Pass Authentic Fortinet NSE6_FNC-7.2 with Free Practice Tests and Exam Dumps
New NSE6_FNC-7.2 Exam Questions Real Fortinet Dumps
NEW QUESTION # 11
Which two of the following are required for endpoint compliance monitors? (Choose two.)
- A. Custom scan
- B. Persistent agent
- C. Security rule
- D. Logged on user
Answer: A,B
Explanation:
DirectDefense's analysis of FireEye Endpoint attests that the products help meet the HIPAA Security Rule.
In the menu on the left click the + sign next to Endpoint Compliance to open it.
Reference:
https://docs.fortinet.com/document/fortinac/8.5.2/administration-guide/92047/add-or-modify-a-scan
NEW QUESTION # 12
Which two of the following are required for endpoint compliance monitors? (Choose two.)
- A. Custom scan
- B. Persistent agent
- C. Security rule
- D. Logged on user
Answer: A,B
Explanation:
DirectDefense's analysis of FireEye Endpoint attests that the products help meet the HIPAA Security Rule.
In the menu on the left click the + sign next to Endpoint Compliance to open it.
NEW QUESTION # 13
What agent is required in order to detect an added USB drive?
- A. Passive
- B. Persistent
- C. Dissolvable
- D. Mobile
Answer: B
Explanation:
Expand the Persistent Agent folder. Select USB Detection from the tree.
Reference:
1. Click System > Settings.
2. Expand the Persistent Agent folder.
3. Select USB Detection from the tree.
4. Click Add or select an existing USB drive and click Modify.
NEW QUESTION # 14
Which agent is used only as part of a login script?
- A. Dissolvable
- B. Persistent
- C. Mobile
- D. Passive
Answer: D
Explanation:
If the logon script runs the logon application in persistent mode, configure your Active Directory server not to run scripts synchronously.
NEW QUESTION # 15
During the on-boarding process through the captive portal, what are two reasons why a host that successfully registered would remain stuck in the Registration VLAN? (Choose two.)
- A. Bridging is enabled on the host.
- B. The port default VLAN is the same as the Registration VLAN.
- C. The wrong agent is installed.
- D. There is another unregistered host on the same port.
Answer: B,D
NEW QUESTION # 16
An administrator is configuring FortiNAC to manage FortiGate VPN users. As part of the configuration, the administrator must configure a few FortiGate firewall policies.
What is the purpose of the FortiGate firewall policy that applies to unauthorized VPN clients?
- A. To deny access to only the production DNS server
- B. To allow access to only the FortiNAC VPN interface
- C. To allow access to only the production DNS server
- D. To deny access to only the FortiNAC VPN interface
Answer: B
NEW QUESTION # 17
Which command line shell and scripting language does FortiNAC use for WinRM?
- A. DOS
- B. Bash
- C. Linux
- D. Powershell
Answer: D
Explanation:
Open Windows PowerShell or a command prompt. Run the following command to determine if you already have WinRM over HTTPS configured.
Reference:
Admin Guide on p. 362, "Matches if the device successfully responds to a WinRM client session request. User name and password credentials are required. If there are multiple credentials, each set of credentials will be attempted to find a potential match. The commands are used to automate interaction with the device. Each command is run via Powershell."
NEW QUESTION # 18
What capability do logical networks provide?
- A. Interactive topology view diagrams
- B. Application of different access values from a single access policy
- C. IVLAN -based inventory reporting
- D. Point of access-base autopopulation of device groups'
Answer: B
Explanation:
Logical Networks allow you to create fewer Network Access Policies than before. (FortiNAC - What's new in FortiNAC 7.2) Logical networks in FortiNAC decouple a policy from a specific access value, allowing for the application of different access values from a single access policy. This is done based on the point of connection, significantly reducing the number of network access policies needed and simplifying network access policy management
NEW QUESTION # 19
When FortiNAC passes a firewall tag to FortiGate, what determines the value that is passed?
- A. RADIUS group attribute
- B. Device profiling rule
- C. Security rule
- D. Logical network
Answer: D
NEW QUESTION # 20
During an evaluation of state-based enforcement, an administrator discovers that ports that should not be under enforcement have been added to enforcement groups. In which view would the administrator be able to determine who added the ports to the groups?
- A. The Security Events view
- B. The Admin Auditing view
- C. The Alarms view
- D. The Event Management view
Answer: B
NEW QUESTION # 21
When FortiNAC is managing FortiGate VPN users, why is an endpoint compliance policy necessary?
- A. To validate the VPN user credentials
- B. To validate the VPN client being used
- C. To designate the required agent type
- D. To confirm installed security software
Answer: D
NEW QUESTION # 22
What would occur if both an unknown (rogue) device and a known (trusted) device simultaneously appeared on a port that is a member of the Forced Registration port group?
- A. The port would be provisioned to the registration network, and both hosts would be isolated.
- B. The port would be administratively shut down.
- C. The port would not be managed, and an event would be generated.
- D. The port would be provisioned for the normal state host, and both hosts would have access to that VLAN.
Answer: A
NEW QUESTION # 23
Which group type can have members added directly from the FortiNAC Control Manager?
- A. Device
- B. Administrator
- C. Port
- D. Host
Answer: A
Explanation:
The study guide explains that there are six different types of groups in FortiNAC, including device, host, IP phone, port, user, and administrator groups. Groups created by administrative users or imported as a result of an LDAP integration can be used to organize elements but do not enforce any type of control or functionality directly
NEW QUESTION # 24
View the command and output shown in the exhibit.
What is the current state of this host?
- A. Registered
- B. Rogue
- C. At-Risk
- D. Not authenticated
Answer: D
NEW QUESTION # 25
An administrator wants the Host At Risk event to generate an alarm. What is used to achieve this result?
- A. An event to action mapping
- B. A security trigger activity
- C. A security filter
- D. An event to alarm mapping
Answer: D
NEW QUESTION # 26
Refer to the exhibit.
Considering the host status of the two hosts connected to the same wired port, what will happen if the port is a member of the Forced Registration port group?
- A. The port will be provisioned for the normal state host, and both hosts will have access to that VLAN.
- B. The port will not be managed, and an event will be generated.
- C. The port will be provisioned to the registration network, and both hosts will be isolated.
- D. The port will be administratively shut down.
Answer: C
Explanation:
The exhibit shows the status of two hosts connected to a wired infrastructure and indicates their respective MAC addresses and the rule name associated with them. When a port is a member of the Forced Registration port group, and multiple hosts with different statuses are connected to that port, FortiNAC will provision the port to the registration network, which is designed to isolate hosts until they are verified or registered. This ensures that unregistered or unauthorized hosts do not gain access to the network. Therefore, both hosts will be isolated in the registration network according to FortiNAC policy for such scenarios.
NEW QUESTION # 27
......
Fortinet NSE6_FNC-7.2 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
NSE6_FNC-7.2 Exam Info and Free Practice Test Professional Quiz Study Materials: https://www.passleadervce.com/FCP-in-Network-Security/reliable-NSE6_FNC-7.2-exam-learning-guide.html
Course 2025 NSE6_FNC-7.2 Test Prep Training Practice Exam Download: https://drive.google.com/open?id=1IOySJMP7gEG7y7_N6Nynhnljitj14hWt