• Home
  • Articles
  • Pass Your Fortinet Exam with NSE6_FNC-8.5 Exam Dumps (Updated 30 Questions) [Q13-Q37]

Pass Your Fortinet Exam with NSE6_FNC-8.5 Exam Dumps (Updated 30 Questions) [Q13-Q37]

Share

Pass Your Fortinet Exam with NSE6_FNC-8.5 Exam Dumps (Updated 30 Questions)

NSE6_FNC-8.5 Exam Dumps - Fortinet Practice Test Questions


For more info about Network Security Specialist Fortinet NSE6_FNC-8.5 Professional Exam

Network Security Specialist Fortinet NSE6_FNC-8.5 Professional Exam

 

NEW QUESTION 13
Which three communication methods are used by the FortiNAC to gather information from, and control, infrastructure devices? (Choose three)

  • A. SMTP
  • B. FTP
  • C. RADIUS
  • D. DCLI
  • E. SNMP

Answer: B,C,E

Explanation:
Explanation
Set up SNMP communication with FortiNAC
RADIUS Server that is used by FortiNAC to communicate
FortiNAC can be configured via CLI to use HTTP or HTTPS for OS updates instead of FTP.

 

NEW QUESTION 14
Where are logical network values defined?

  • A. In the security and access field of each host record
  • B. In the port properties view of each port
  • C. On the profiled devices view
  • D. In the model configuration view of each infrastructure device

Answer: A

 

NEW QUESTION 15
With enforcement for network access policies and at-risk hosts enabled, what will happen if a host matches a network access policy and has a state of "at risk"?

  • A. The host is provisioned based on the network access policy.
  • B. The host is provisioned based on the default access defined by the point of connection.
  • C. The host is administratively disabled.
  • D. The host is isolated.

Answer: A

 

NEW QUESTION 16
Which agent is used only as part of a login script?

  • A. Mobile
  • B. Passive
  • C. Persistent
  • D. Dissolvable

Answer: C

Explanation:
Explanation
If the logon script runs the logon application in persistent mode, configure your Active Directory server not to run scripts synchronously.

 

NEW QUESTION 17
What capability do logical networks provide?

  • A. Autopopulation of device groups based on point of connection
  • B. Interactive topology view diagrams
  • C. VLAN-based inventory reporting
  • D. Application of different access values from a single access policy

Answer: C

Explanation:
Explanation
NTM also includes reporting utilities such as network and inventory reports. You can generate reports for subnets, switch ports, and VLANs.

 

NEW QUESTION 18
By default, if more than 20 hosts are seen connected on a single port simultaneously, what will happen to the port?

  • A. The port becomes a threshold uplink.
  • B. The port is switched into the Dead-End VLAN.
  • C. The port is added to the Forced Registration group.
  • D. The port is disabled.

Answer: D

 

NEW QUESTION 19
Which two of the following are required for endpoint compliance monitors? (Choose two.)

  • A. Logged on user
  • B. Custom scan
  • C. Persistent agent
  • D. Security rule

Answer: B,D

 

NEW QUESTION 20
Which system group will force at-risk hosts into the quarantine network, based on point of connection?

  • A. Forced Isolation
  • B. Forced Quarantine
  • C. Forced Remediation
  • D. Physical Address Filtering

Answer: C

Explanation:
Explanation
A remediation plan is established, including a forensic analysis and a reload of the system. Also, users are forced to change their passwords as the system held local user accounts.

 

NEW QUESTION 21
Which agent can receive and display messages from FortiNAC to the end user?

  • A. Passive
  • B. MDM
  • C. Persistent
  • D. Dissolvable

Answer: C

 

NEW QUESTION 22
Which command line shell and scripting language does FortiNAC use for WinRM?

  • A. DOS
  • B. Linux
  • C. Powershell
  • D. Bash

Answer: C

Explanation:
Open Windows PowerShell or a command prompt. Run the following command to determine if you already have WinRM over HTTPS configured.
Reference: https://docs.fortinet.com/document/fortinac/8.7.0/administration-guide/246310/winrm-device- profile-requirements-and-setup

 

NEW QUESTION 23
In which view would you find who made modifications to a Group?

  • A. The Admin Auditing view
  • B. The Security Events view
  • C. The Event Management view
  • D. The Alarms view

Answer: A

Explanation:
Explanation
It's important to audit Group Policy changes in order to determine the details of changes made to Group Policies by delegated users.

 

NEW QUESTION 24
Refer to the exhibit.

If you are forcing the registration of unknown (rogue) hosts, and an unknown (rogue) host connects to a port on the switch, what will occur?

  • A. No VLAN change is performed
  • B. The host is moved to a default isolation VLAN.
  • C. The host is disabled.
  • D. The host is moved to VLAN 111.

Answer: C

Explanation:
The ability to limit the number of workstations that can connect to specific ports on the switch is managed with Port Security. If these limits are breached, or access from unknown workstations is attempted, the port can do any or all of the following: drop the untrusted data, notify the network administrator, or disable the port.

