Fortinet nse6-fwf-6-4 practice test
Fortinet NSE 6 - Secure Wireless LAN 6.4 Exam
Last exam update: Apr 13 ,2024
Question 1
How are wireless clients assigned to a dynamic VLAN configured for hash mode?
- A. Using the current number of wireless clients connected to the SSID and the number of IPs available in the least busy VLAN
- B. Using the current number of wireless clients connected to the SSID and the number of clients allocated to each of the VLANs
- C. Using the current number of wireless clients connected to the SSID and the number of VLANs available in the pool
- D. Using the current number of wireless clients connected to the SSID and the group the FortiAP is a member of
Answer:
C
Explanation:
VLAN from the VLAN pool based on a hash of the current number of SSID clients and the number of
entries in the VLAN pool.
Reference:
https://docs.fortinet.com/document/fortiap/7.0.1/fortiwifi-and-fortiap-configuration-
guide/376326/configuring-dynamic-user-vlan-assignment
Question 2
Which statement is correct about security profiles on FortiAP devices?
- A. Security profiles on FortiAP devices can use FortiGate subscription to inspect the traffic
- B. Only bridge mode SSIDs can apply the security profiles
- C. Disable DTLS on FortiAP
- D. FortiGate performs inspection the wireless traffic
Answer:
B
Explanation:
Reference:
https://docs.fortinet.com/document/fortiap/6.4.0/fortiwifi-and-fortiap-configuration-
guide/47321/fortiap-s-bridge-mode-security-profiles
Question 3
When deploying a wireless network that is authenticated using EAP PEAP, which two configurations
are required? (Choose two.)
- A. An X.509 certificate to authenticate the client
- B. An X.509 to authenticate the authentication server
- C. A WPA2 or WPA3 personal wireless network
- D. A WPA2 or WPA3 Enterprise wireless network
Answer:
BD
Question 4
What is the first discovery method used by FortiAP to locate the FortiGate wireless controller in the
default configuration?
- A. DHCP
- B. Static
- C. Broadcast
- D. Multicast
Answer:
B
Question 5
A tunnel mode wireless network is configured on a FortiGate wireless controller.
Which task must be completed before the wireless network can be used?
- A. The wireless network interface must be assigned a Layer 3 address
- B. Security Fabric and HTTPS must be enabled on the wireless network interface
- C. The wireless network to Internet firewall policy must be configured
- D. The new network must be manually assigned to a FortiAP profile.
Answer:
C
Explanation:
A FortiGate unit is an industry leading enterprise firewall. In addition to consolidating all the
functions of a network firewall, IPS, anti-malware, VPN, WAN optimization, Web filtering, and
application control in a single platform, FortiGate also has an integrated Wi-Fi controller.
Reference:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/723e20ad-
5098-11e9-94bf-00505692583a/FortiWiFi_and_FortiAP-6.2.0-Configuration_Guide.pdf
Question 6
Refer to the exhibits.
Exhibit A
Exhibit B
A wireless network has been created to support a group of users in a specific area of a building. The
wireless network is configured but users are unable to connect to it. The exhibits show the relevant
controller configuration for the APs and the wireless network.
Which two configuration changes will resolve the issue? (Choose two.)
- A. For both interfaces in the wtp-profile, configure set vaps to be “Authors”
- B. Disable intra-vap-privacy for the Authors vap-wireless network
- C. For both interfaces in the wtp-profile, configure vap-all to be manual
- D. Increase the transmission power of the AP radio interfaces
Answer:
A, C
Question 7
As a network administrator, you are responsible for managing an enterprise secure wireless LAN. The
controller is based in the United States, and you have been asked to deploy a number of managed
APs in a remote office in Germany.
What is the correct way to ensure that the RF channels and transmission power limits are
appropriately configured for the remote APs?
- A. Configure the APs individually by overriding the settings in Managed FortiAPs
- B. Configure the controller for the correct country code for Germany
- C. Clone a suitable FortiAP profile and change the county code settings on the profile
- D. Create a new FortiAP profile and change the county code settings on the profile
Answer:
C
Explanation:
Reference:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/69a8fa9c-
1eaa-11e9-b6f6-f8bc1258b856/fortigate-fortiwifi-and-fortiap-configuration-guide-54.pdf
Question 8
Which of the following is a requirement to generate analytic reports using on-site FortiPresence
deployment?
- A. SQL services must be running
- B. Two wireless APs must be sending data
- C. DTLS encryption on wireless traffic must be turned off
- D. Wireless network security must be set to open
Answer:
A
Question 9
Refer to the exhibits.
Exhibit A
Exhibit B
The exhibits show the diagnose debug log of a station connection taken on the controller CLI.
Which security mode is used by the wireless connection?
- A. WPA2 Enterprise
- B. WPA3 Enterprise
- C. WPA2 Personal and radius MAC filtering
- D. Open, with radius MAC filtering
Answer:
C
Question 10
Which statement describes FortiPresence location map functionality?
- A. Provides real-time insight into user movements
- B. Provides real-time insight into user online activity
- C. Provides real-time insight into user purchase activity
- D. Provides real-time insight into user usage stats
Answer:
A
Question 11
Refer to the exhibit.
If the signal is set to -68 dB on the FortiPlanner site survey reading, which statement is correct
regarding the coverage area?
- A. Areas with the signal strength equal to -68 dB are zoomed in to provide better visibility
- B. Areas with the signal strength weaker than -68 dB are cut out of the map
- C. Areas with the signal strength equal or stronger than -68 dB are highlighted in multicolor
- D. Areas with the signal strength weaker than -68 dB are highlighted in orange and red to indicate that no signal was propagated by the APs.
Answer:
D
Question 12
Six APs are located in a remotely based branch office and are managed by a centrally hosted
FortiGate. Multiple wireless users frequently connect and roam between the APs in the remote
office.
The network they connect to, is secured with WPA2-PSK. As currently configured, the WAN
connection between the branch office and the centrally hosted FortiGate is unreliable.
Which configuration would enable the most reliable wireless connectivity for the remote clients?
- A. Configure a tunnel mode wireless network and enable split tunneling to the local network
- B. Configure a bridge mode wireless network and enable the Local standalone configuration option
- C. Configure a bridge mode wireless network and enable the Local authentication configuration option
- D. Install supported FortiAP and configure a bridge mode wireless network
Answer:
A
Question 13
When using FortiPresence as a captive portal, which two types of public authentication services can
be used to access guest Wi-Fi? (Choose two.)
- A. Social networks authentication
- B. Software security token authentication
- C. Short message service authentication
- D. Hardware security token authentication
Answer:
A, C
Question 14
Refer to the exhibit.
What does the asterisk (*) symbol beside the channel mean?
- A. Indicates channels that can be used only when Radio Resource Provisioning is enabled
- B. Indicates channels that cannot be used because of regulatory channel restrictions
- C. Indicates channels that will be scanned by the Wireless Intrusion Detection System (WIDS)
- D. Indicates channels that are subject to dynamic frequency selection (DFS) regulations
Answer:
D
Question 15
As standard best practice, which configuration should be performed before configuring FortiAPs
using a FortiGate wireless controller?
- A. Create wireless LAN specific policies
- B. Preauthorize APs
- C. Create a custom AP profile
- D. Set the wireless controller country setting
Answer:
D