Refer to the exhibit.
Which port group membership should you enable on FortiNAC to isolate rogue hosts?
Correct Answer: B
On FortiNAC, to isolate rogue hosts, the 'Forced Registration' port group membership should be enabled. The Forced Registration port group moves unregistered rogue hosts to the Registration VLAN, effectively isolating them from the rest of the network for further actions, such as registration or additional security checks.
Which statement is true about disabled hosts on FortiNAC?
Correct Answer: D
Disabled hosts in FortiNAC are placed in the dead end VLAN. This VLAN is specifically used to isolate devices that have been disabled for one reason or another, preventing them from interacting with the network or accessing any resources. This ensures that disabled hosts are effectively cut off from causing any potential security issues.
Refer to the exhibits.
Which statement is true about the configuration shown in the exhibit?
Correct Answer: A
The domain that FortiClient is connecting to should match the domain to which the certificate is issued. This is a standard practice in SSL/TLS connections to ensure the authenticity and integrity of the connection. The FortiClient validates certificates by checking if the Fully Qualified Domain Name (FQDN) or domain matches the domain on the certificate. This helps prevent man-in-the-middle attacks by ensuring that the client is communicating with the intended server.
Which factor is a prerequisite on FortiNAC to add a Layer 3 router to its inventory?
Correct Answer: D
To add a Layer 3 router to FortiNAC's inventory, it is necessary to have SNMP or CLI access to the router. This access allows FortiNAC to carry out remote tasks such as manual polling, scheduled tasks, and receiving link traps effectively, ensuring proper communication and management of the device.
Which statement is true about FortiClient EMS in a ZTNA deployment?
Correct Answer: A
FortiClient EMS in a ZTNA deployment uses endpoint information to grant or deny access to the network. This is a key function in Zero Trust Network Access (ZTNA) as it verifies the security posture and identity of endpoints before granting access to resources, ensuring that only compliant and secure devices can connect to the network.