FortiClient-EMS Features Quiz

Questions and Answers

What is the purpose of the configuration wizard in a FortiNAC deployment?

• Configuring device access levels
• Creating device profiles
• Adding devices for network modelling
• Defining captive networks (correct)

Which type of connectivity does FortiNAC require for modeling devices in the network?

• ICMP and DNS
• RDP and Telnet
• SSH and FTP
• SNMP and HTTPS (correct)

In FortiNAC, what happens during the device onboarding stage?

• Devices are provided with different access levels
• Devices are added to the network modeling
• Devices are configured with VPN access
• Devices are registered and profiled (correct)

What is the purpose of policy configuration in FortiNAC?

Deciding access levels based on device profiles (C)

Why are certain names like 'nac' and 'isolation' not recommended for use in FortiNAC?

They are reserved for system use (B)

What is the significance of having devices communicate with ETH1 only in Isolation VLANs?

Enhanced network security (B)

What is the purpose of the Registration VLan in captive networks?

To isolate unregistered rogue devices (A)

Which logic column does FortiNAC key on when making the decision to isolate a host?

If Host State is (C)

How does FortiNAC determine if isolation is necessary for a host?

By using 'AND' logic between two specific columns (B)

What is the dissolvable agent in FortiNAC used for?

Manual end-user interaction (C)

What is the purpose of the Virtual Private Network (VPN) captive network type?

To provide network access for clients connecting via VPN services (B)

What does the dissolvable agent do once it completes its task?

It dissolves and leaves no footprint (A)

In Logical Networks, what can you map with different access values on individual devices?

Logical networks (A)

What type of agent is the mobile agent in FortiNAC?

Agent for onboarding process (C)

What is a common method used for device detection through Layer-2 data in FortiNAC?

MAC notification traps (D)

What purpose do FortiNAC agents serve in the network?

Application inventory gathering (B)

How many network access policies have been developed in the given example of Logical Networks?

6 (C)

How is a security alert processed in FortiNAC?

By parsing message contents (D)

What information does FortiNAC use to update host records for device detection?

MAC notification traps and Layer-2 polling data (D)

What is a filter in the context of FortiNAC security rules?

A set of user-defined criteria (C)

Which captive network type is used for clients connecting through devices managed by access point management?

Access point management (C)

What happens if no filter is matched in FortiNAC's security rule processing?

The process exits with no further action (C)

In FortiNAC, what triggers Layer-2 data polling for device detection?

Manual polling or scheduled tasks (A)

In FortiNAC, what is a security trigger composed of?

"One or more filters" (A)

"User profiles and host profiles" in FortiNAC are used for what purpose?

"Defining workflows based on triggers" (C)

What type of actions can be associated with a security rule in FortiNAC?

Network access actions (B)

What does FortiClient-EMS use the information collected from clients for?

To create ZTNA tags and sign client certificates (D)

Which step does FortiGate take after verifying the certificate provided by FortiClient?

Perform a posture check based on the ZTNA tags (A)

How can the issue of an untrusted certificate when configuring a new connection to FortiClient-EMS be resolved?

By manually exporting and installing the root CA certificate on FortiGate (C)

What action must be taken on FortiClient-EMS to authorize FortiGate?

Click Administration, Devices, and select FortiGate device (D)

What should be done to allow access to the remote FortiClient endpoints?

Allow access to port 8013 on FortiClient-EMS through the firewall (B)

What does ZTNA CA use the default root CA certificate in FortiClient-EMS for?

Sign CSRs from the FortiClient endpoints (D)

What is a key requirement for FortiNAC to be able to add devices to device inventory?

Valid SNMP and CLI read-write access (D)

What is automatically synchronized by FortiGate after it connects to FortiClient-EMS?

ZTNA tags (B)

Which component can act as a ZTNA access proxy according to the text?

FortiOS (C)

Which of the following is a recommended approach for FortiNAC SSL certificates used for the captive portal?

Using SSL certificates from a public CA (C)

How can compromised certificate private keys be handled by FortiClient-EMS?

Generate new certificates for each client (C)

What does FortiClient-EMS use to uniquely identify each managed endpoint?

Client certificates (B)

What is the purpose of a Service-Account recommended for LDAP access in FortiNAC?

Managing LDAP access without requiring an administrator account (A)

What information is contained in certificates used by Windows Endpoints according to the text?

UID and SN (B)

How does FortiClient identify itself to FortiGate?

Through client certificates received from FortiClient-EMS (A)

Which type of VPN does FortiNAC recommend using certificates with SAN (subject alternate name) for?

EAP-TLS (B)

What action does clicking the refresh button perform in FortiClient-EMS?

Revoke and update the root CA certificate (D)

What is one of the reasons for using SSL certificates signed by a public or private CA on FortiNAC?

To avoid certificate errors on unmanaged guest devices (C)

What does FortiAuthenticator provide?

Multi-factor authentication (D)

In the context of network modeling, what does FortiNAC require to be able to add devices to its inventory?

ICMP or PING connectivity (C)

What is a key advantage of ZTNA regarding access control?

Access control for both remote and on-site workers (A)

Which interface is usually used to access the FortiNAC administration interface?

Corporate devices (A)

What is included with FortiOS and FortiClient-EMS without requiring additional licenses?

ZTNA as a feature (B)

What is a system reserved prefix that should not be used while labeling DHCP scopes in FortiNAC?

'REG' (D)

Why is it important to have valid SNMP and CLI read-write access when adding devices to FortiNAC's inventory?

To carry out remote tasks such as manual polling and link traps. (B)

What triggers FortiNAC to perform Layer-2 polling to update its awareness of devices connected to an edge device?

Link traps received from edge devices (D)

How does FortiNAC collect MAC-address to IP-address correlation for Layer-3 devices?

By using the ARP table (D)

What is a critical component for some FortiNAC capabilities in terms of network visibility?

Layer-3 IP-address information (A)

Which method can be used for device registration in FortiNAC?

Device portal (B)

What do the classification settings in device profiling rules outline?

How FortiNAC will configure the GUI appearance (C)

Which authentication method in FortiNAC will override all other authentication methods configured?

Local user database authentication (C)

What is the purpose of the authentication VLan in FortiNAC?

To identify user information for self registration (D)

Which RADIUS authentication mode in FortiNAC involves using another RADIUS server like Microsoft NPS or FortiAuthenticator for EAP requests?

Proxy RADIUS authentication mode (B)

What initiates the captive portal page presentation process for a host isolated on a wired port?

The host getting a new IP-address (A)

Which file on FortiNAC allows it to respond with its own address when a host attempts to resolve a domain by name?

Root.hint file (B)

What is NOT a component of a Security policy according to the text?

Location (B)

What are the two main pieces that compose a Security policy?

User and/or Host profile and Network access configuration (B)

What feature allows FortiNAC to gather application and compliance information?

FortiNAC Persistent Agent (D)

Which agent type is recommended for BYOD and guests in FortiNAC?

Dissolvable Agent (D)

What additional function can agents perform in FortiNAC besides device registration and application inventory?

Custom scans for certificates, files, and registry (B)

How many different types of configurations can be associated with a user and/or host profile in FortiNAC?

5 (C)

'Endpoint Compliance and Risk Assessment' in FortiNAC can be done through an integration with which system?

'FortiClient-EMS' (B)