NSE6_FNC-7.2 Fortinet NSE 6 - FortiNAC 7.2 Questions and Answers

It’s important to audit Group Policy changes in order to determine the details of changes made to Group Policies by delegated users.

Components of a security rule in FortiNAC include:

Trigger: The condition or event that initiates the evaluation of the rule.

User or Host Profile: A requirement that can be added to a rule to specify the user or host profile that must be matched.

Action: The activities or responses that FortiNAC performs when the rule is matched​​.

References

FortiNAC 7.2 Study Guide, page 419

A. Manual Polling: This is when an administrator or network operator initiates a poll manually to gather information or check the status of the network devices. This can be done for immediate troubleshooting or assessment.

B. Scheduled Poll Timings: Network management systems often have the capability to schedule regular polls of devices to check their status or monitor their performance. These scheduled polls can be set at regular intervals (such as every few minutes, hours, or daily) depending on the requirements of the network.

E. Linkup and Linkdown Traps: SNMP (Simple Network Management Protocol) traps, like Linkup and Linkdown, are automated notifications sent from network devices to a management system. A Linkup trap indicates that a particular interface has become active (up), while a Linkdown trap indicates that an interface has become inactive (down). These traps can trigger Layer 2 polling to ascertain the current status of network interfaces and devices.

The command and output shown in the exhibit indicate that the host FortiNAC-Secondary is referencing FortiNAC-Primary , and it states " Slave is active. " In database replication terminology within a high availability setup, the term " Slave is active " typically means that the secondary server (slave) is actively receiving data from the primary server (master). This implies that the synchronization process from the primary to the secondary database has been successful and is currently active​​.

References

FortiNAC 7.2 Study Guide, Security Policies section

Forced Quarantine, study guide 7.2 pag 245 and 248

When a rogue device connects to a port in the Forced Registration port group, FortiNAC ' s response is to isolate that device by moving it to a registration captive network. This is part of FortiNAC ' s state-based control mechanism, where the system acts based on the state of the device (normal, rogue, etc.) and the group or port it is connected to. In this specific scenario, the focus is on the isolation of the rogue device, and the guide does not explicitly detail the simultaneous handling of the normal device.

References: FortiNAC 7.2 Study Guide, State-Based Control section.

https://training.fortinet.com/pluginfile.php/1912463/mod_resource/content/26/FortiNAC_7.2_Study_Guide-Online.pdf C. Page 327 - moved to the quarantine isolation network

Both dissolvable and persistent agents can be used to validate endpoint compliance transparently to the end user. The persistent agent stays resident on the endpoint and performs scheduled scans in the background. The dissolvable agent is a run-once agent that dissolves after reporting its results, leaving no footprint on the endpoint

To allow FortiNAC to process incoming syslog messages from an unknown vendor, two steps must be taken:

Creation of a customized event parser: This enables FortiNAC to parse and integrate syslog messages from any vendor or device, as long as the messages are in CSV, CEF, or Tag/Value format​​.

Modeling the device in the Topology view: Any device that sends syslog messages to FortiNAC must be modeled in this view. FortiNAC will not process syslog or trap messages unless the source address belongs to a device modeled in the topology​​.

References

FortiNAC 7.2 Study Guide, pages 428 and 399

In general, for network switches supporting MAC notification traps, it ' s advisable to configure these traps on all ports except uplink ports. Uplink ports are used for connecting to other switches or network infrastructure devices and typically don ' t need MAC notification traps, which are more relevant for end-device connectivity monitoring.

The study guide specifies that MAC notification traps should not be configured on interfaces that are uplinks. They are the preferred method for learning and updating Layer 2 information and should be used whenever available, but not on uplink interfaces​​.

In the context of network access control systems like FortiNAC, a dissolvable agent is typically a piece of software that is executed on the endpoint as part of a login script or when a user accesses a captive portal. It runs once to gather information or enforce policies and then removes itself from the system, hence the term " dissolvable. "

References

FortiNAC documentation on agent deployment and types of agents.