0% found this document useful (0 votes)
447 views18 pages

Nse6 FWF-6.4

This document contains a practice exam for the Fortinet NSE6_FWF-6.4 certification. It includes 15 multiple choice questions covering topics such as wireless network configuration, authentication methods, rogue device detection, and performance troubleshooting. Correct answers are provided for each question, along with brief explanations for some answers. The questions test knowledge of configuring and managing Fortinet wireless networks and controllers.

Uploaded by

crgonzalezflores
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
447 views18 pages

Nse6 FWF-6.4

This document contains a practice exam for the Fortinet NSE6_FWF-6.4 certification. It includes 15 multiple choice questions covering topics such as wireless network configuration, authentication methods, rogue device detection, and performance troubleshooting. Correct answers are provided for each question, along with brief explanations for some answers. The questions test knowledge of configuring and managing Fortinet wireless networks and controllers.

Uploaded by

crgonzalezflores
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

NSE6_FWF-6.

ALL Voucher (Fortinet NSE4 NSE5 NSE6 NSE7 NSE8)+ DUMPS FORTINET valid 100% or
Proxy help on exam
ALL Cisco DUMPS => CCNA or CCNP ( ENCOR , ENRASI..)

CISCO Proxy exam CCNA CCNP,(Help on exam ,pay after Pass ),PALO ALTO (PCNSE ,
PCNSA) , AZURE(900,104,700,500)
#CISA #CISM #PCNSE #ITILV4 #PCNSA

For more info contact me on my Whatsupp +21655255099


IT Certification Guaranteed, The Easy Way!

Exam : NSE6_FWF-6.4

Title : Fortinet NSE 6 - Secure


Wireless LAN 6.4

Vendor : Fortinet

Version : V13.05

1
IT Certification Guaranteed, The Easy Way!

NO.1 When deploying a wireless network that is authenticated using EAP PEAP, which two
configurations are required? (Choose two.)
A. An X.509 certificate to authenticate the client
B. An X.509 to authenticate the authentication server
C. A WPA2 or WPA3 personal wireless network
D. A WPA2 or WPA3 Enterprise wireless network
X. 509 certificates and work for connections that use Secure Socket Layer/Transport Level Security
(SSL/TLS). Both client and server certificates have additional requirements.
Answer: A,B

NO.2 What is the first discovery method used by FortiAP to locate the FortiGate wireless controller
in the default configuration?
A. DHCP
B. Static
C. Broadcast
D. Multicast
Answer: A

NO.3 Refer to the exhibit.

2
IT Certification Guaranteed, The Easy Way!

What does the asterisk (*) symbol beside the channel mean?
A. Indicates channels that can be used only when Radio Resource Provisioning is enabled
B. Indicates channels that cannot be used because of regulatory channel restrictions
C. Indicates channels that will be scanned by the Wireless Intrusion Detection System (WIDS)
D. Indicates channels that are subject to dynamic frequency selection (DFS) regulations
Answer: A

NO.4 A tunnel mode wireless network is configured on a FortiGate wireless controller.


Which task must be completed before the wireless network can be used?
A. The wireless network interface must be assigned a Layer 3 address
B. Security Fabric and HTTPS must be enabled on the wireless network interface
C. The wireless network to Internet firewall policy must be configured
D. The new network must be manually assigned to a FortiAP profile.
Answer: C
Explanation:
A FortiGate unit is an industry leading enterprise firewall. In addition to consolidating all the
functions of a network firewall, IPS, anti-malware, VPN, WAN optimization, Web filtering, and

3
IT Certification Guaranteed, The Easy Way!

application control in a single platform, FortiGate also has an integrated Wi-Fi controller.

