● NSE 5 - FortiNAC 7.2 Exam Materials

Please note that the exam "NSE 5 - FortiNAC 7.2 Exam" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 5 - FortiNAC-F 7.6 Administrator"

The new exam version is available on Brave-Dumps and can be purchased.



Question #1
Comment Image Comment Image Comment Image

Which devices are evaluated by device profiling rules? (Choose one answer)

  • A. All hosts, each time they connect
  • B. Known trusted devices, each time they connect
  • C. Rogue devices, only when they are initially added to the database
  • D. Rogue devices, each time they change location

Question #2
Comment Image Comment Image Comment Image

Where should you configure MAC notification traps on a supported switch? (Choose one answer)

  • A. Configure them only on ports that generate linkup and linkdown traps.
  • B. Configure them only on uplink ports.
  • C. Configure them on all ports on the switch.
  • D. Configure them on all ports except uplink ports.

Question #3
Comment Image Comment Image Comment Image

Which group type can have members added directly from the FortiNAC Control Manager? (Choose one answer)

  • A. Port
  • B. Host
  • C. Administrator
  • D. Device

Question #4
Comment Image Comment Image Comment Image

Which two methods can be used to gather a list of installed applications and application details, from a host? (Choose two answers)

  • A. Application layer traffic inspection
  • B. Agent technology
  • C. MDM integration
  • D. Portal page on-boarding options

Question #5
Comment Image Comment Image Comment Image

When creating a user or host profile, which three criteria can you apply? (Choose three answers)

  • A. Location
  • B. An applied access policy
  • C. Host or user group memberships
  • D. Administrative group membership
  • E. Host or user attributes

Question #6
Comment Image Comment Image Comment Image

When FortiNAC passes a firewall tag to FortiGate, what determines the value that is passed? (Choose one answer)

  • A. RADIUS group attribute
  • B. Device profiling rule
  • C. Logical network
  • D. Security rule

Question #7
Comment Image Comment Image Comment Image

With enforcement for network access policies and at-risk hosts enabled, what happens if a host matches a network access policy and has a state of “at risk”? (Choose one answer)

  • A. The host is isolated
  • B. The host is provisioned based on the network access policy
  • C. The host is administratively disabled
  • D. The host is provisioned based on the default access defined by the point of connection

Question #8
Comment Image Comment Image Comment Image

What is the purpose of the FortiGate firewall policy that applies to clients not yet authorized by FortiNAC? (Choose one answer)

  • A. To allow access to only the production DNS server
  • B. To deny access to only the FortiNAC VPN interface
  • C. To deny access to only the production DNS server
  • D. To allow access to only the FortiNAC VPN interface

Question #9
Comment Image Comment Image Comment Image

When FortiNAC is managing VPN clients connecting through FortiGate, why must the clients run a FortiNAC agent? (Choose one answer)

  • A. To meet the client security profile rule for scanning connecting clients
  • B. To transparently update the client IP address upon successful authentication
  • C. To collect user authentication details
  • D. To collect the client IP address and MAC address

Question #10
Comment Image Comment Image Comment Image

Which three are components of a security rule? (Choose three answers)

  • A. Methods
  • B. User or host profile
  • C. Security String
  • D. Action
  • E. Trigger