Fortinet NSE7_ZTA-7.2 Exam Practice Questions and Answers

Question 6 of 49

Refer to the exhibit.
Exam NSE7_ZTA-7.2: Question 6 - Image 1

Which port group membership should you enable on FortiNAC to isolate rogue hosts?

A.

Forced Authentication

B.

Forced Registration

C.

Forced Remediation

D.

Reset Forced Registration

Question 7 of 49

Which statement is true about disabled hosts on FortiNAC?

A.

They are quarantined and placed in the remediation VLAN.

B.

They are placed in the authentication VLAN to reauthenticate.

C.

They are marked as unregistered rogue devices.

D.

They are placed in the dead end VLAN.

Question 8 of 49

Refer to the exhibits.
Exam NSE7_ZTA-7.2: Question 8 - Image 1

Which statement is true about the configuration shown in the exhibit?

A.

The domain that FortiClient is connecting to should match the domain to which the certificate is issued.

B.

If the FortiClient EMS server certificate is invalid, FortiClient connects silently.

C.

The connection from FortiClient to FortiClient EMS uses TCP and TLS 1.2.

D.

default_ZTNARoot CA signs the FortiClient certificate for the SSL connectivity to FortiClient EMS.

Question 9 of 49

Which factor is a prerequisite on FortiNAC to add a Layer 3 router to its inventory?

A.

Allow HTTPS access from the router to the FortiNAC eth0 IP address.

B.

Allow FTP access to the FortiNAC database from the router.

C.

The router responding to ping requests from the FortiNAC eth1 IP address.

D.

SNMP or CLI access to the router to carry out remote tasks.

Question 10 of 49

Which statement is true about FortiClient EMS in a ZTNA deployment?

A.

Uses endpoint information to grant or deny access to the network.

B.

Provides network and user identity authentication services.

C.

Generates and installs client certificates on managed endpoints.

D.

Acts as ZTNA access proxy for managed endpoints.