NO.5 Which two roles does FortiPresence analytics assist in generating presence reports? (Choose
two.)
A. Gathering details about on site visitors
B. Predicting the number of guest users visiting on-site
C. Comparing current data with historical records
D. Reporting potential threats by guests on site
Answer: A,B

NO.6 When using FortiPresence as a captive portal, which two types of public authentication
services can be used to access guest Wi-Fi? (Choose two.)
A. Social networks authentication
B. Software security token authentication
C. Short message service authentication
D. Hardware security token authentication
Answer: A,D
Explanation:
This information along with the social network authentication logins with Facebook, Google,
Instagram, LinkedIn, or FortiPresence using your WiFi.
Captive Portal configurations for social media logins and internet access. You can add and manage
sites using the integrated Google maps and manoeuvre your hardware infrastructure easily.

NO.7 You are investigating a wireless performance issue and you are trying to audit the neighboring
APs in the PF environment. You review the Rogue APs widget on the GUI but it is empty, despite the
known presence of other APs.
Which configuration change will allow neighboring APs to be successfully detected?
A. Enable Locate WiFi clients when not connected in the relevant AP profiles.
B. Enable Monitor channel utilization on the relevant AP profiles.
C. Ensure that all allowed channels are enabled for the AP radios.
D. Enable Radio resource provisioning on the relevant AP profiles.
Answer: D
Explanation:
The ARRP (Automatic Radio Resource Provisioning) profile improves upon DARRP (Distributed
Automatic Radio Resource Provisioning) by allowing more factors to be considered to optimize
channel selection among FortiAPs. DARRP uses the neighbor APs channels and signal strength
collected from the background scan for channel selection.

NO.8 Refer to the exhibit.

4
IT Certification Guaranteed, The Easy Way!

If the signal is set to -68 dB on the FortiPlanner site survey reading, which statement is correct
regarding the coverage area?
A. Areas with the signal strength equal to -68 dB are zoomed in to provide better visibility
B. Areas with the signal strength weaker than -68 dB are cut out of the map
C. Areas with the signal strength equal or stronger than -68 dB are highlighted in multicolor
D. Areas with the signal strength weaker than -68 dB are highlighted in orange and red to indicate
that no signal was propagated by the APs.
Answer: C

NO.9 What type of design model does FortiPlanner use in wireless design project?
A. Architectural model
B. Predictive model
C. Analytical model
D. Integration model
Answer: A
Explanation:
FortiPlanner will look familiar to anyone who has used architectural or home design software.

NO.10 Which two configurations are compatible for Wireless Single Sign-On (WSSO)? (Choose two.)
A. A VAP configured for captive portal authentication
B. A VAP configured for WPA2 or 3 Enterprise
C. A VAP configured to authenticate locally on FortiGate
D. A VAP configured to authenticate using a radius server
Answer: B,D
Explanation:
In the SSID choose WPA2-Enterprise authentication.
WSSO is RADIUS-based authentication that passes the user's user group memberships to the

5
IT Certification Guaranteed, The Easy Way!

FortiGate.

NO.11 Six APs are located in a remotely based branch office and are managed by a centrally hosted
FortiGate. Multiple wireless users frequently connect and roam between the APs in the remote
office.
The network they connect to, is secured with WPA2-PSK. As currently configured, the WAN
connection between the branch office and the centrally hosted FortiGate is unreliable.
Which configuration would enable the most reliable wireless connectivity for the remote clients?
A. Configure a tunnel mode wireless network and enable split tunneling to the local network
B. Configure a bridge mode wireless network and enable the Local standalone configuration option
C. Configure a bridge mode wireless network and enable the Local authentication configuration
option
D. Install supported FortiAP and configure a bridge mode wireless network
Answer: A

NO.12 Which two statements about background rogue scanning are correct? (Choose two.)
A. A dedicated radio configured for background scanning can support the connection of wireless
clients
B. When detecting rogue APs, a dedicated radio configured for background scanning can suppress
the rogue AP
C. Background rogue scanning requires DARRP to be enabled on the AP instance
D. A dedicated radio configured for background scanning can detect rogue devices on all other
channels in its configured frequency band
Answer: A,B
Explanation:
To enable rogue AP scanning

NO.13 Which statement is correct about security profiles on FortiAP devices?


