[PDF and VCE] Format for Free NSE7_SAC-6.2 Dumps With Exam Questions Download

Tens of thousands of competitors, pages of hard questions and unsatisfied exam preparation situations… Do not worried about all those annoying things! We, help you with your Network Security Architect Hotest NSE7_SAC-6.2 pdf Fortinet NSE 7 – Secure Access 6.2 exam. We will assist you clear the Apr 27,2022 Hotest NSE7_SAC-6.2 study guide exam with Network Security Architect NSE7_SAC-6.2 real exam questions. We NSE7_SAC-6.2 new questions are the most comprehensive ones.

We Geekcert has our own expert team. They selected and published the latest NSE7_SAC-6.2 preparation materials from Official Exam-Center.

The following are the NSE7_SAC-6.2 free dumps. Go through and check the validity and accuracy of our NSE7_SAC-6.2 dumps.Do you what to see some samples before NSE7_SAC-6.2 exam? Check the following NSE7_SAC-6.2 free dumps or download NSE7_SAC-6.2 dumps here.

Question 1:

Which step can be taken to ensure that only FortiAP devices receive IP addresses from a DHCP server on FortiGate?

A. Change the interface addressing mode to FortiAP devices.

B. Create a reservation list in the DHCP server settings.

C. Configure a VCI string value of FortiAP in the DHCP server settings.

D. Use DHCP option 138 to assign IPs to FortiAP devices.

Correct Answer: C

Question 2:

Refer to the exhibit.

In the WTP profile configuration shown in the exhibit, the AP profile is assigned to two FAP-320 APs that are installed in an open plan office.


The first AP has 32 clients associated to the 5GHz radios and 22 clients associated to the 2.4GHz



The second AP has 12 clients associated to the 5GHz radios and 20 clients associated to the 2.4GHz radio.

A dual band-capable client enters the office near the first AP and the first AP measures the new client at −33 dBm signal strength. The second AP measures the new client at −43 dBm signal strength.

In the new client attempts to connect to the corporate wireless network, to which AP radio will the client be associated?

A. The second AP 5GHz interface.

B. The first AP 2.4GHz interface.

C. The first AP 5GHz interface.

D. The second AP 2.4GHz interface.

Correct Answer: A

Question 3:

Which two EAP methods can use MSCHAPV2 for client authentication? (Choose two.)





Correct Answer: AC

Reference: https://help.fortinet.com/fauth/3-3/Content/FortiAuthenticator 3_3 Admin% 20Guide/500/501_EAP.htm

Question 4:

Which two statements about the use of digital certificates are true? (Choose two.)

A. An intermediate CA can sign server certificates.

B. An intermediate CA can sign another intermediate CA certificate.

C. The end entity\’s certificate can only be created by an intermediate CA.

D. An intermediate CA can validate the end entity certificate signed by another intermediate CA.

Correct Answer: BD

Question 5:

A wireless network in a school provides guest access using a captive portal to allow unregistered users to self-register and access the network. The administrator is requested to update the existing configuration to provide captive portal authentication through a secure connection (HTTPS) to protect and encrypt guest user credentials after they receive the login information when registered for the first time.

Which two changes must the administrator make to enforce HTTPS authentication? (Choose two.)

A. Provide instructions to users to use HTTPS to access the network.

B. Create a new SSID with the HTTPS captive portal URL.

C. Enable Redirect HTTP Challenge to a Secure Channel (HTTPS) in the user authentication settings

D. Update the captive portal URL to use HTTPS on FortiGate and FortiAuthenticator

Correct Answer: BD

Question 6:

An administrator is deploying APs that are connecting over an IPsec network. All APs have been configured to connect to FortiGate manually. FortiGate can discover the APs and authorize them. However, FortiGate is unable to establish CAPWAP tunnels to manage the APs.

Which configuration setting can the administrator perform to resolve the problem?

A. Decrease the CAPWAP tunnel MTU size for APs to prevent fragmentation.

B. Enable CAPWAP administrative access on the IPsec interface.

C. Upgrade the FortiAP firmware image to ensure compatibility with the FortiOS version.

D. Assign a custom AP profile for the remote APs with the set mpls-connectionoption enabled.

Correct Answer: B

Question 7:

Refer to the exhibit.

A host machine connected to port2 on FortiSwitch cannot connect to the network. All ports on FortiSwitch are assigned a security policy to enforce 802.1X port authentication. While troubleshooting the issue, the administrator runs the debug command and obtains the output shown in the exhibit.

Which two scenarios are the likely cause of this issue? (Choose two.)

