Refer to the exhibit.
In the WTP profile configuration shown in the exhibit, the AP profile is assigned to two FAP-320 APs that are installed in an open plan office.
1.
The first AP has 32 clients associated to the 5GHz radios and 22 clients associated to the 2.4GHz
radio.
2.
The second AP has 12 clients associated to the 5GHz radios and 20 clients associated to the 2.4GHz radio.
A dual band-capable client enters the office near the first AP and the first AP measures the new client at −33 dBm signal strength. The second AP measures the new client at −43 dBm signal strength.
In the new client attempts to connect to the corporate wireless network, to which AP radio will the client be associated?
A. The second AP 5GHz interface.
B. The first AP 2.4GHz interface.
C. The first AP 5GHz interface.
D. The second AP 2.4GHz interface.
Which two EAP methods can use MSCHAPV2 for client authentication? (Choose two.)
A. PEAP
B. EAP-TTLS
C. EAP-TLS
D. EAP-GTC
What does DHCP snooping MAC verification do?
A. Drops DHCP release packets on untrusted ports
B. Drops DHCP packets with no relay agent information (option 82) on untrusted ports
C. Drops DHCP offer packets on untrusted ports
D. Drops DHCP packets on untrusted ports when the client hardware address does not match the source MAC address
Which statement correctly describes the quest portal behavior on FortiAuthenticator?
A. Sponsored accounts cannot authenticate using guest portals.
B. FortiAuthenticator uses POST parameters and a RADIUS client configuration to map the request to a guest portal for authentication.
C. All guest accounts must be activated using SMS or email activation codes.
D. All self-registered and sponsored accounts are listed on the local Users GUI page on FortiAuthenticator.
Refer to the exhibit.
Examine the packet capture shown in the exhibit, which contains a RADIUS access request packet sent by FortiSwitch to a RADIUS server.
Why does the User-Name field in the RADIUS access request packet contain a MAC address?
A. The FortiSwitch interface is configured for 802.1X port authentication with MAC address bypass, and the connected device does not support 802.1X.
B. FortiSwitch authenticates itself using its MAC address as the user name.
C. The connected device is doing machine authentication.
D. FortiSwitch is replying to an access challenge packet sent by the RADIUS server and requesting the client MAC address.
Refer to the exhibits.
Examine the firewall policy configuration and SSID settings.
An administrator has configured a guest wireless network on FortiGate using the external captive portal. The administrator has verified that the external captive portal URL is correct. However, wireless users are not able to see the captive portal login page.
Given the configuration shown in the exhibit and the SSID settings, which configuration change should the administrator make to fix the problem?
A. Enable the captive-portal-exemptoption in the firewall policy with the ID 11.
B. Apply a guest.portal user group in the firewall policy with the ID 11.
C. Disable the user group from the SSID configuration.
D. Include the wireless client subnet range in the Exempt Source section.
Refer to the exhibit.
Examine the configuration of the FortiSwitch security policy profile.
If the security profile shown in the exhibit is assigned on the FortiSwitch port for 802.1X.port authentication, which statement is correct?
A. Host machines that do support 802.1X authentication, but have failed authentication, will be assigned the guest VLAN.
B. All unauthenticated users will be assigned the auth-fail VLAN.
C. Authenticated users that are part of the wired-users group will be assigned the guest VLAN.
D. Host machines that do not support 802.1X authentication will be assigned the guest VLAN.
Refer to the exhibit.
Examine the partial debug output shown in the exhibit.
Which two statements about the debug output are true? (Choose two.)
A. The connection to the LDAP server timed out.
B. The user authenticated successfully.
C. The LDAP server is configured to use regular bind.
D. The debug output shows multiple user authentications.
Examine the following output from the FortiLink real-time debug.
Based on the output, what is the status of the communication between FortiGate and FortiSwitch?
A. FortiGate is unable to authorize the FortiSwitch.
B. FortiGate is unable to establish FortiLink tunnel to manage the FortiSwitch.
C. FortiGate is unable to located a previously managed FortiSwitch.
D. The FortiLink heartbeat is up.
An administrator has deployed dual band-capable wireless APs in a wireless network. Multiple 2.4 GHz wireless clients are connecting to the network, and subsequent monitoring shows that individual AP
2.4GHz interfaces are being overloaded with wireless connections. Which configuration change would best resolve the overloading issue?
A. Configure load balancing AP handoff on both the AP interfaces on all APs.
B. Configure load balancing AP handoff on only the 2.4GHz interfaces of all Aps.
C. Configure load balancing frequency handoff on both the AP interfaces.
D. Configure a client limit on the all AP 2.4GHz interfaces.
