Fortinet nse6-fwf-6-4 practice test

Fortinet NSE 6 - Secure Wireless LAN 6.4 Exam

Last exam update: Jul 13 ,2024
Page 1 out of 2. Viewing questions 1-15 out of 30

Question 1

How are wireless clients assigned to a dynamic VLAN configured for hash mode?

  • A. Using the current number of wireless clients connected to the SSID and the number of IPs available in the least busy VLAN
  • B. Using the current number of wireless clients connected to the SSID and the number of clients allocated to each of the VLANs
  • C. Using the current number of wireless clients connected to the SSID and the number of VLANs available in the pool
  • D. Using the current number of wireless clients connected to the SSID and the group the FortiAP is a member of
Mark Question:
Answer:

C

User Votes:
A
50%
B 2 votes
50%
C 2 votes
50%
D
50%

Explanation:
VLAN from the VLAN pool based on a hash of the current number of SSID clients and the number of
entries in the VLAN pool.
Reference:
https://docs.fortinet.com/document/fortiap/7.0.1/fortiwifi-and-fortiap-configuration-
guide/376326/configuring-dynamic-user-vlan-assignment

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Which statement is correct about security profiles on FortiAP devices?

  • A. Security profiles on FortiAP devices can use FortiGate subscription to inspect the traffic
  • B. Only bridge mode SSIDs can apply the security profiles
  • C. Disable DTLS on FortiAP
  • D. FortiGate performs inspection the wireless traffic
Mark Question:
Answer:

B

User Votes:
A
50%
B 3 votes
50%
C
50%
D
50%

Explanation:
Reference:
https://docs.fortinet.com/document/fortiap/6.4.0/fortiwifi-and-fortiap-configuration-
guide/47321/fortiap-s-bridge-mode-security-profiles

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

When deploying a wireless network that is authenticated using EAP PEAP, which two configurations
are required? (Choose two.)

  • A. An X.509 certificate to authenticate the client
  • B. An X.509 to authenticate the authentication server
  • C. A WPA2 or WPA3 personal wireless network
  • D. A WPA2 or WPA3 Enterprise wireless network
Mark Question:
Answer:

BD

User Votes:
A
50%
B 3 votes
50%
C
50%
D 3 votes
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

What is the first discovery method used by FortiAP to locate the FortiGate wireless controller in the
default configuration?

  • A. DHCP
  • B. Static
  • C. Broadcast
  • D. Multicast
Mark Question:
Answer:

B

User Votes:
A 1 votes
50%
B 3 votes
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

A tunnel mode wireless network is configured on a FortiGate wireless controller.
Which task must be completed before the wireless network can be used?

  • A. The wireless network interface must be assigned a Layer 3 address
  • B. Security Fabric and HTTPS must be enabled on the wireless network interface
  • C. The wireless network to Internet firewall policy must be configured
  • D. The new network must be manually assigned to a FortiAP profile.
Mark Question:
Answer:

C

User Votes:
A
50%
B 1 votes
50%
C 3 votes
50%
D
50%

Explanation:
A FortiGate unit is an industry leading enterprise firewall. In addition to consolidating all the
functions of a network firewall, IPS, anti-malware, VPN, WAN optimization, Web filtering, and
application control in a single platform, FortiGate also has an integrated Wi-Fi controller.
Reference:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/723e20ad-
5098-11e9-94bf-00505692583a/FortiWiFi_and_FortiAP-6.2.0-Configuration_Guide.pdf

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Refer to the exhibits.
Exhibit A

Exhibit B

A wireless network has been created to support a group of users in a specific area of a building. The
wireless network is configured but users are unable to connect to it. The exhibits show the relevant
controller configuration for the APs and the wireless network.
Which two configuration changes will resolve the issue? (Choose two.)

  • A. For both interfaces in the wtp-profile, configure set vaps to be “Authors”
  • B. Disable intra-vap-privacy for the Authors vap-wireless network
  • C. For both interfaces in the wtp-profile, configure vap-all to be manual
  • D. Increase the transmission power of the AP radio interfaces
Mark Question:
Answer:

A, C

User Votes:
A 3 votes
50%
B
50%
C 3 votes
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

As a network administrator, you are responsible for managing an enterprise secure wireless LAN. The
controller is based in the United States, and you have been asked to deploy a number of managed
APs in a remote office in Germany.
What is the correct way to ensure that the RF channels and transmission power limits are
appropriately configured for the remote APs?

