nse7_led-70 Exam - Question 12

Question

Refer to the exhibit.

Examine the FortiManager configuration and FortiGate CLI output shown in the exhibit.

An administrator is testing the NAC feature. The test device is connected to a managed FortiSwitch device (S224EPTF19005867) on port2.

After applying the NAC policy on port2 and generating traffic on the test device, the test device is not matching the NAC policy; therefore, the test device remains in the onboarding VLAN.

Based on the information shown in the exhibit, which two scenarios are likely to cause this issue? (Choose two.)

Examice · Accepted Answer

Two scenarios are likely causing the issue. First, if the MAC address configured on the NAC policy is incorrect, the test device will not match the NAC policy. Secondly, if device detection is not enabled on VLAN 4089, the FortiGate will not recognize the device properly, leading it to remain in the onboarding VLAN. These issues prevent the test device from being identified and matched with the correct NAC policy, resulting in it staying in the onboarding VLAN.

Wallsee · Answer

Option A is also true because the FortiSwitch device status is shown as down, which means that the management communication between FortiGate and FortiSwitch is not working properly. This could prevent the NAC policy from being applied correctly. Option C is false because the device operating system detected by FortiGate is Linux, which matches the NAC policy.

kinge2 · Answer

A incorrect because user wont be able to connect to port2 and generate traffic unless it is an unmanaged switch.

Artbrut · Answer

unsure, but we don´t know if device detection is enabled on switch-controller and which OS the device is.
https://docs.fortinet.com/document/fortiswitch/7.0.8/devices-managed-by-fortios/801195/enabling-network-assisted-device-detection

nse7_led-70 Exam - Question 12

Discussion