Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

Refer to the exhibit

Examine the FortiGate RSSO configuration shown in the exhibit

FortiGate is configured to receive RADIUS accounting messages on port3 to authenticate RSSO users The users are located behind port3 and the internet link is connected to port1 FortiGate is processing incoming RADIUS accounting messages successfully and RSSO users are getting associated with the RSSO Group user group However all the users are able to access the internet, and the administrator wants to restrict internet access to RSSO users only

Which configuration change should the administrator make to fix the problem?

A.

Change the RADIUS Attribute Value selling to match the name of the RADIUS attribute containing the group membership information of the RSSO users

B.

Add RSSO Group to the firewall policy

C.

Enable Security Fabric Connection on port3

D.

Create a second firewall policy from port3 lo port1 and select the target destination subnets

Full Access
Question # 5

Which two pieces of information can the diagnose test authserver ldap command provide? (Choose two.)

A.

It displays whether the admin bind user credentials are correct

B.

It displays whether the user credentials are correct

C.

It displays the LDAP codes returned by the LDAP server

D.

It displays the LDAP groups found for the user

Full Access
Question # 6

Refer to the exhibit.

Examine the FortiGate configuration FortiAnalyzer logs and FortiGate widget shown in the exhibit

An administrator is testing the Security Fabric quarantine automation The administrator added FortiAnalyzer to the Security Fabric and configured an automation stitch to automatically quarantine compromised devices The test device (::.:.:.!) s connected to a managed Fort Switch dev :e

After trying to access a malicious website from the test device, the administrator verifies that FortiAnalyzer has a log (or the test connection However the device is not getting quarantined by FortiGate as shown in the quarantine widget

Which two scenarios are likely to cause this issue? (Choose two)

A.

The web filtering rating service is not working

B.

FortiAnalyzer does not have a valid threat detection services license

C.

The device does not have FortiClient installed

D.

FortiAnalyzer does not consider the malicious website an indicator of compromise (IOC)

Full Access
Question # 7

Which two statements about the guest portal on FortiAuthenticator are true? (Choose two.)

A.

Each remote user on FortiAuthenticator can sponsor up to 10 guest accounts

B.

Administrators must approve all guest accounts before they can be used

C.

The guest portal provides pre and post-log in services

D.

Administrators can use one or more incoming parameters to configure a mapping rule for the guest portal

Full Access
Question # 8

Which two statements about MAC address quarantine by redirect mode are true? (Choose two)

A.

The quarantined device is moved to the quarantine VLAN

B.

The device MACaddress is added to the Quarantined Devices firewall address group

C.

It is the default mode for MAC address quarantine

D.

The quarantined device is kept in the current VLAN

Full Access
Question # 9

Refer to the exhibit.

Examine the FortiGate user group configuration and the Windows AD LDAP group membership information shown in the exhibit

FortiGate is configured to authenticate SSL VPN users against Windows AD using LDAP The administrator configured the SSL VPN user group for SSL VPN users However the administrator noticed that both the student and j smith users can connect to SSL VPN

Which change can the administrator make on FortiGate to restrict the SSL VPN service to the student user only?

A.

In the SSL VPN user group configuration set Group Nam© to CN-SSLVPN, CN="users, DC-trainingAD, DC-training, DC-lab

B.

In the SSL VPN user group configuration, change Name to cn=sslvpn, CN=users, DC=trainingAD, Detraining, DC-lab.

C.

In the SSL VPN user group configuration set Group Name to ::;=Domain users.CN-Users/DC=trainingAD, DC-training, DC=lab.

D.

In the SSL VPN user group configuration change Type to Fortinet Single Sign-On (FSSO)

Full Access
Question # 10

Refer to the exhibit.

Examine the FortiManager configuration and FortiGate CLI output shown in the exhibit

An administrator is testing the NAC feature The test device is connected to a managed FortiSwitch device {S224EPTF19"53€7)onpOrt2

After applying the NAC policy on port2 and generating traffic on the test device the test device is not matching the NAC policy therefore the test device remains m the onboarding VLAN

Based on the information shown in the exhibit which two scenarios are likely to cause this issue? (Choose two.)

A.

Management communication between FortiGate and FortiSwitch is down

B.

The MAC address configured on the NAC policy is incorrect

C.

The device operating system detected by FortiGate is not Linux

D.

Device detection is not enabled on VLAN 4089

Full Access
Question # 11

When you configure a FortiAP wireless interface for auto TX power control which statement describes how it configures its transmission power"?

A.

Every 30 seconds the AP will measure the signal strength of the AP using the client The AP will adjust its signal strength up or down until the AP signal is detected at -70 dBm

B.

Every 30 seconds FortiGate measures the signal strength of adjacent AP interfaces It will adjust its own AP power to match the adjacent AP signal strength

C.

Every 30 seconds FortiGate measures the signal strength of adjacent FortiAP interfaces It will adjust the adjacent AP power to be detectable at -70 dBm

D.

Every 30 seconds FortiGate measures the signal strength of the weakest associated client The AP will then configure its radio power to match the detected signal strength of the client

Full Access