Fallos_7_3

In which FortiNAC configuration stage do you define endpoint compliance?. Device onboarding. Management configuration. Policy configuration. Network modeling.

Which three statements are true about zero-trust telemetry compliance? (Choose three.). FortiClient checks the endpoint using the ZTNA tags provided by FortiClient EMS. ZTNA tags are configured in FortiClient, based on criteria such as certificates and the logged in domain. FortiOS provides network access to the endpoint, based on the zero-trust tagging rules. FortiClient EMS sends the endpoint information received through FortiClient Telemetry to FortiOS. FortiClient EMS creates dynamic policies using ZTNA tags.

Which three statements are true about a persistent agent? (Choose three.). Supports advanced custom scans and software inventory. Can apply supplicant configuration to a host. Deployed by a login/logout script and is not installed on the endpoint. Can be used for automatic registration and authentication. Agent is downloaded and run from captive portal.

Which three methods can you use to trigger layer 2 polling on FortiNAC? (Choose three.). Link traps. Manual polling. Scheduled tasks. Polling using API. Polling scripts.

Which configuration is required for FortiNAC to perform an automated incident response based on the FortiGate traffic?. FortiNAC should be added as a participant in the Security Fabric. FortiNAC requires read-write SNMP access to FortiGate. FortiNAC should be configured as a syslog server on FortiGate. FortiNAC requires HTTPS access to FortiGate for API calls.

What are the three core principles of ZTA? (Choose three.). Verify. Be compliant. Certify. Minimal access. Assume breach.

What are two functions of NGFW in a ZTA deployment? (Choose two.). Acts as segmentation gateway. Endpoint vulnerability management. Device discovery and profiling. Packet Inspection.

Which three core products are mandatory in the Fortinet ZTNA solution? (Choose three.). FortiClient EMS. FortiClient. FortiToken. FortiGate. FortiAuthenticator.

An administrator has to provide on-fabric clients with access to FortiAnalyzer using ZTNA tags. Which two conditions must be met to achieve this task? (Choose two.). The on-fabric client should have FortiGate as its default gateway. The ZTNA server must be configured on FortiGate. The ZTNA rule must be configured on FortiClient. The IP/MAC based firewall policy must be configured on FortiGate.

Which two statements are true regarding certificate-based authentication for ZTNA deployment? (Choose two.). FortiGate signs the client certificate submitted by FortiClient. The default action for empty certificates is block. Certificate actions can be configured only on the FortiGate CLI. Client certificate configuration is a mandatory component for ZTNA.