAN and should be the only DHCP server available to hosts on that VLAN. Additionally, hosts on the VLAN would get a DNS server configuration of the FortiNAC IP for that VLAN

It’s important to audit Group Policy changes in order to determine the details of changes made to Group Policies by delegated users.