NSE7_SAC-6.2 Online Practice Questions and Answers

Which two statements about the use of digital certificates are true? (Choose two.)

A. An intermediate CA can sign server certificates.

B. An intermediate CA can sign another intermediate CA certificate.

C. The end entity's certificate can only be created by an intermediate CA.

D. An intermediate CA can validate the end entity certificate signed by another intermediate CA.

What does DHCP snooping MAC verification do?

A. Drops DHCP release packets on untrusted ports

B. Drops DHCP packets with no relay agent information (option 82) on untrusted ports

C. Drops DHCP offer packets on untrusted ports

D. Drops DHCP packets on untrusted ports when the client hardware address does not match the source MAC address

Which statement correctly describes the quest portal behavior on FortiAuthenticator?

A. Sponsored accounts cannot authenticate using guest portals.

B. FortiAuthenticator uses POST parameters and a RADIUS client configuration to map the request to a guest portal for authentication.

C. All guest accounts must be activated using SMS or email activation codes.

D. All self-registered and sponsored accounts are listed on the local Users GUI page on FortiAuthenticator.

Examine the sections of the configuration shown in the following output:

What action will the FortiGate take when using OCSP certificate validation?

A. FortiGate will reject the certificate if the OCSP server replies that the certificate is unknown.

B. FortiGate will use the OCSP server 10.0.1.150 even when the OCSP URL field in the user certificate

contains a different OCSP server IP address.

C. FortiGate will use the OCSP server 10.0.1.150 even when there is a different OCSP IP address in the ocsp-override-serveroption under config user peer.

D. FortiGate will invalidate the certificate if the OSCP server is unavailable.

What is the purpose of configuring the Windows Active Directory Domain Authentication feature?

A. Allows FortiAuthenticator to register itself as a Windows trusted device to proxy CHAP authentication using Kerberos.

B. Allows FortiAuthenticator to use Windows administrator credentials to perform an LDAP lookup for a user search.

C. Allows FortiAuthenticator to use a Windows CA certificate when authenticating RADIUS users.

D. Allows FortiAuthenticator to authenticate users listed on Windows AD. Enables single sign-on services for VPN and wireless users.

Refer to the exhibit.

Examine the partial debug output shown in the exhibit.

Which two statements about the debug output are true? (Choose two.)

A. The connection to the LDAP server timed out.

B. The user authenticated successfully.

C. The LDAP server is configured to use regular bind.

D. The debug output shows multiple user authentications.

Refer to the exhibit showing certificate values.

Wireless guest users are unable to authenticate because they are getting a certificate error while loading the captive portal login page. This URL string is the HTTPS POST URL guest wireless users see when attempting to access the network using the web browser:

https://fac.trainingad.training.com/guests/login/?loginandpost=https://auth.trainingad.training.1ab:1003/fgtauthandmagic=000a038293d1f411andusermac=b8:27:eb:d8:50:02andapmac=70:4c:a5:9d:0d:28andapip=10.10.100.2anduserip=10.0.3.1andssid=Guest03andapname=PS221ETF18000148andbssid=70:4c:a5:9d:0d:30

Which two settings are the likely causes of the issue? (Choose two.)

A. The external server FQDN is incorrect.

B. The FortiGate authentication interface address is using HTTPS.

C. The wireless user's browser is missing a CA certificate.

D. The user address is not in DDNS form.

Examine the following output from the FortiLink real-time debug.

Based on the output, what is the status of the communication between FortiGate and FortiSwitch?

A. FortiGate is unable to authorize the FortiSwitch.

B. FortiGate is unable to establish FortiLink tunnel to manage the FortiSwitch.

C. FortiGate is unable to located a previously managed FortiSwitch.

D. The FortiLink heartbeat is up.

An administrator has deployed dual band-capable wireless APs in a wireless network. Multiple 2.4 GHz wireless clients are connecting to the network, and subsequent monitoring shows that individual AP

2.4GHz interfaces are being overloaded with wireless connections. Which configuration change would best resolve the overloading issue?

A. Configure load balancing AP handoff on both the AP interfaces on all APs.

B. Configure load balancing AP handoff on only the 2.4GHz interfaces of all Aps.

C. Configure load balancing frequency handoff on both the AP interfaces.

D. Configure a client limit on the all AP 2.4GHz interfaces.

A FortiGate has the following LDAP configuration.

On the Windows LDAP server 10.0.1.10, the administrator used dsquery, which returned the following output:

>dsquery user -samid admin*

"CN=Administrator,CN=Users,DC=trainingAD,DC=training,DC=lab"

According to the output, which FortiGate LDAP setting is configured incorrectly?

A. dn

B. sAMAccountName

C. username

D. cnid