Download Fortinet NSE 7 - Secure Access 6.2.NSE7_SAC-6.2.PassLeader.2021-04-29.10q.tqb

Vendor: Fortinet
Exam Code: NSE7_SAC-6.2
Exam Name: Fortinet NSE 7 - Secure Access 6.2
Date: Apr 29, 2021
File Size: 261 KB
Download Exam

How to open TQB files?

Files with TQB (Taurus Question Bank) extension can be opened by Taurus Exam Studio.

Download
Taurus Exam Studio

Purchase
Coupon: TAURUSSIM_20OFF

Discount: 20%

Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator

Demo Questions

Question 1
What action does FortiSwitch take when it receives a loop guard data packet (LGDP) that was sent by itself?
  1. The receiving port is shut down.
  2. The sending port is shut down.
  3. The receiving port is moved to the STP blocking state.
  4. The sending port is moved to the STP blocking state.
Correct answer: A
Question 2
Default VLANs are created on FortiGate when the FortiLink interface is created. By default, which VLAN is set as Allowed VLANs on all FortiSwitch ports?
  1. Sniffer VLAN
  2. Camera VLAN
  3. Quarantine VLAN
  4. Voice VLAN
Correct answer: D
Question 3
What does DHCP snooping MAC verification do?
  1. Drops DHCP release packets on untrusted ports.
  2. Drops DHCP packets with no relay agent information (option 82) on untrusted ports.
  3. Drops DHCP offer packets on untrusted ports.
  4. Drops DHCP packets on untrusted ports when the client hardware address does not match the source MAC address.
Correct answer: C
Question 4
Which statement correctly describes the guest portal behavior on FortiAuthenticator?
  1. Sponsored accounts cannot authenticate using guest portals.
  2. FortiAuthenticator uses POST parameters and a RADIUS client configuration to map the request to a guest portal for authentication.
  3. All guest accounts must be activated using SMS or email activation codes. 
  4. All self-registered and sponsored accounts are listed on the local Users GUI page on FortiAuthenticator.
Correct answer: A
Question 5
Which CLI command should an administrator use to view the certificate validation process in real-time?
  1. diagnose debug application certd -1
  2. diagnose debug application fnbamd -1
  3. diagnose debug application authd -1
  4. diagnose debug application foauthd -1
Correct answer: A
Question 6
Which step can be taken to ensure that only FortiAP devices receive IP addresses from a DHCP server on FortiGate?
  1. Change the interface addressing mode to FortiAP devices.
  2. Create a reservation list in the DHCP server settings.
  3. Configure a VCI string value of FortiAP in the DHCP server settings.
  4. Use DHCP option 138 to assign IPs to FortiAP devices.
Correct answer: C
Question 7
An administrator is deploying APs that are connecting over an IPsec network. All APs have been configured to connect to FortiGate manually. 
FortiGate can discover the APs and authorize them. However, FortiGate is unable to establish CAPWAP tunnels to manage the APs. 
Which configuration setting can the administrator perform to resolve the problem?
  1. Decrease the CAPWAP tunnel MTU size for APs to prevent fragmentation.
  2. Enable CAPWAP administrative access on the IPsec interface.
  3. Upgrade the FortiAP firmware image to ensure compatibility with the FortiOS version.
  4. Assign a custom AP profile for the remote APs with the set mpls-connection option enabled.
Correct answer: C
Question 8
Which two statements about the use of digital certificates are true? (Choose two.)
  1. An intermediate CA can sign server certificates.
  2. An intermediate CA can sign another intermediate CA certificate.
  3. The end entity's certificate can only be created by an intermediate CA.
  4. An intermediate CA can validate the end entity certificate signed by another intermediate CA.
Correct answer: AC
Question 9
Refer to the exhibit: 
   
  
The exhibit shows two FortiGate devices in active-passive HA mode, including four FortiSwitch devices connected to a ring. 
Which two configurations are required to deploy this network topology? (Choose two.)
  1. Configure link aggregation interfaces on the FortiLink interfaces.
  2. Configure the trunk interfaces on the FortiSwitch devices as MCLAG-ISL.
  3. Enable fortilink-split-interf ace on the FortiLink interfaces.
  4. Enable STP on the FortiGate interfaces.
Correct answer: BD
Question 10
Refer to the exhibit: 
   
  
Examine the network topology shown in the exhibit. Which port should have root guard enabled?
  1. FortiSwitch A, port2.
  2. FortiSwitch A, port1.
  3. FortiSwitch B. port1.
  4. FortiSwitch B. port2.
Correct answer: D
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!