New update Lead4Pass NSE6_FNC-8.5 Dumps with PDF and VCE| Fortinet NSE 6 – FortiNAC 8.5 Exam

November 8, 2022

New updated Lead4Pass NSE6_FNC-8.5 Dumps with PDF file and VCE practice exam engine to help pass the Fortinet NSE 6 – FortiNAC 8.5 Exam successfully!

Lead4Pass NSE6_FNC-8.5 exam dumps contain 30 exam questions and answers, covering complete Fortinet NSE 6 – FortiNAC 8.5 certification exam questions, and verified to be true and valid, check here to get the latest Lead4Pass NSE6_FNC-8.5 dumps: https://www.leads4pass.com/nse6_fnc-8-5.html (PDF+VCE).

Check out the NSE6_FNC-8.5 PDF exam questions and answers shared for free: https://drive.google.com/file/d/1-nluAiCGhIvSDtMjJD5fqD5lcZcMGUBf/

Also, read the latest 15 Lead4Pass NSE6_FNC-8.5 exam questions and answers online:

Question 1:

Which three communication methods are used by the FortiNAC to gather information from, and control, infrastructure devices? (Choose three.)

A. SNMP

B. RADIUS

C. FTP

D. CLI

E. SMTP

 

Correct Answer: ABC

Set up SNMP communication with FortiNAC RADIUS Server that is used by FortiNAC to communicate FortiNAC can be configured via CLI to use HTTP or HTTPS for OS updates instead of FTP.

Reference: https://docs.fortinet.com/document/fortinac/8.3.0/administration-guide/28966/snmp 

---

Question 2:

 

Which three circumstances trigger Layer 2 polling of infrastructure devices? (Choose three.)

A. A matched security policy

B. Scheduled poll timings

C. Linkup and Linkdown traps

D. Manual polling

E. A failed Layer 3 poll

 

Correct Answer: BCD

---

Question 3:

 

How should you configure MAC notification traps on a supported switch?

A. Configure them only on ports set as 802.1q trunks

B. Configure them on all ports except uplink ports

C. Configure them on all ports on the switch

D. Configure them only after you configure linkup and linkdown traps

 

Correct Answer: B

Configure SNMP MAC Notification traps on all access ports (do not include uplinks).

Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/be7fcde9-9685-11e9-81a4-00505692583a/Configuring_Traps_for_MAC_Notification.pdf

---

Question 4:

 

Which connecting endpoints are evaluated against all enabled device profiling rules?

A. Known trusted devices each time they change location

B. Rogues devices, each time they connect

C. Rogues devices, only when they connect for the first time

D. All hosts, each time they connect

 

Correct Answer: A

FortiNAC process to classify rogue devices and create an organized inventory of known trusted registered devices.

Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/9529d49c-892c-11e9-81a4-00505692583a/FortiNAC_Device_Profiler_Configuration.pdf

---

Question 5:

 

Which two of the following are required for endpoint compliance monitors? (Choose two.)

A. Logged on user

B. Security rule

C. Persistent agent

D. Custom scan

 

Correct Answer: BD

DirectDefense\’s analysis of FireEye Endpoint attests that the products help meet the HIPAA Security Rule. In the menu on the left click the + sign next to Endpoint Compliance to open it.

Reference: https://www.fireeye.com/content/dam/fireeye-www/products/pdfs/cg-pci-and-hipaa-compliances.pdf

---

Question 6:

 

By default, if more than 20 hosts are seen connected on a single port simultaneously, what will happen to the port?

A. The port is added to the Forced Registration group.

B. The port is disabled.

C. The port is switched into the Dead-End VLAN.

D. The port becomes a threshold uplink.

 

Correct Answer: B

---

Question 7:

 

Which agent is used only as part of a login script?

A. Persistent

B. Passive

C. Mobile

D. Dissolvable

 

Correct Answer: A

If the logon script runs the logon application in persistent mode, configure your Active Directory server not to run scripts synchronously.

Reference: https://www.websense.com/content/support/library/deployctr/v76/init_setup_creating_and_running_logon_agent_script_deployment_tasks.aspx

---

Question 8:

 

Which two agents can validate endpoint compliance transparently to the end user? (Choose two.)

A. Persistent

B. Dissolvable

C. Mobile

D. Passive

 

Correct Answer: AC

Mobile agents use the network transparently.

Reference: https://docs.fortinet.com/document/fortinac/8.3.0/administration-guide/377110/persistent-agent-certificate-validation

---

Question 9:

 

Which command-line shell and scripting language does FortiNAC use for WinRM?

A. Powershell

B. Bash

C. Linux

D. DOS

 

Correct Answer: A

Open Windows PowerShell or a command prompt. Run the following command to determine if you already have WinRM over HTTPS configured.

Reference: https://docs.fortinet.com/document/fortinac/8.7.0/administration-guide/246310/winrm-device-profile-requirements-and-setup

---

Question 10:

 

Where are logical network values defined?

A. On the profiled devices view

B. In the port properties view of each port

C. In the model configuration view of each infrastructure device

D. In the security and access field of each host record

 

Correct Answer: D

Reference: https://www.sciencedirect.com/topics/computer-science/logical-network

---

Question 11:

 

Refer to the exhibit, and then answer the question below.

Which host is rogue?

A. 4

B. 2

C. 3

D. 1

 

Correct Answer: C

Reference: https://docs.fortinet.com/document/fortinac/8.6.0/administration-guide/283146/evaluating-rogue-hosts

---

Question 12:

 

What would happen if a port was placed in both the Forced Registration and the Forced Remediation port groups?

A. Both enforcement groups cannot contain the same port.

B. Only at-risk hosts would be impacted.

C. Only rogue hosts would be impacted.

D. Both types of enforcement would be applied.

 

Correct Answer: A

Reference: https://docs.fortinet.com/document/fortinac/8.3.0/administration-guide/837785/system-groups

---

Question 13:

 

What causes a host\’s state to change to “at risk”?

A. The host has been administratively disabled.

B. The logged-on user is not found in the Active Directory.

C. The host has failed an endpoint compliance policy or admin scan.

D. The host is not in the Registered Hosts group.

 

Correct Answer: C

Failure ? Indicates that the host has failed the scan. This option can also be set manually. When the status is set to Failure the host is marked”; At Ris”; for the selected scan.

Reference: https://docs.fortinet.com/document/fortinac/8.3.0/administration-guide/241168/host-health-and-scanning

---

Question 14:

 

With enforcement for network access policies and at-risk hosts enabled, what will happen if a host matches a network access policy and has a state of “at risk”?

A. The host is provisioned based on the network access policy.

B. The host is provisioned based on the default access defined by the point of connection.

C. The host is isolated.

D. The host is administratively disabled.

 

Correct Answer: A

Reference: https://docs.fortinet.com/document/fortinac/8.6.0/administration-guide/49701/policy-assignment

---

Question 15:

 

Which three of the following are components of a security rule? (Choose three.)

A. Methods

B. User or host profile

C. Security String

D. Trigger

E. Action

 

Correct Answer: ABE

Reference: https://patents.google.com/patent/US20150200969A1/en

…

---

Latest Complete 30 NSE6_FNC-8.5 Certification Exam Questions With Answers Get Lead4Pass NSE6_FNC-8.5 Exam Dumps: https://www.leads4pass.com/nse6_fnc-8-5.html (PDF+VCE)