37 Questions
In which configuration stage of FortiNAC deployment are devices detected and profiled?
Device onboarding
Which interface in FortiNAC is designated as the Service or Application interface by default?
ETH1
What type of connectivity does FortiNAC require to add devices for endpoint connections during Network modelling?
SNMP and ICMP
Which configuration stage of FortiNAC deployment involves defining captive networks using the configuration wizard?
Network modelling
Which stage of FortiNAC deployment involves providing devices with different access levels based on policy configuration?
Device onboarding
What applications are mentioned as available on the Service or Application interface in FortiNAC?
Web Portal, DHCP Server, DNS Server
What triggers Layer-2 polling in FortiNAC when a link trap is received?
Linkup
Which information is critical for network visibility in FortiNAC and is obtained by polling Layer-3 devices?
MAC-address to IP-address correlation
How can device registration be performed in FortiNAC using a file format method?
CSV file
Which authentication method is NOT supported by FortiNAC for user identification?
In FortiNAC, what does the authentication policy override when specified?
User authentication methods in the portal
What is the purpose of the local service in FortiNAC for RADIUS authentication?
MAB processing
What information is populated in a host record on FortiNAC with data from Layer-2 and Layer-3 polling?
MAC address, IP address, switch port, and connection time
What is the purpose of a captive portal page in a network?
To provide additional information or capabilities to resolve non-normal host states
How does FortiNAC handle a host isolated on a wired port?
Shuts down the port, causing the host's link to drop and then re-enables the port
What triggers the captive portal page presentation process in a captive network?
When the host attempts to resolve a domain by name
What role does FortiNAC play when handling DNS requests from isolated hosts?
Responding with its own address masquerading as the domain being resolved
What happens after FortiNAC responds with its own address to an isolated host's DNS query?
FortiNAC presents the appropriate captive portal page to the isolated host
How does FortiNAC handle specific sites that need to resolve correctly for isolated hosts?
By allowing those sites to resolve properly
What is recommended for LDAP access in FortiNAC configuration?
Service-Account
Which VLAN type is used for state-based isolation of hosts in FortiNAC captive networks?
Authentication VLan
What is the purpose of using SSL certificates signed by a public CA for the captive portal in FortiNAC?
To avoid certificate errors
What are the system reserved labels that should not be used as DHCP scope names in FortiNAC configuration?
'ISOL', 'REG', 'DE'
What must be enabled on the FortiGate management interface when adding it to the FortiNAC device inventory?
SNMP, HTTPS, SSH
What type of access is usually required for FortiNAC to manage network devices?
Read-Write SNMP and full SSH access
Why is it important to use certificates with SAN for EAP and EAP-TLS in FortiNAC?
To match authentication and privacy protocols
What is a requirement for FortiNAC network modeling to add devices to the device inventory?
'PING' connectivity to devices
What does using SSL certificates issued by different CAs on FortiNAC depend on?
Functions being used within FortiNAC
What is the purpose of DHCP relay from the production subnet to ETH0 IP in FortiNAC configuration?
For DHCP fingerprinting
What is the purpose of the Registration VLan in captive networks?
Isolate unregistered rogue devices
How does FortiNAC determine if isolation is necessary for a host according to the text?
By applying 'AND' logic between the 'If Host State is' and 'And System Group Membership is' columns
Which type of captive network is used for clients connecting through VPN services?
Virtual private network
What is the purpose of the Authentication VLan in captive networks?
Isolate registered clients during user authentication
How can Logical Networks simplify network policy management according to the text?
By mapping different logical networks with the same access values on individual devices
When does Layer-2 data polling occur according to the text?
For troubleshooting purposes
What type of devices are polled for MAC-address to IP-address correlation using ARP table?
Layer-3 devices
'If both columns in the same row are true' as mentioned in the text refers to which columns?
'If Host State is' and 'And System Group Membership is'
Test your knowledge about the seven types of captive networks used in network security, including Registration VLAN, Remediation VLAN, Authentication VLAN, and more.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free