FSW7.2

Refer to the diagnostic output: Two entries in the exhibit show that the same MAC address has been used in two different VLANs. Which MAC address is shown in the above output?. It is a MAC address of FortiLink interface on FortiGate. It is a MAC address of a switch that accepts multiple VLANs. It is a MAC address of an upstream FortiSwitch. It is a MAC address of FortiGate in HA configuration.

Refer to the exhibit. Core-1 and Access-1 are managed and authorized by FortiGate-1, which uses port4 as the FortLink interface. After FortiGate authorizes and manages Core-2, port1 status becomes STP discarding. Why is port1 in the discarding state?. port1 on Core-2 is discarding only management traffic. Core-1 and Core-2 do not have MCLAG configuration. Access-1 is the root bridge and can only have one root port. Core-2 has the lowest bridge priority.

Which two statements about the FortiLink authorization process are true? (Choose two.). The administrator must manually pre-authorize FortiGate on FortiSwitch by adding the FortiGate serial number. FortiSwitch requires a reboot to complete the authorization process. Fortiink frame is sent by FortiGate to FortiSwitch to complete the authorization. FortiLink authorization sets the FortiSwitch management mode to FortiLink.

Refer to the exhibits. Traffic arriving on port2 on FortiSwitch is tagged with VLAN ID 10 and destined for PC1 connected on port1. PC1 expects to receive traffic untagged from port1 on FortiSwitch. Which two configurations can you perform on FortiSwitch to ensure PC1 receives untagged traffic on port1? (Choose two.). Add the MAC address of PC1 as a member of VLAN 10. Add VLAN ID 10 as a member of the untagged VLANs on port1. Remove VLAN 10 from the allowed VLANs and add it to untagged VLANs on port1. Enable Private VLAN on VLAN 10 and add VLAN 20 as an isolated VLAN.

Refer to the exhibits. Port1 and port2 are the only ports configured with the same native VLAN 10. What are two reasons that can trigger port1 to shut down? (Choose two.). port1 was shut down by loop guard protection. STP triggered a loop and applied loop guard protection on port1. An endpoint sent a BPDU on port1 that it received from another interface. Loop guard frame sourced from port1 was received on port1.

Refer to the diagnostic output: What makes the use of the sniffer command on the FortiSwitch CLI unreliable on _port_23?. The types of packets captured is limited. Just the port egress payloads are printed on CLI. Only untagged VLAN traffic can be captured. The switch port might be used as a trunk member.

Which interfaces on FortiSwitch send out FortiLink discovery frames by default in order to detect a FortiGate with an enabled FortiLink interface?. All ports have auto-discovery enabled by default. No ports are enabled by default for auto-discovery. This must be configured under config switch interface. The ports with auto-discovery enabled by default are dependent upon the FortiSwitch model. The last four switch ports on FortiSwitch have auto-discovery by default.

Which LLDP-MED Type-Length-Values does FortiSwitch collect from endpoints to track network devices and determine their characteristics?. Network policy. Power management. Location. Inventory management.

Refer to the exhibit What two conclusions can be made regarding DHCP snooping configuration? (Choose two.). Maximum value to accept clients DHCP request is configured as per DHCP server range. Fortiswitch is configured to trust DHCP replies coming on FortLink interface. DHCP clients that are trusted by DHCP snooping configured is only one. Global configuration for DHCP snooping is set to forward DHCP client requests on all ports in the VLAN.

What are two reasons why time synchronization between FortiGate and its managed FortiSwitch is critical in switch management? (Choose two.). FortiSwitch does not retain its time after a reboot, which gets reset after each reboot. FortiSwitch will not be able to become an NTP server for downstream devices. FortiSwitch cannot complete the DTLS handshake used in the CAPWAP tunnel. FortiSwitch will not allow other FortiSwitch devices in the chain be discovered by FortiGate.

Which statement about the quarantine VLAN on FortiSwitch is true?. Quarantine VLAN has no DHCP server. Users who fail 802.1X authentication can be placed on the quarantine VLAN. It is only used for quarantined devices if global setting is set to quarantine by VLAN. FortiSwitch can block devices without configuring quarantine VLAN to be part of the allowed VLANs.