 

NEW QUESTION 25
Refer to the exhibit, and then answer the question below.

Which host is rogue?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: D

 

NEW QUESTION 26
During the on-boarding process through the captive portal, why would a host that successfully registered remain stuck in the Registration VLAN? (Choose two.)

  • A. The wrong agent is installed.
  • B. There is another unregistered host on the same port.
  • C. The ports default VLAN is the same as the Registration VLAN.
  • D. Bridging is enabled on the host

Answer: A,C

Explanation:
Explanation
Scenario 4: NAT detection disabled, using endpoint compliance policy and agent.

 

NEW QUESTION 27
What causes a host's state to change to "at risk"?

  • A. The logged on user is not found in the Active Directory.
  • B. The host has failed an endpoint compliance policy or admin scan.
  • C. The host has been administratively disabled.
  • D. The host is not in the Registered Hosts group.

Answer: B

Explanation:
Explanation
Failure - Indicates that the host has failed the scan. This option can also be set manually. When the status is set to Failure the host is marked "At Risk" for the selected scan.

 

NEW QUESTION 28
In a wireless integration, how does FortiNAC obtain connecting MAC address information?

  • A. MAC notification traps
  • B. Link traps
  • C. RADIUS
  • D. End station traffic monitoring

Answer: C

Explanation:
Intelligent Access Points (IAPs) and controllers support two methods of RADIUS based authentication: RADIUS MAC authentication and 802.1x authentication.

 

NEW QUESTION 29
What would occur if both an unknown (rogue) device and a known (trusted) device simultaneously appeared on a port that is a member of the Forced Registration port group?

  • A. The port would not be managed, and an event would be generated.
  • B. The port would be administratively shut down.
  • C. The port would be provisioned to the registration network, and both hosts would be isolated.
  • D. The port would be provisioned for the normal state host, and both hosts would have access to that VLAN.

Answer: C

 

NEW QUESTION 30
What capability do logical networks provide?

  • A. Autopopulation of device groups based on point of connection
  • B. Interactive topology view diagrams
  • C. Application of different access values from a single access policy
  • D. VLAN-based inventory reporting

Answer: C

 

NEW QUESTION 31
Which three of the following are components of a security rule? (Choose three.)

  • A. Security String
  • B. Methods
  • C. User or host profile
  • D. Action
  • E. Trigger

Answer: C,D,E

 

NEW QUESTION 32
Refer to the exhibit, and then answer the question below.

Which host is rogue?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: A

Explanation:
Explanation
Explanation/Reference: https://docs.fortinet.com/document/fortinac/8.6.0/administration-guide/283146/evaluating- rogue-hosts

 

NEW QUESTION 33
Which two methods can be used to gather a list of installed applications and application details from a host? (Choose two.)

  • A. Application layer traffic inspection
  • B. MDM integration
  • C. Portal page on-boarding options
  • D. Agent technology

Answer: B,C

Explanation:
Explanation/Reference: https://developer.apple.com/business/documentation/MDM-Protocol-Reference.pdf
https://docs.oracle.com/en/middleware/idm/identity-governance/12.2.1.3/omusg/managing-application- onboarding.html#GUID-4D0D5B18-A6F5-4231-852E-DB0D95AAE2D1

 

NEW QUESTION 34
What causes a host's state to change to "at risk"?

  • A. The logged on user is not found in the Active Directory.
  • B. The host has failed an endpoint compliance policy or admin scan.
  • C. The host has been administratively disabled.
  • D. The host is not in the Registered Hosts group.

Answer: B

Explanation:
Failure - Indicates that the host has failed the scan. This option can also be set manually. When the status is set to Failure the host is marked "At Risk" for the selected scan.

 

NEW QUESTION 35
What would happen if a port was placed in both the Forced Registration and the Forced Remediation port groups?

  • A. Both enforcement groups cannot contain the same port.
  • B. Only rogue hosts would be impacted.
  • C. Only at-risk hosts would be impacted.
  • D. Both types of enforcement would be applied.

Answer: A

Explanation:
Explanation/Reference: https://docs.fortinet.com/document/fortinac/8.3.0/administration-guide/837785/system-groups

 

NEW QUESTION 36
During the on-boarding process through the captive portal, why would a host that successfully registered remain stuck in the Registration VLAN? (Choose two.)

  • A. The wrong agent is installed.
  • B. The ports default VLAN is the same as the Registration VLAN.
  • C. There is another unregistered host on the same port.
  • D. Bridging is enabled on the host

Answer: A,C

Explanation:
Scenario 4: NAT detection disabled, using endpoint compliance policy and agent.

 

NEW QUESTION 37
......

Pass Your NSE6_FNC-8.5 Exam Easily with Accurate PDF Questions: https://pass4sure.testpdf.com/NSE6_FNC-8.5-practice-test.html

Related Articles

more
Fortinet NSE6_FNC-8.5 Certification Practice Exam