Security Policy Components Quiz

Questions and Answers

What is the core offering of Fortinet in terms of Network Access Control (NAC)?

FortiNAC (correct)

FortiLink NAC

FortiGate

Forti-Switch

Which solution offers base-level discovery and control for free as a feature of the LAN Edge solution?

Forti-Switch

FortiLink NAC (correct)

FortiGate

FortiNAC

Which component is optional in a FortiNAC deployment and is primarily used for generating reports?

NCAS

Management

Application and control

FortiAnalyzer (correct)

What is the primary purpose of the FortiNAC Control Manager in a large distributed environment?

Management

Which statement accurately describes Fortinet's belief about the importance of network access control?

It is essential for security at the edges of the network.

In what type of deployments can FortiNAC be utilized according to the text?

Mid-sized to large enterprise deployments

What type of SSL certificate is recommended for the FortiNAC captive portal?

Certificate signed by a public CA

Which protocols need to be enabled on the FortiGate management interface for it to be added to the FortiNAC device inventory?

HTTPS and SSH

What is the purpose of the Authentication VLAN in FortiNAC captive networks?

To isolate registered clients during user authentication

When adding devices to the FortiNAC device inventory, what should one always do before validation?

Validate Credentials

How does FortiNAC determine the state of a host when it connects to the network?

Based on device profiling rules

Which protocol is necessary for carrying out remote tasks like manual polling and scheduled tasks in FortiNAC network modeling?

SNMP

What is the recommended type of certificate to use for EAP and EAP-TLS in FortiNAC?

SAN certificate

Which component of FortiNAC is responsible for providing standard visibility with limited control features?

FortiNAC Base

What feature is specifically included in FortiNAC Pro but not in FortiNAC Plus or FortiNAC Base?

Real-time endpoint visibility

Which license type of FortiNAC is recommended for comprehensive Zero Trust Access (ZTA) features?

FortiNAC Pro

What is the responsibility of the FortiNAC Control Manager?

Global version control and scalability

Which method does FortiNAC commonly use to communicate with infrastructure devices for data collection and management?

SNMP

In what way does FortiAnalyzer support the FortiNAC deployment?

Centralized logging

Which component is considered the only required component while configuring and deploying FortiNAC?

NCAS

What does FortiNAC Plus offer beyond the features provided by FortiNAC Base?

"Advanced NAC Controls such as endpoint compliance"

What happens if no filter is matched in the security alert parsing process?

The process exits and nothing occurs

In the FortiNAC network access workflow, how does the system determine if a device is compliant?

Using information gathered from agents or MDM

What is the role of a security trigger in the FortiNAC system?

To activate one or more filters

How do user and/or host profiles impact the security alarm creation process in FortiNAC?

They define different workflows for endpoints

What determines if a security alarm is created in the FortiNAC system?

Matching of one or more filters within a defined period

What types of activities can be included in the actions of a security rule in FortiNAC?

Multiple activities including notification, network access, and script execution

What is the purpose of FortiNAC using DHCP fingerprinting?

To identify connected devices and gain enhanced visibility

In a FortiNAC deployment, what is the main task carried out during the Management Configuration stage?

Licensing, configuring management interfaces, and SSL Certificates setup

What is required by FortiNAC to model devices in the network during the Network Modelling stage?

ICMP and SNMP connectivity to the devices

Which statement accurately describes the Device Onboarding stage in FortiNAC?

Devices are profiled and registered based on policy configuration

What is the main focus of Policy Configuration in a FortiNAC deployment?

Assigning different access levels based on device profiles and compliance

In FortiNAC, what is the function of ETH1 interface?

'Service or Application' interface for selected applications

Why should labels of DHCP scopes in FortiNAC not begin with reserved strings like 'AUTH' or 'DE'?

'AUTH' and 'DE' are used for system reserved functions

What does FortiNAC need from network devices to gather information and maintain control?

'Read-Write' SNMP and full SSH access

What is recommended for LDAP access in FortiNAC?

'Service-Account' without administrator privileges

Which statement accurately describes FortiNAC's SSL Certificates usage?

FortiNAC can use SSL certificates issued by both internal private or public Certificate Authorities.

What triggers Layer-2 data polling for device detection in FortiNAC?

All of the above

How is a host record populated in FortiNAC after Layer-3 data polling?

With MAC-address and IP-address

In FortiNAC, what occurs if both the 'If Host State is' and 'And System Group Membership is' conditions in the same row are true?

Host moves to the Registration captive network

What triggers Layer-2 data polling in FortiNAC for slow detection?

Scheduled tasks

How does FortiNAC simplify network policy management through Logical Networks?

By mapping different logical networks to individual devices

What information is critical for some FortiNAC capabilities that is obtained through Layer-3 data polling?

MAC-address to IP-address correlation

When are AP (Access Point) values designated in FortiNAC?

In Logical Network configuration

What triggers real-time Layer-2 data polling in FortiNAC when devices connect or disconnect from edge devices?

'Linkup', 'WarmStart', 'ColdStart', and 'Linkdown' traps

What are the methods used to evaluate connected rogue devices in FortiNAC?

Device profiling rules

In FortiNAC, what settings can be leveraged for policy enforcement?

Classification settings

How does FortiNAC handle user self-registration?

With an authentication VLAN

What is presented to a rogue host isolated to the registration captive network in FortiNAC?

A registration page

Which authentication method will take precedence in FortiNAC?

Local user database

What happens when a host is isolated on a wired port in FortiNAC?

The host's link is dropped

What is the purpose of the captive portal in FortiNAC?

To present additional information to hosts

How does FortiNAC ensure rogue hosts resolve domain names to its interface?

"root.hint" files on FortiNAC

Which component manages RADIUS connections in FortiNAC's local service?

"MAB, EAP-TLS, and PEAP"

What are the two main components that compose a security policy according to the text?

Profile and Configuration

Which of the following is NOT one of the agent types supported by FortiNAC?

Dynamic agent

What is the purpose of the dissolvable agent in FortiNAC?

To dissolve after completing its task

How can FortiNAC gather application and compliance information?

By integrating with MDMs supporting application gathering or using FortiNAC agents

Which of the following is NOT a function supported by FortiNAC agents?

Network access configuration

What determines the level of network access a user should be granted in FortiNAC?

The compliance information collected from the endpoint

What is the primary purpose of a filter in FortiNAC security rules?

To set criteria for evaluation

How does FortiNAC apply security policies when a match is identified?

It applies the highest ranked security policy for each type that matches.