Refer to the exhibit. The exhibit shows the current status of the ports on the managed FortiSwitch, Access-1. Why would FortiGate display a serial number in the Native VLAN column associated with the port23 entry?. port23 is configured as the dedicated management interface. Ports connected to adjacent FortiSwitch devices show their serial number as the native VLAN. port23 is a member of a trunk that uses the Access-1 FortiSwitch serial number as the name of the trunk. A standalone switch with the shown serial number is connected on port23.

What are two ways in which automatic MAC address quarantine works on FortiSwitch? (Choose two.). FortiSwitch supports only by VLAN quarantine mode. FortiGate applies the quarantine-related configuration only on FortiGate. FortiAnalyzer with a threat detection services license is required. MAC address quarantine can be enabled through the FortiGate CLI only.

How does FortiGate handle configuration of flow tracking sampling if you export the settings to a managed FortiSwitch stack with sampling mode set to perimeter is true?. FortiGate configures FortiSwitch to perform ingress sampling on all switch interfaces. FortiGate configures FortiSwitch to perform ingress sampling on all switch interfaces, except ICL and ISL interfaces. FortiGate configures and enables flow sampling on FortiSwitch but does not change existing sampling settings of interfaces. FortiGate configures and enables egress sampling on all management interfaces.

Refer to the exhibit. The profile shown in the exhibit is assigned to a group of managed FortiSwitch ports, and these ports are connected to endpoints which are powered by PoE. Which configuration action can you perform on the LLDP profile to cause these endpoints to exchange PoE information and negotiate power with the managed FortiSwitch?. Create new a LLDP-MED application type to define the PoE parameters. Assign a new LDP profile to handle different LLDP-MED TLVs. Define an LLDP-MED location ID to use standard protocols for power. Add power management as part of LLDP-MED TLVs to advertise.

Which two types of Layer 3 interfaces can participate in dynamic routing on FortiSwitch? (Choose two.). Detected management interfaces. Loopback interfaces. Switch virtual interfaces. Physical interfaces.

What feature can network administrators use to segment network operations and the administration of managed FortiSwitch devices on FortiGate?. FortiGate multi-tenancy. Multi-chassis links aggregation trunk. FortiGate clustering protocol. FortiLink split interface.

Refer to the exhibit. Two routes are not installed in the forwarding information base (FIB) as shown in the exhibit. Which two statements about these two route entries are true? (Choose two.). These two routes have a higher administrative distance value available to the destination networks. These two routes will be used as load-balancing routes. These two routes will become primary, if the best routes are removed. These two routes are available in the hardware routing table.

Which packet capture method allows FortiSwitch to capture traffic on trunks and management interfaces?. SPAN. Sniffer profile. sFlow. TCP dump.

Which Ethernet frame can create Layer 2 flooding due to all bytes on the destination MAC address being set to all FF?. The broadcast Ethernet frame. The unicast Ethernet frame. The multicast Ethernet frame. The anycast Ethernet frame.

Which is a requirement to enable SNMP v2c on a managed FortiSwitch?. Create a SNMP user to use for authentication and encryption. Specify an SNMP host to send traps to. Enable an SNMP v3 to handle traps messages with SNMP hosts. Configure SNMP agent and communities.

What can an administrator do to maintain a Forti-Gate-compatible FortiSwitch configuration when changing the management mode from standalone to FortiLink?. Use a migration tool based on Python script to convert the configuration. Enable the FortiLink setting on FortiSwitch before the authorization process. FortiGate automatically saves the existing FortiSwitch configuration during the FortiLink management process. Register FortiSwitch to FortiSwitch Cloud to save a copy before managing with FortiGate.

Refer to the exhibit. Which two statements best describe what is displayed in the FortiLink debug output shown in the exhibit? (Choose two.). FortiSwitch is sending FortiLink heartbeats to FortiGate. FortiSwitch is discovered and authorized by FortiGate. FortiSwitch is in a waiting state to join the stack group on FortiGate. FortiSwitch is ready to push its new hostname to FortiGate.

