Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Fortinet NSE6_FSW-7.2 NSE6_FSW-7.2 - Fortinet NSE 6 - FortiSwitch 7.2 Exam Practice Test

Demo: 16 questions
Total 55 questions

NSE6_FSW-7.2 - Fortinet NSE 6 - FortiSwitch 7.2 Questions and Answers

Question 1

What can an administrator do to maintain the existing standalone FortlSwltch configuration while changing the management mode to FortLink?

Options:

A.

Use a migration tool based on python script to convert the configuration

B.

Enable the Forti-link setting on FortiSwitch before the authorization process

C.

FortiGate will automatically save the existing FortiSwitch configuration during the Forti-link management process.

D.

Register FortiSwitch to For1ISwitch Cloud to save a copy before managing by Forti-Gate.

Question 2

Which statement about the configuration of VLANs on a managed FortiSwitch port is true?

Options:

A.

Untagged VLANs must be part of the allowed VLANs: ingress and egress.

B.

FortiSwitch VLAN interfaces are created only when FortiSwitch is managed by Forti-Gate.

C.

The native VLAN is implicitly part of the allowed VLAN on the port.

D.

Allowed VLANS expand the collision domain to the port.

Question 3

To enhance service in emergency situations, to which LLDP-MED Type-Length-Values does Forti-Switch advertise to IP phones?

Options:

A.

Network policy

B.

Inventory management

C.

Location

D.

Power management

Question 4

Refer to the exhibits.

Port1 and port2 are the only ports configured with the same native VLAN 10.

What are two reasons that can trigger port1 to shut down? (Choose two.)

Options:

A.

port1 was shut down by loop guard protection.

B.

STP triggered a loop and applied loop guard protection on port1.

C.

An endpoint sent a BPDU on port1 that it received from another interface.

D.

Loop guard frame sourced from port 1 was received on port 1.

Question 5

Exhibit.

You need to manage three FortiSwitch devices using a FortiGate device. Two of the FortiSwitch devices initiated a reboot after the authorization process. However, the FortiSwitch device with the configuration shown in the exhibit. did not reboot All three devices completed FortiLink manage-ment authorization successfully.

Why did the FortiSwitch device shown in the exhibit not reboot to complete the authorization pro-cess?

The management mode was set to use FortiLink mode.

Options:

A.

Switch auto-discovery is enabled.

B.

The management mode was set to use FortiLink mode.

C.

The FortiSwitch device is scheduled to reboot as part the authorization process

D.

The system time is not in-sync and is using a non-default value

Question 6

Refer to the exhibits

Traffic arriving on port2 on FortiSwitch is tagged with VLAN ID 10 and destined for PC1 connected on port1. PC1 expects to receive traffic untagged from port1 on FortiSwitch.

Which two configurations can you perform on FortiSwitch to ensure PC1 receives untagged traffic on port1? (Choose two.)

Options:

A.

Add the MAC address of PCI as a member of VLAN 10.

B.

Add VLAN ID 10 as a member of the untagged VLANs on port1.

C.

Remove VLAN 10 from the allowed VLANs and add it to untagged VLANs on port1.

D.

Enable Private VLAN on VLAN 10 and add VLAN 20 as an isolated VLAN.

Question 7

What are two ways in which automatic MAC address quarantine works on FortiSwitch? (Choose two.)

Options:

A.

FortiSwitch supports only by VLAN quarantine mode.

B.

FortiGate applies the quarantine-related configuration only on FortiGate.

C.

FortiAnalyzer with a threat detection services license is required.

D.

MAC address quarantine can be enabled through the FortiGate CLI only.

Question 8

How does FortiGate handle configuration of flow tracking sampling if you export the settings to a managed FortiSwitch stack with sampling mode set to perimeter is true?

Options:

A.

FortiGate configures FortiSwitch to perform ingress sampling on all switch interfaces.

B.

FortiGate configures FortiSwitch to perform ingress sampling on all switch interfaces, except ICL and ISL interfaces.

C.

FortiGate configures and enables flow sampling on FortiSwitch but does not change existing sampling settings of interfaces.

D.

FortiGate configures and enables egress sampling on all management interfaces.

Question 9

Exhibit.

port1 and port2 are the only ports configured with the same native VLAN 10.

What are two reasons that can trigger port1 to shut down? (Choose two.)

Options:

A.

port1 was shut down by loop guard protection.

B.

STP triggered a loop and applied loop guard protection on port1.

C.

An endpoint sent a BPDU on port1 that it received from another interface.

D.

Loop guard frame sourced from port1 was received on port1.

Question 10

Which drop policy mode, if assigned to a congested port, will drop incoming packets until there is no congestion on the egress port?

Options:

A.

Tail-drop mode

B.

Weighted round robin mode.

C.

Random early detection mode

D.

Strict mode

Question 11

Refer to the exhibit.

What two conclusions can be made regarding DHCP snooping configuration? (Choose two.)

Options:

A.

Maximum value to accept clients DHCP request is configured as per DHCP server range.

B.

FortiSwitch is configured to trust DHCP replies coming on FortiLink interface.

C.

DHCP clients that are trusted by DHCP snooping configured is only one.

D.

Global configuration for DHCP snooping is set to forward DHCP client requests on all ports in the VLAN.

Question 12

Refer to the diagnostic output:

What makes the use of the sniffer command on the FortiSwitch CLI unreliable on__port__23?

Options:

A.

The types of packets captured is limited.

B.

Just the port egress payloads are printed on CLI.

C.

Only untagged VLAN traffic can be captured.

D.

The switch port might be used as a trunk member

Question 13

Which statement about 802.1X security profiles using MAC-based authentication mode is true?

Options:

A.

FortiSwitch allows connectivity to all hosts connected to a port, if one host is authenticated.

B.

FortiSwitch can grant each device a different access level based on the credentials provided

C.

FortiSwitch performs faster when using this security mode on the ports.

D.

FortiSwitch must communicate with the RADIUS server to authenticate devices

Question 14

Which two statements about managing a FortiSwitch stack on FortiGate are true? (Choose two.)

Options:

A.

A FortiLink interface must be enabled on FortiGate.

B.

The switch controller feature must be enabled on FortiGate.

C.

Only a hardware-based FortiGate can manage a FortiSwitch stack.

D.

FortiSwitch must be operating in standalone mode before authorization.

Question 15

How is traffic routed on FortiSwitch?

Options:

A.

Hardware-based routing on FortiSwitch is handled by the CPU.

B.

FortiSwitch looks up the hardware routing table and then the forwarding information base (FIB).

C.

ASIC hardware routing can only handle dynamic routing, if supported.

D.

Layer 3 routing can be configured on FortiSwitch, while managed by FortiGate.

Question 16

Which two statements about DHCP snooping enabled on a FortiSwitch VLAN are true? (Choose two.)

Options:

A.

Enabling DHCP snooping on a FortiSwitch VLAN ensures requests and replies are seen by all DHCP servers.

B.

switch-controller-dhcp-snooping-verify-mac verifies the destination MAC address to protect against DHCP exhaustion attacks.

C.

By default, all FortiSwitch ports are set to forward client DHCP requests to untrusted ports.

D.

Settings related to DHCP option 82 are only configurable through the CLI

Demo: 16 questions
Total 55 questions