FortiClient-EMS Features Quiz

Questions and Answers

What is the purpose of the configuration wizard in a FortiNAC deployment?

Configuring device access levels

Creating device profiles

Adding devices for network modelling

Defining captive networks (correct)

Which type of connectivity does FortiNAC require for modeling devices in the network?

ICMP and DNS

RDP and Telnet

SSH and FTP

SNMP and HTTPS (correct)

In FortiNAC, what happens during the device onboarding stage?

Devices are provided with different access levels

Devices are added to the network modeling

Devices are configured with VPN access

Devices are registered and profiled (correct)

What is the purpose of policy configuration in FortiNAC?

Deciding access levels based on device profiles

Why are certain names like 'nac' and 'isolation' not recommended for use in FortiNAC?

They are reserved for system use

What is the significance of having devices communicate with ETH1 only in Isolation VLANs?

Enhanced network security

What is the purpose of the Registration VLan in captive networks?

To isolate unregistered rogue devices

Which logic column does FortiNAC key on when making the decision to isolate a host?

If Host State is

How does FortiNAC determine if isolation is necessary for a host?

By using 'AND' logic between two specific columns

What is the dissolvable agent in FortiNAC used for?

Manual end-user interaction

What is the purpose of the Virtual Private Network (VPN) captive network type?

To provide network access for clients connecting via VPN services

What does the dissolvable agent do once it completes its task?

It dissolves and leaves no footprint

In Logical Networks, what can you map with different access values on individual devices?

Logical networks

What type of agent is the mobile agent in FortiNAC?

Agent for onboarding process

What is a common method used for device detection through Layer-2 data in FortiNAC?

MAC notification traps

What purpose do FortiNAC agents serve in the network?

Application inventory gathering

How many network access policies have been developed in the given example of Logical Networks?

6

How is a security alert processed in FortiNAC?

By parsing message contents

What information does FortiNAC use to update host records for device detection?

MAC notification traps and Layer-2 polling data

What is a filter in the context of FortiNAC security rules?

A set of user-defined criteria

Which captive network type is used for clients connecting through devices managed by access point management?

Access point management

What happens if no filter is matched in FortiNAC's security rule processing?

The process exits with no further action

In FortiNAC, what triggers Layer-2 data polling for device detection?

Manual polling or scheduled tasks

In FortiNAC, what is a security trigger composed of?

"One or more filters"

"User profiles and host profiles" in FortiNAC are used for what purpose?

"Defining workflows based on triggers"

What type of actions can be associated with a security rule in FortiNAC?

Network access actions

What does FortiClient-EMS use the information collected from clients for?

To create ZTNA tags and sign client certificates

Which step does FortiGate take after verifying the certificate provided by FortiClient?

Perform a posture check based on the ZTNA tags

How can the issue of an untrusted certificate when configuring a new connection to FortiClient-EMS be resolved?

By manually exporting and installing the root CA certificate on FortiGate

What action must be taken on FortiClient-EMS to authorize FortiGate?

Click Administration, Devices, and select FortiGate device

What should be done to allow access to the remote FortiClient endpoints?

Allow access to port 8013 on FortiClient-EMS through the firewall

What does ZTNA CA use the default root CA certificate in FortiClient-EMS for?

Sign CSRs from the FortiClient endpoints

What is a key requirement for FortiNAC to be able to add devices to device inventory?

Valid SNMP and CLI read-write access

What is automatically synchronized by FortiGate after it connects to FortiClient-EMS?

ZTNA tags

Which component can act as a ZTNA access proxy according to the text?

FortiOS

Which of the following is a recommended approach for FortiNAC SSL certificates used for the captive portal?

Using SSL certificates from a public CA

How can compromised certificate private keys be handled by FortiClient-EMS?

Generate new certificates for each client

What does FortiClient-EMS use to uniquely identify each managed endpoint?

Client certificates

What is the purpose of a Service-Account recommended for LDAP access in FortiNAC?

Managing LDAP access without requiring an administrator account

What information is contained in certificates used by Windows Endpoints according to the text?

UID and SN

How does FortiClient identify itself to FortiGate?

Through client certificates received from FortiClient-EMS

Which type of VPN does FortiNAC recommend using certificates with SAN (subject alternate name) for?

EAP-TLS

What action does clicking the refresh button perform in FortiClient-EMS?

Revoke and update the root CA certificate

What is one of the reasons for using SSL certificates signed by a public or private CA on FortiNAC?

To avoid certificate errors on unmanaged guest devices

What does FortiAuthenticator provide?

Multi-factor authentication

In the context of network modeling, what does FortiNAC require to be able to add devices to its inventory?

ICMP or PING connectivity

What is a key advantage of ZTNA regarding access control?

Access control for both remote and on-site workers

Which interface is usually used to access the FortiNAC administration interface?

Corporate devices

What is included with FortiOS and FortiClient-EMS without requiring additional licenses?

ZTNA as a feature

What is a system reserved prefix that should not be used while labeling DHCP scopes in FortiNAC?

'REG'

Why is it important to have valid SNMP and CLI read-write access when adding devices to FortiNAC's inventory?

To carry out remote tasks such as manual polling and link traps.

What triggers FortiNAC to perform Layer-2 polling to update its awareness of devices connected to an edge device?

Link traps received from edge devices

How does FortiNAC collect MAC-address to IP-address correlation for Layer-3 devices?

By using the ARP table

What is a critical component for some FortiNAC capabilities in terms of network visibility?

Layer-3 IP-address information

Which method can be used for device registration in FortiNAC?

Device portal

What do the classification settings in device profiling rules outline?

How FortiNAC will configure the GUI appearance

Which authentication method in FortiNAC will override all other authentication methods configured?

Local user database authentication

What is the purpose of the authentication VLan in FortiNAC?

To identify user information for self registration

Which RADIUS authentication mode in FortiNAC involves using another RADIUS server like Microsoft NPS or FortiAuthenticator for EAP requests?

Proxy RADIUS authentication mode

What initiates the captive portal page presentation process for a host isolated on a wired port?

The host getting a new IP-address

Which file on FortiNAC allows it to respond with its own address when a host attempts to resolve a domain by name?

Root.hint file

What is NOT a component of a Security policy according to the text?

Location

What are the two main pieces that compose a Security policy?

User and/or Host profile and Network access configuration

What feature allows FortiNAC to gather application and compliance information?

FortiNAC Persistent Agent

Which agent type is recommended for BYOD and guests in FortiNAC?

Dissolvable Agent

What additional function can agents perform in FortiNAC besides device registration and application inventory?

Custom scans for certificates, files, and registry

How many different types of configurations can be associated with a user and/or host profile in FortiNAC?

5

'Endpoint Compliance and Risk Assessment' in FortiNAC can be done through an integration with which system?

'FortiClient-EMS'