Which two statements about VLAN assignments on FortiSwitch ports are true? (Choose two.). Configure a native VLAN on the FortiLink. Assign an IP address and subnet mask to FortiSwitch VLANs. Only assign one native VLAN on a port. Assign untagged VLANs using FortiGate CLI.

Which two rules used by MSTP are similar to rules used by other STP methods? (Choose two.). MSTP uses port role election, similar to rapid STP on the instances. MSTP uses alternate path and primary path, similar to regular STP. MSTP uses root bridge selection, similar to rapid STP. MSTP uses timers for transitioning the ports, similar to regular STP.

Refer to the configuration: Which two conditions does FortiSwitch need to meet successfully configure the options shown in the exhibit above? (Choose two.). The FortiSwitch model is equipped with a maximum of 54 interfaces. FortiSwitch would need to be rebooted. The split port can be assigned to a native VLAN. The port full speed prior to the split was 100G QSFP+.

Which QoS mechanism maps packets with specific CoS or DSCP markings to an egress queue?. Queuing for egress traffic. Classification for ingress traffic. Rate limiting for egress traffic. Marking for ingress traffic.

Which statement about 802.1X security profiles using MAC-based authentication mode is true?. FortiSwitch allows connectivity to all hosts connected to a port, if one host is authenticated. FortiSwitch can grant each device a different access level based on the credentials provided. FortiSwitch performs faster when using this security mode on the ports. FortiSwitch must communicate with the RADIUS server to authenticate devices.

Refer to the exhibits. You are asked to ensure that managed FortiSwitch devices are reachable by other devices, such as SNMP and other management tools across your network. Which setting must you configure to ensure traffic from other devices in the network reaches FortiSwitch?. Select a specific default gateway provided to FortiSwitch as an upstream device. Change the FortiLink interface IP address and DHCP server address range. Recreate the FortiLink interface with a nonaggregate setting. Enable NAC settings to select the onboarding VLAN.

Which drop policy mode, if assigned to a congested port, will drop incoming packets until there is no congestion on the egress port?. Tail-drop mode. Weighted round robin mode. Random early detection mode. Strict mode.

How does FortiSwitch perform actions on ingress and egress traffic using the access control list (ACL)?. Only high-end FortiSwitch models support ACL. ACL can be used only at the prelookup stage in the traffic processing pipeline. Classifiers enable matching traffic based only on the VLAN ID. FortiSwitch checks ACL policies only from top to bottom.

An administrator needs to deploy managed FortiSwitch devices in a remote location where multiple VLANs must be utilized to segment devices. No Layer 3 switch or router is present. The only WAN connectivity is the router provided by the ISP connected to the public internet. Which two items will the administrator need to use? (Choose two.). A FortiSwitch interface connected to the ISP router configured with fortilink-13-mode enabled. FortiSwitch and FortiGate devices configured with VXLAN interfaces. FortiSwitch devices configured with NAT disabled. FortiSwitch devices that have the required internal hardware for this configuration. FortiSwitch and FortiGate devices configured with IPsec interfaces.

Refer to the configuration: config switch phy-mode set port-configuration disable-port54 set port53-phy-mode 4x10G end Which two conditions does FortiSwitch need to meet to successfully configure the options shown in the exhibit above? (Choose two.). The FortiSwitch model is equipped with a maximum of 54 interfaces. FortiSwitch would need to be rebooted. The split port can be assigned to a native VLAN. The Dort full speed prior to the split was 100G QSFP+.

Exhibit. config switch-controller security-policy local-access edit default set mgmt-allowaccess https ping ssh set internal-allowaccess https ping ssh next end config switch-controller snmp-sysinfo set status enable set contact-info "Training" set location "Sunnyvale" end config switch-controller snmp-community edit 1 set name "Training" next end Which configuration change will allow the managed FortiSwitch to accept SNMP requests from any source?. Create a new local access profile for SNMP only. Enable SNMP on the internal interface of the switch. Configure an SNMP host to send SNMP traps. Add SNMP service on the management interface of the switch.

