FortiNAC Device Profiling Methods Quiz

Questions and Answers

What happens when more than one method is selected for device evaluation during profiling?

The selected methods are used independently when determining if the rule is matched

The selected methods are logically ANDED when determining if the rule is matched (correct)

The selected methods are logically ORED when determining if the rule is matched

The selected methods are used sequentially when determining if the rule is matched

How are match criteria configured for each method during device evaluation?

Match criteria are configured as the methods are selected (correct)

Match criteria are not configurable

Match criteria are configured after the methods are selected

Match criteria are pre-configured and cannot be changed

What does the classification settings define in FortiNAC?

How devices will be grouped in the network

How devices will communicate with each other

How devices will be profiled

How FortiNAC will classify the connected device and how it will appear in the GUI (correct)

What can be leveraged for policy enforcement in FortiNAC?

Device type, role, and group membership

What can be used to grant networks access during specific days and times in FortiNAC?

Access availability settings

What does the Rule Confirmation option in FortiNAC allow?

Revalidation of previously profiled devices

In which environments may direct engagement of endpoints during profiling be unacceptable?

Certain environments

What is the reason for understanding which methods do not require FortiNAC to interact with the device being profiled?

To ensure performance is not negatively impacted

How is DHCP Fingerprint determined during device profiling?

Determined by DHCP-discover or request information

What does the FortiGate method leverage for device profiling?

FortiGate session information

What does the FortiGuard method use for profiling?

MAC address information gathered from the infrastructure and the FortiGuard IoT database

How is the IP Range method determined during device profiling?

Based on IP-address gathered from infrastructure

Which method is used to gather Vendor OUI?

MAC address scanning

What happens if a rule evaluation result is 'cannot evaluate'?

The device evaluation process stops

What is the best practice for categorizing rules with DHCP methods?

Place them in the Must be Received group

How is device profiling rule prioritization categorized?

Granularity, prioritization within each category

What is the purpose of evaluating open TCP ports in rules 4 and 5?

To require active scanning of each device evaluated

How is access to the Administrative GUI handled in FortiNAC?

Handled by the device eth0 interface

What is the purpose of DHCP fingerprint in rule evaluation?

To stop the device evaluation process

What is the purpose of efficient and specific ranking of the rules in device profiling?

To avoid a 'cannot evaluate' result

What is used to validate the credentials for accessing the Administrative GUI?

Local administrator account

What is the result of a rule evaluation if the OUI evaluation is the simplest path to failure?

Fail

What is the purpose of the IP range evaluation in rule 2?

To prevent unnecessary processing of devices

What is the purpose of the device eth0 interface in FortiNAC?

To handle device administration access

Study Notes

Device Profiling and Evaluation

• When multiple methods are selected for device evaluation during profiling, they are evaluated in order of priority until a match is found.
• Match criteria are configurable for each method during device evaluation.
• Classification settings in FortiNAC define how devices are classified and assigned to roles.

Policy Enforcement and Access Control

• FortiNAC can leverage various factors for policy enforcement, including device profiling results.
• Access to networks can be granted during specific days and times using FortiNAC's scheduling feature.

Rule Evaluation and Prioritization

• The Rule Confirmation option in FortiNAC allows administrators to review and confirm rule evaluations.
• In some environments, direct engagement of endpoints during profiling may be unacceptable (e.g., in industrial control systems or medical devices).
• Understanding which methods do not require FortiNAC to interact with the device being profiled is important for efficient profiling.
• Rules are prioritized based on their evaluation results, with the highest-priority rule applied first.
• If a rule evaluation result is 'cannot evaluate', the next rule in the priority list is evaluated.

Profiling Methods

• DHCP Fingerprint is determined during device profiling by analyzing DHCP packets.
• The FortiGate method leverages FortiGate devices for device profiling.
• The FortiGuard method uses FortiGuard services for profiling.
• The IP Range method determines the IP range of the device during profiling.
• The Vendor OUI method gathers vendor information from the device's MAC address.

GUI Access and Authentication

• Access to the Administrative GUI is handled through authentication and authorization mechanisms.
• Credentials for accessing the Administrative GUI are validated through authentication.

Rule Evaluation and Validation

• The purpose of evaluating open TCP ports in rules 4 and 5 is to gather additional device information.
• The purpose of DHCP fingerprint in rule evaluation is to identify devices based on their DHCP packets.
• Efficient and specific ranking of rules in device profiling ensures accurate device classification.
• If the OUI evaluation is the simplest path to failure, the rule evaluation result will be negative.
• The purpose of the IP range evaluation in rule 2 is to determine the device's IP range.

Description

FortiNAC Device Profiling Methods Quiz: Test your knowledge of the methods used to evaluate devices during profiling in FortiNAC. Learn about how selected methods are logically ANDed and how match criteria are configured for each method. Explore classification settings for device classification and appearance in FortiNAC.