  • A. Configure the APs individually by overriding the settings in Managed FortiAPs
  • B. Configure the controller for the correct country code for Germany
  • C. Clone a suitable FortiAP profile and change the county code settings on the profile
  • D. Create a new FortiAP profile and change the county code settings on the profile
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C 2 votes
50%
D 1 votes
50%

Explanation:
Reference:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/69a8fa9c-
1eaa-11e9-b6f6-f8bc1258b856/fortigate-fortiwifi-and-fortiap-configuration-guide-54.pdf

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Which of the following is a requirement to generate analytic reports using on-site FortiPresence
deployment?

  • A. SQL services must be running
  • B. Two wireless APs must be sending data
  • C. DTLS encryption on wireless traffic must be turned off
  • D. Wireless network security must be set to open
Mark Question:
Answer:

A

User Votes:
A 3 votes
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Refer to the exhibits.
Exhibit A

Exhibit B

The exhibits show the diagnose debug log of a station connection taken on the controller CLI.
Which security mode is used by the wireless connection?

  • A. WPA2 Enterprise
  • B. WPA3 Enterprise
  • C. WPA2 Personal and radius MAC filtering
  • D. Open, with radius MAC filtering
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C 3 votes
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Which statement describes FortiPresence location map functionality?

  • A. Provides real-time insight into user movements
  • B. Provides real-time insight into user online activity
  • C. Provides real-time insight into user purchase activity
  • D. Provides real-time insight into user usage stats
Mark Question:
Answer:

A

User Votes:
A 3 votes
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Refer to the exhibit.

If the signal is set to -68 dB on the FortiPlanner site survey reading, which statement is correct
regarding the coverage area?

  • A. Areas with the signal strength equal to -68 dB are zoomed in to provide better visibility
  • B. Areas with the signal strength weaker than -68 dB are cut out of the map
  • C. Areas with the signal strength equal or stronger than -68 dB are highlighted in multicolor
  • D. Areas with the signal strength weaker than -68 dB are highlighted in orange and red to indicate that no signal was propagated by the APs.
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C 2 votes
50%
D 1 votes
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

Six APs are located in a remotely based branch office and are managed by a centrally hosted
FortiGate. Multiple wireless users frequently connect and roam between the APs in the remote
office.
The network they connect to, is secured with WPA2-PSK. As currently configured, the WAN
connection between the branch office and the centrally hosted FortiGate is unreliable.
Which configuration would enable the most reliable wireless connectivity for the remote clients?

  • A. Configure a tunnel mode wireless network and enable split tunneling to the local network
  • B. Configure a bridge mode wireless network and enable the Local standalone configuration option
  • C. Configure a bridge mode wireless network and enable the Local authentication configuration option
  • D. Install supported FortiAP and configure a bridge mode wireless network
Mark Question:
Answer:

A

User Votes:
A 1 votes
50%
B 2 votes
50%
C 2 votes
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

When using FortiPresence as a captive portal, which two types of public authentication services can
be used to access guest Wi-Fi? (Choose two.)

  • A. Social networks authentication
  • B. Software security token authentication
  • C. Short message service authentication
  • D. Hardware security token authentication
Mark Question:
Answer:

A, C

User Votes:
A 3 votes
50%
B
50%
C 3 votes
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

Refer to the exhibit.

What does the asterisk (*) symbol beside the channel mean?

  • A. Indicates channels that can be used only when Radio Resource Provisioning is enabled
  • B. Indicates channels that cannot be used because of regulatory channel restrictions
  • C. Indicates channels that will be scanned by the Wireless Intrusion Detection System (WIDS)
  • D. Indicates channels that are subject to dynamic frequency selection (DFS) regulations
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D 3 votes
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

As standard best practice, which configuration should be performed before configuring FortiAPs
using a FortiGate wireless controller?

  • A. Create wireless LAN specific policies
  • B. Preauthorize APs
  • C. Create a custom AP profile
  • D. Set the wireless controller country setting
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C 2 votes
50%
D 2 votes
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2