Which statement about the configuration of VLANs on a managed FortiSwitch port is true?. Untagged VLANs must be part of the allowed VLANs: ingress and egress. FortiSwitch VLAN interfaces are created only when FortiSwitch is managed by Forti-Gate. The native VLAN is implicitly part of the allowed VLAN on the port. Allowed VLANS expand the collision domain to the port.

What is the role of a device that is simultaneously functioning as both the distribution and core in the hierarchy network model?. POE with high density FortiSwitch. FortiGate managing FortiSwitch. FortiSwitch functioning as standalone. HA backup FortiGate managing FortiSwitch.

FortiGate is unable to establish a tunnel with the FortiSwitch device it is supposed to manage Based on the debug output shown in the exhibit, what is the reason for the failure?. The handshake process timed out before FortiSwitch responded. DTLS client hello had the incorrect pre-shared key. The CAPWAP tunnel failed to come up due to a mismatch in time. FortiSwitch has disabled FortiLink and is only managed as a standalone.

Which feature should you enable to reduce the number or unwanted IGMP reports processed by the IGMP querier?. Enable the IGMP flood setting on the static port for all multicast groups. Enable the IGMP flood reports setting on the mRouter port. Enable IGMP snooping proxy. Enable IGMP flood unknown multicast traffic on the global setting.

LAG and MCLAG are used to increase the available network bandwidth and enable redundancy. How does spanning tree protocol see MCLAG and LAG if they are configured based on the physi-cal view shown in the exhibit? (Choose two). Switch 1. Switch 2, and Switch 3 are seen as one MCLAG peer group. Switch 3 and Switch 4 uplinks are treated as single interfaces. Switch 3 and switch 4 are seen as one MCLAG switch client. Switch 1 and Switch 2 both seen as one single switch.

In which two ways can you assign a FortiSwitch port to a VDOM using multi-tenancy setup? (Choose two.). Switch the FortiLink interface to the target VDOM. Remove the managed FortiSwitch and allocate ports directly on FortiSwitch. Create a virtual port pool on the FortiGate CLI. Assign a port to a VDOM directly on the managed FortiSwitch.

config system global set auto-isl enable set daily-restart enable set dst enable set fortilink-auto-discovery enable set hostname "Core-1" set language English set switch-mgmt-mode fortilink set timezone 12 end You need to manage three FortiSwitch devices using a FortiGate device. Two of the FortiSwitch devices initiated a reboot after the authorization process. However, the FortiSwitch device with the configuration shown in the exhibit. did not reboot All three devices completed FortiLink manage-ment authorization successfully. Why did the FortiSwitch device shown in the exhibit not reboot to complete the authorization pro-cess?. Switch auto-discovery is enabled. The management mode was set to use FortiLink mode. The FortiSwitch device is scheduled to reboot as part the authorization process. The system time is not in-sync and is using a non-default value.

Which two statements about managing a FortiSwitch stack on FortiGate are true? (Choose two.). A FortiLink interface must be enabled on FortiGate. The switch controller feature must be enabled on FortiGate. Only a hardware-based FortiGate can manage a FortiSwitch stack. FortiSwitch must be operating in standalone mode before authorization.

Which two statements about DHCP snooping enabled on a FortiSwitch VLAN are true? (Choose two.). Enabling DHCP snooping on a FortiSwitch VLAN ensures requests and replies are seen by all DHCP servers. switch-controller-dhcp-snooping-verify-mac verifies the destination MAC address to protect against DHCP exhaustion attacks. By default, all FortiSwitch ports are set to forward client DHCP requests to untrusted ports. Settings related to DHCP option 82 are only configurable through the CLI.

What can an administrator do to maintain the existing standalone FortlSwltch configuration while changing the management mode to FortLink?. Use a migration tool based on python script to convert the configuration. Enable the Forti-link setting on FortiSwitch before the authorization process. FortiGate will automatically save the existing FortiSwitch configuration during the Forti-link management process. Register FortiSwitch to For1ISwitch Cloud to save a copy before managing by Forti-Gate.