A. Security profiles on FortiAP devices can use FortiGate subscription to inspect the traffic
B. Only bridge mode SSIDs can apply the security profiles
C. Disable DTLS on FortiAP
D. FortiGate performs inspection the wireless traffic
Answer: B

NO.14 Refer to the exhibits.


Exhibit A

6
IT Certification Guaranteed, The Easy Way!

Exhibit B

7
IT Certification Guaranteed, The Easy Way!

Exhibit C

8
IT Certification Guaranteed, The Easy Way!

A wireless network has been installed in a small office building and is being used by a business to
connect its wireless clients. The network is used for multiple purposes, including corporate access,
guest access, and connecting point-of-sale and IoT devices.
Users connecting to the guest network located in the reception area are reporting slow performance.
The network administrator is reviewing the information shown in the exhibits as part of the ongoing
investigation of the problem. They show the profile used for the AP and the controller RF analysis
output together with a screenshot of the GUI showing a summary of the AP and its neighboring APs.
To improve performance for the users connecting to the guest network in this area, which
configuration change is most likely to improve performance?
A. Increase the transmission power of the AP radios
B. Enable frequency handoff on the AP to band steer clients
C. Reduce the number of wireless networks being broadcast by the AP
D. Install another AP in the reception area to improve available bandwidth
Answer: A

NO.15 When configuring a wireless network for dynamic VLAN allocation, which three IETF
attributes must be supplied by the radius server? (Choose three.)
A. 81 Tunnel-Private-Group-ID
B. 65 Tunnel-Medium-Type
C. 83 Tunnel-Preference
D. 58 Egress-VLAN-Name
E. 64 Tunnel-Type
Answer: A,B,E
Explanation:
The RADIUS user attributes used for the VLAN ID assignment are:
IETF 64 (Tunnel Type)-Set this to VLAN.
IETF 65 (Tunnel Medium Type)-Set this to 802

9
IT Certification Guaranteed, The Easy Way!

IETF 81 (Tunnel Private Group ID)-Set this to VLAN ID.

NO.16 As a network administrator, you are responsible for managing an enterprise secure wireless
LAN. The controller is based in the United States, and you have been asked to deploy a number of
managed APs in a remote office in Germany.
What is the correct way to ensure that the RF channels and transmission power limits are
appropriately configured for the remote APs?
A. Configure the APs individually by overriding the settings in Managed FortiAPs
B. Configure the controller for the correct country code for Germany
C. Clone a suitable FortiAP profile and change the county code settings on the profile
D. Create a new FortiAP profile and change the county code settings on the profile
Answer: C

NO.17 Which two statements about distributed automatic radio resource provisioning (DARRP) are
correct? (Choose two.)
A. DARRP performs continuous spectrum analysis to detect sources of interference. It uses this
information to allow the AP to select the optimum channel.
B. DARRP performs measurements of the number of BSSIDs and their signal strength (RSSI). The
controller then uses this information to select the optimum channel for the AP.
C. DARRP measurements can be scheduled to occur at specific times.
D. DARRP requires that wireless intrusion detection (WIDS) be enabled to detect neighboring
devices.
Answer: A,D
Explanation:
DARRP (Distributed Automatic Radio Resource Provisioning) technology ensures the wireless
infrastructure is always optimized to deliver maximum performance. Fortinet APs enabled with this
advanced feature continuously monitor the RF environment for interference, noise and signals from
neighboring APs, enabling the FortiGate WLAN Controller to determine the optimal RF power levels
for each AP on the network. When a new AP is provisioned, DARRP also ensures that it chooses the
optimal channel, without administrator intervention.

