NSE6_FNC-7.2 Fortinet NSE 6 - FortiNAC 7.2 Question and Answers

In a wireless integration, FortiNAC uses RADIUS to obtain connecting MAC address information. This includes RADIUS requests to FortiNAC and subsequent RADIUS responses from FortiNAC to the requesting device​

Device profiling rules in FortiNAC are used to evaluate and classify rogue devices. These rules can be configured to automatically, manually, or through sponsorship evaluate and classify unknown untrusted devices as they are identified and created​​.

References

FortiNAC 7.2 Study Guide, page 98

In systems like FortiNAC, when a port is designated to be in multiple enforcement groups, it is common for only the higher-priority or higher-ranked group's policies to be applied. This is to prevent conflicting enforcement actions from being attempted on the same port. Although the specific details of the priority or ranking system are not provided in the extracted references, the principle of hierarchical policy enforcement suggests that only the policies of the higher-ranked group would be applied to the port.

References

FortiNAC documentation would typically outline this behavior in sections discussing port group enforcement or policy application.

FortiNAC Study Guide 7.2 | Page 11

FortiNAC uses various methods to communicate with infrastructure devices such as SNMP for discovery and ongoing management, SSH or Telnet through the CLI for tasks related to the infrastructure, and RADIUS for handling specific types of requests

Expand the Persistent Agent folder. Select USB Detection from the tree.

The exhibit shows a configuration panel where VLAN IDs are specified for different states, such as Default, Registration, and Authentication. When forcing the registration of unknown (rogue) hosts, if an unknown host connects to a port on the switch, the FortiNAC system will move the host to the VLAN designated for Registration. In the exhibit, the VLAN ID for Registration is set to 111, hence the host would be moved to VLAN 111 to undergo the registration process.

The FortiNAC 7.2 Study Guide does not explicitly mention Dot1x Auto Registration and MDM integration as the specific device classification options for automatic and transparent registration to the end user. However, based on the general functioning of FortiNAC, Dot1x Auto Registration and MDM integration are typically used for such purposes. The guide discusses automatic device registration in the context of profiling rules

In FortiNAC, logical networks are an integral part of device management and network segmentation. These logical networks are defined and appear within the model configuration of each infrastructure device that is modeled in the topology tree. The configuration allows for the assignment of unique names and, optionally, descriptions to each logical network, thereby clarifying their purpose or use within the network infrastructure.

References: FortiNAC 7.2 Study Guide, Logical Networks Security Fabric and Firewall Tags section.

In the context of network access control systems like FortiNAC, a dissolvable agent is typically a piece of software that is executed on the endpoint as part of a login script or when a user accesses a captive portal. It runs once to gather information or enforce policies and then removes itself from the system, hence the term "dissolvable."

References

FortiNAC documentation on agent deployment and types of agents.

Logical Networks allow you to create fewer Network Access Policies than before. (FortiNAC - What's new in FortiNAC 7.2)

Logical networks in FortiNAC decouple a policy from a specific access value, allowing for the application of different access values from a single access policy. This is done based on the point of connection, significantly reducing the number of network access policies needed and simplifying network access policy management​