To enhance service in emergency situations, to which LLDP-MED Type-Length-Values does Forti-Switch advertise to IP phones?. Network policy. Inventory management. Location. Power management.

Which statement about the IGMP snooping querier when enabled on a VLAN is true?. Active multicast receiver entries are aging on each IGMP query sent on the VLAN. IGMP reports on the VLAN are forwarded to all switch ports. The setting can only be enabled using the FortiSwitch CLI. All other indirectly connected switches will be unable to get IGMP multicast traffic.

How is traffic routed on FortiSwitch?. Hardware-based routing on FortiSwitch is handled by the CPU. FortiSwitch looks up the hardware routing table and then the forwarding information base (FIB). ASIC hardware routing can only handle dynamic routing, if supported. Layer 3 routing can be configured on FortiSwitch, while managed by FortiGate.

How are the 'by VLAN redirect MAC address quarantine' mode and the 'by redirect MAC address quarantine' mode on FortiGate similar?. Both modes move quarantined devices to the quarantine VLAN. Both modes require firewall policies to block inter-VLAN traffic. Both modes add quarantined device MAC addresses to the blocked firewall address group. Both modes block intra-VLAN traffic by FortiGate automatically.

Which two statements about 802.1X authentication on FortiSwitch ports are true? (Choose two.). All hosts behind an authenticated port are allowed access after a successful authentica-tion. A security policy is used to apply 802.1 authentication on a port. A local user database must be used to authenticate devices using the 802.1X authentica-tion protocol. All devices connecting to FortiSwitch must support 802.1X authentication.

config system interface edit "internal" set ip 10.0.13.3 255.255.255.0 set allowaccess ping https ssh snmp end next config switch interface edit "internal" set native-vlan 4094 set allowed-vlans 4094 end next config switch interface edit "port24" set native-vlan 100 set allowed-vlans 100 200 end next port24 is the only uplink port connected to the network where access to FortiSwitch management services is possible. However, FortiSwitch is still not accessible on the management interface. Which two actions should you take to fix the issue and access FortiSwitch? (Choose two.). You must add port24 native VLAN as an allowed VLAN on internal. You must add VLAN ID 200 to the allowed VLANS on internal. You must allow VLAN ID 4094 on port24, if management traffic is tagged. You should use VLAN ID 4094 as the native VLAN on port24.

The exhibit shows the current status of the ports on the managed FortiSwitch. Access-1. Why would FortiGate display a serial number in the Native VLAN column associated with the port23 entry?. port23 is configured as the dedicated management interface. Ports connected to adjacent FortiSwitch devices show their serial number as the native VLAN. port23 is a member of a trunk that uses the Access-1 FortiSwitch serial number as the name of the trunk. A standalone switch with the shown serial number is connected on port23.

What are two reasons that can trigger port1 to shut down? (Choose two.). port1 was shut down by loop guard protection. STP triggered a loop and applied loop guard protection on port1. An endpoint sent a BPDU on port1 that it received from another interface. Loop guard frame sourced from port1 was received on port1.

Which statement about using MAC, IP, and protocol-based VLANs on FortiSwitch is true?. lt is a scalable and secure solution in comparison to other Layer 2 security measures. FortiSwitch uses only the Ethernet type to assign traffic to VLANs. It provides benefits that can be obtained when using 802.1X authentication. Endpoints are required to use the same FortiSwitch port to remain members of the VLAN.

What type of multimode transceiver can be used to split a 40G port?. QSFP+ transceiver. SFP transceiver. QSFP transceiver. SFP+ transceiver.

Which statement about the use of the switch port analyzer (SPAN) packet capture method is true?. Mirrored traffic can be sent across multiple switches. SPAN can be configured only on a standalone FortiSwitch. Traffic on the management interface can be mirrored and captured by the monitoring device. The monitoring device must be connected to the same switch where the traffic is being mirrored.