View all questions & answers for the NSE 6 – LAN Edge 7.6 Architect Exam Materials exam


NSE 6 – LAN Edge 7.6 Architect Exam Materials-Question 20 Discussion
Comment Image Comment Image Comment Image

Refer to the exhibits. The exhibits show the WTP profile and VAP CLI configurations on FortiGate managing a remote AP. The AP is designed to grant a remote employee access to company network resources, including the database and AD servers. The employee can reach company resources but is unable to access a local printer at home. What two solutions are required to fix this issue? (Choose two answers)

  • A. Configure the S231F wtp-profile to add a split tunneling ACL with a destination subnet of 192.168.1.1/24, using the command set dest-ip 192.168.1.1/24.
  • B. Configure the EmployeeHome VAP profile for local bridging using the command set local-bridging enable.
  • C. Configure the EmployeeHome VAP profile to disable host isolation using the command set intra-vap-privacy disable.
  • D. Configure the S231F wtp profile to enable split tunneling to the AP subnet using the command set split-tunneling-acl-local-ap-subnet enable.
Correct Answer: A,D

Brave-Dump Clients Votes

AD 50%
BD 50%

Comments



Anonymous User 2026-03-20 18:49:44

Selected Answers: A, D


study guide p. 145
  • Kevin Konnors 2026-04-03 18:26:05
    I believe in the study guide it's either-or for those options. "If the split-tunneling-acl-local-ap-subnet option is enabled, the local subnet of the AP is dynamically added to the list." The question is which 2 options are "required", so I think C & D are correct.

Anonymous User 2026-06-07 17:18:02

Selected Answers: B, D


Corret B and D

D — set split-tunneling-acl-local-ap-subnet enable (on wtp-profile)
This command is correct and required. In the wtp-profile, set split-tunneling-acl-local-ap-subnet enable ensures that traffic destined for the AP's local subnet is not sent through the tunnel. This automatically designates 192.168.1.1/24 traffic as "local," keeping it off the CAPWAP tunnel entirely.

B — set local-bridging enable (on VAP)
This command is correct and required. set local-bridging enable on the VAP enables bridging between the AP's wireless and Ethernet interfaces. Without local-bridging, even if the WTP profile marks traffic as "local" via the split-tunnel ACL, the AP has no mechanism to physically forward that traffic onto the local LAN — the packets have nowhere to go

----Incorrect, for two reasons:
A — set dest-ip 192.168.1.1/24 (in wtp-profile split-tunneling-acl)
Incorrect, for two reasons:

192.168.1.1/24 is an invalid network notation with a host bit set — the correct form would be 192.168.1.0/24
Option D already handles the local subnet automatically; A and D solve the exact same problem. Only one is needed, so the correct pair is B+D, not A+D

C — set intra-vap-privacy disable (on VAP)
Incorrect. Intra-VAP privacy controls isolation between wireless clients connected to the same SSID. The home printer is not a wireless client on the EmployeeHome SSID — it is a wired device sitting on the 192.168.1.1/24 network. This setting has no bearing on printer reachability.
  • Brave-Dumps.com Admin 2026-06-08 16:24:59
    Thanks, you are right