[2025年04月08日] 完全版最新の問題集でPDFで最新NSE6_FNC-7.2試験問題と解答
無料で使えるNSE6_FNC-7.2試験問題集で100%合格できる試験簡単に合格させるFast2test
Fortinet NSE6_FNC-7.2 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
質問 # 35
Refer to the exhibit.
If a host is connected to a port in the Building 1 First Floor Ports group, what must also be true to match this user/host profile?
- A. The host must have a role value of contractor, an installed persistent agent or a security access value of contractor, and be connected between 6 AM and 5 PM.
- B. The host must have a role value of contractor or an installed persistent agent and a security access value of contractor, and be connected between 6 AM and 5 PM.
- C. The host must have a role value of contractor or an installed persistent agent or a security access value of contractor, and be connected between 6 AM and 5 PM.
- D. The host must have a role value of contractor or an installed persistent agent, a security access value of contractor, and be connected between 9 AM and 5 PM.
正解:C
解説:
Looking at the provided exhibit which shows the Modify User/Host Profile window, the following must be true for a host to match the user/host profile:
* The host must be connected to a port within the "Building 1 First Floor Ports" group.
* The host must fulfill at least one of the following attributes:
* Have a role value of "Contractor"
* Have an installed persistent agent with the security and access value of "Contractor"
* The host must be connected between the specified times of 6 AM and 5 PM on any day of the week.
The profile specifies that the host can match the profile by having any one of the listed attributes (Role as Contractor, Persistent Agent installed with specific security & access value), and the time condition must also be met. Therefore, the correct answer is D, which includes "or" conditions for the role value and persistent agent and specifies the correct time frame.
質問 # 36
What would happen if a port was placed in both the Forced Registration and the Forced Remediation port groups?
- A. Only rogue hosts would be impacted.
- B. Both enforcement groups cannot contain the same port.
- C. Both types of enforcement would be applied.
- D. Only al-risk hosts would be impacted.
正解:B
質問 # 37
What agent is required in order to detect an added USB drive?
- A. Persistent
- B. Passive
- C. Dissolvable
- D. Mobile
正解:A
解説:
Expand the Persistent Agent folder. Select USB Detection from the tree.
質問 # 38
Which connecting endpoints are evaluated against all enabled device profiling rules?
- A. Rogues devices, only when they connect for the first time
- B. Rogues devices, each time they connect
- C. Known trusted devices each time they change location
- D. All hosts, each time they connect
正解:B
解説:
FortiNAC process to classify rogue devices and create an organized inventory of known trusted registered devices.
質問 # 39
Where do you look to determine when and why the FortiNAC made an automated network access change?
- A. The Event view
- B. The Connections view
- C. The Port Changes view
- D. The Admin Auditing view
正解:C
質問 # 40
Where are logical network values defined?
- A. In the security and access field of each host record
- B. On the profiled devices view
- C. In the model configuration view of each infrastructure device
- D. In the port properties view of each port
正解:B
質問 # 41
Which two methods can be used to gather a list of installed applications and application details from a host?
(Choose two.)
- A. Agent technology
- B. Portal page on-boarding options
- C. Application layer traffic inspection
- D. MDM integration
正解:A、D
解説:
To gather a list of installed applications and application details from a host, two methods can be used:
* Agent technology: FortiNAC uses agent technology to collect all installed applications on an endpoint.
* Integration with MDMs (Mobile Device Management systems): MDMs that support application gathering can be integrated with FortiNAC to collect application information.
References
* FortiNAC 7.2 Study Guide, page 302
質問 # 42
Which two policy types can be created on a FortiNAC Control Manager? (Choose two.)
- A. Network Access
- B. Endpoint Compliance
- C. Authentication
- D. Supplicant EasvConnect
正解:A、C
解説:
Network Access policies as a common type of policy in FortiNAC, used to dynamically provision access to connecting endpoints. While Authentication is typically a policy type in network access control systems like FortiNAC
質問 # 43
Where are logical network values defined?
- A. In the security and access field of each host record
- B. On the profiled devices view
- C. In the port properties view of each port
- D. In the model configuration view of each infrastructure device
正解:D
質問 # 44
Which two methods can be used to gather a list of installed applications and application details from a host? (Choose two)
- A. MDM integration
- B. Portal page on-boarding options
- C. Agent technology
- D. Application layer traffic inspection
正解:B、D
質問 # 45
An administrator is configuring FortiNAC to manage FortiGate VPN users. As part of the configuration, the administrator must configure a few FortiGate firewall policies.
What is the purpose of the FortiGate firewall policy that applies to unauthorized VPN clients?
- A. To deny access to only the FortiNAC VPN interface
- B. To allow access to only the production DNS server
- C. To deny access to only the production DNS server
- D. To allow access to only the FortiNAC VPN interface
正解:D
質問 # 46
How does FortiGate update FortiNAC about VPN session information?
- A. Security Fabric Integration
- B. API calls to FortiNAC
- C. SNMP traps
- D. Syslog messages
正解:D
質問 # 47
How are logical networks assigned to endpoints?
- A. Through FortiGate IPv4 policies
- B. Through device profiling rules
- C. Through network access policies
- D. Through Layer 3 polling configurations
正解:C
質問 # 48
Which three communication methods are used by FortiNAC to gather information from and control, infrastructure devices? (Choose three.)
- A. SNMP
- B. RADIUS
- C. CLI
- D. SMTP
- E. FTP
正解:A、B、C
解説:
FortiNAC Study Guide 7.2 | Page 11
FortiNAC uses various methods to communicate with infrastructure devices such as SNMP for discovery and ongoing management, SSH or Telnet through the CLI for tasks related to the infrastructure, and RADIUS for handling specific types of requests
質問 # 49
An administrator wants the Host At Risk event to generate an alarm. What is used to achieve this result?
- A. An event to alarm mapping
- B. A security trigger activity
- C. An event to action mapping
- D. A security filter
正解:A
質問 # 50
What method of communication does FortiNAC use to control VPN host access on FortiGate?
- A. RADIUS accounting
- B. SAMLSSO
- C. Security Fabric
- D. RSSO
正解:C
質問 # 51
Which three capabilities does FortiNAC Control Manager provide? (Choose three.)
- A. Global infrastructure device inventory
- B. Global visibility
- C. Global version control
- D. Pooled licenses
- E. Global authentication security policies
正解:B、C、D
質問 # 52
Which two are required for endpoint compliance monitors? (Choose two.}
- A. Custom scan
- B. Persistent agent
- C. MDM integration
- D. ZTNA agent
正解:A、B
質問 # 53
Refer to the exhibit, and then answer the question below.
Which host is rogue?
- A. 0
- B. 1
- C. 2
- D. 3
正解:D
質問 # 54
Which agent is used only as part of a login script?
- A. Persistent
- B. Passive
- C. Dissolvable
- D. Mobile
正解:B
解説:
If the logon script runs the logon application in persistent mode, configure your Active Directory server not to run scripts synchronously.
質問 # 55
Refer to the exhibit, and then answer the question below.
Which host is rogue?
- A. 0
- B. 1
- C. 2
- D. 3
正解:D
質問 # 56
......
無料で試せるNSE6_FNC-7.2試験問題NSE6_FNC-7.2実際の無料試験問題:https://jp.fast2test.com/NSE6_FNC-7.2-premium-file.html