A. The host machine is not configured for 802.1X port authentication.

B. The host machine does not support 802. 1X authentication.

C. The host machine is quarantined due to a security incident.

D. The host machine is configured with wrong VLAN ID.

Correct Answer: AB

Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD46428

Question 8:

What action does FortiSwitch take when it receives a loop guard data packet (LGDP) that was sent by itself?

A. The receiving port is shut down.

B. The sending port is shut down

C. The receiving port is moved to the STP blocking state.

D. The sending port is moved to the STP blocking state

Correct Answer: B

Reference: https://www.scribd.com/document/468940309/Secure-Access-6-0-Study-Guide-Online-pdf

Question 9:

Default VLANs are created on FortiGate when the FortiLink interface is created. By default, which VLAN is set as Allowed VLANs on all FortiSwitch ports?

A. Sniffer VLAN

B. Camera VLAN

C. Quarantine VLAN

D. Voice VLAN

Correct Answer: A

Question 10:

What does DHCP snooping MAC verification do?

A. Drops DHCP release packets on untrusted ports

B. Drops DHCP packets with no relay agent information (option 82) on untrusted ports

C. Drops DHCP offer packets on untrusted ports

D. Drops DHCP packets on untrusted ports when the client hardware address does not match the source MAC address

Correct Answer: D

Reference: https://docs.fortinet.com/document/fortiswitch/6.4.2/administration-guide/335964/dhcpsnooping (note)

Question 11:

Which statement correctly describes the quest portal behavior on FortiAuthenticator?

A. Sponsored accounts cannot authenticate using guest portals.

B. FortiAuthenticator uses POST parameters and a RADIUS client configuration to map the request to a guest portal for authentication.

C. All guest accounts must be activated using SMS or email activation codes.

D. All self-registered and sponsored accounts are listed on the local Users GUI page on FortiAuthenticator.

Correct Answer: A

Question 12:

Examine the sections of the configuration shown in the following output:

What action will the FortiGate take when using OCSP certificate validation?

A. FortiGate will reject the certificate if the OCSP server replies that the certificate is unknown.

B. FortiGate will use the OCSP server even when the OCSP URL field in the user certificate

contains a different OCSP server IP address.

C. FortiGate will use the OCSP server even when there is a different OCSP IP address in the ocsp-override-serveroption under config user peer.

D. FortiGate will invalidate the certificate if the OSCP server is unavailable.

Correct Answer: D

Question 13:

Refer to the exhibit.

Examine the configuration of the FortiSwitch security policy profile.

If the security profile shown in the exhibit is assigned on the FortiSwitch port for 802.1X.port authentication, which statement is correct?

A. Host machines that do support 802.1X authentication, but have failed authentication, will be assigned the guest VLAN.

B. All unauthenticated users will be assigned the auth-fail VLAN.

C. Authenticated users that are part of the wired-users group will be assigned the guest VLAN.

D. Host machines that do not support 802.1X authentication will be assigned the guest VLAN.

Correct Answer: C

Question 14:

Examine the following RADIUS configuration:

An administrator has configured a RADIUS server on FortiGate that points to FortiAuthenticator. FortiAuthenticator is acting as an authentication proxy and is configured to relay all authentication requests to a remote Windows AD server using LDAP.

While testing the configuration, the administrator notices that the diagnose test authservercommand works with PAP, however, authentication requests fail when using MSCHAPv2.

Which two changes should the administrator make to get MSCHAPv2 to work? (Choose two.)

A. Force FortiGate to use the PAP authentication method in the RADIUS server configuration.

B. Change the remote authentication server from LDAP to RADIUS on FortiAuthenticator.

C. Use MSCHAP instead of using MSCHAPv2

D. Enable Windows Active Directory Domain Authentication on FortiAuthenticator to add FortiAuthenticator to the Windows domain.

Correct Answer: BD

Reference: https://docs.fortinet.com/document/fortiauthenticator/6.0.0/administration-guide/641286/ remote-authentication-servers

Question 15:

Refer to the exhibits.

Examine the VAP configuration and the WiFi zones table shown in the exhibits.

Which two statements describe FortiGate behavior regarding assignment of VLANs to wireless clients? (Choose two.)

A. FortiGate will load balance clients using VLAN 101 and VLAN 102 and assign them an IP address from the subnet.

B. Clients connecting to APs in the Floor 1 group will not be able to receive an IP address.

C. All clients connecting to the Corp SSID will receive an IP address from the subnet.

D. Clients connecting to APs in the Office group will be assigned an IP address from the subnet.

Correct Answer: BD

Leave a Reply

Your email address will not be published.