NO.18 When configuring Auto TX Power control on an AP radio, which two statements best describe
how the radio responds? (Choose two.)
A. When the AP detects any other wireless signal stronger that -70 dBm, it will reduce its
transmission power until it reaches the minimum configured TX power limit.
B. When the AP detects PF Interference from an unknown source such as a cordless phone with a
signal stronger that -70 dBm, it will increase its transmission power until it reaches the maximum
configured TX power limit.
C. When the AP detects any wireless client signal weaker than -70 dBm, it will reduce its transmission
power until it reaches the maximum configured TX power limit.
D. When the AP detects any interference from a trusted neighboring AP stronger that -70 dBm, it will
reduce its transmission power until it reaches the minimum configured TX power limit.
Answer: A,C

10
IT Certification Guaranteed, The Easy Way!

NO.19 Refer to the exhibits.


Exhibit A

Exhibit B

11
IT Certification Guaranteed, The Easy Way!

The exhibits show the diagnose debug log of a station connection taken on the controller CLI.
Which security mode is used by the wireless connection?

12
IT Certification Guaranteed, The Easy Way!

A. WPA2 Enterprise
B. WPA3 Enterprise
C. WPA2 Personal and radius MAC filtering
D. Open, with radius MAC filtering
Answer: A
Explanation:
Best security option is WPA2-AES.

NO.20 Which statement describes FortiPresence location map functionality?


A. Provides real-time insight into user movements
B. Provides real-time insight into user online activity
C. Provides real-time insight into user purchase activity
D. Provides real-time insight into user usage stats
Answer: D
Explanation:
This geographical data analysis provides real-time insights into user behavior.

NO.21 When enabling security fabric on the FortiGate interface to manage FortiAPs, which two
types of communication channels are established between FortiGate and FortiAPs? (Choose two.)
A. Control channels
B. Security channels
C. FortLink channels
D. Data channels
Answer: A,D
Explanation:
The control channel for managing traffic, which is always encrypted by DTLS. l The data channel for
carrying client data packets.

NO.22 How are wireless clients assigned to a dynamic VLAN configured for hash mode?
A. Using the current number of wireless clients connected to the SSID and the number of IPs
available in the least busy VLAN
B. Using the current number of wireless clients connected to the SSID and the number of clients
allocated to each of the VLANs
C. Using the current number of wireless clients connected to the SSID and the number of VLANs
available in the pool
D. Using the current number of wireless clients connected to the SSID and the group the FortiAP is a
member of
Answer: C
Explanation:
VLAN from the VLAN pool based on a hash of the current number of SSID clients and the number of
entries in the VLAN pool.

NO.23 Where in the controller interface can you find a wireless client's upstream and downstream
link rates?

13
IT Certification Guaranteed, The Easy Way!

A. On the AP CLI, using the cw_diag ksta command


B. On the controller CLI, using the diag wireless-controller wlac -d sta command
C. On the AP CLI, using the cw_diag -d sta command
D. On the controller CLI, using the WiFi Client monitor
Answer: B

NO.24 As standard best practice, which configuration should be performed before configuring
FortiAPs using a FortiGate wireless controller?
A. Create wireless LAN specific policies
B. Preauthorize APs
C. Create a custom AP profile
D. Set the wireless controller country setting
Answer: C

NO.25 Which of the following is a requirement to generate analytic reports using on-site
FortiPresence deployment?
A. SQL services must be running
B. Two wireless APs must be sending data
C. DTLS encryption on wireless traffic must be turned off
D. Wireless network security must be set to open
Answer: B
Explanation:
FortiPresence VM is deployed locally on your site and consists of two virtual machines. All the
analytics data collected and computed resides locally on the VMs.

NO.26 Which factor is the best indicator of wireless client connection quality?
A. Downstream link rate, the connection rate for the AP to the client
B. The receive signal strength (RSS) of the client at the AP
C. Upstream link rate, the connection rate for the client to the AP
D. The channel utilization of the channel the client is using
Answer: B
Explanation:
SSI, or "Received Signal Strength Indicator," is a measurement of how well your device can hear a
signal from an access point or router. It's a value that is useful for determining if you have enough
signal to get a good wireless connection.

NO.27 Refer to the exhibits.


Exhibit A

14
IT Certification Guaranteed, The Easy Way!

Exhibit B

15
IT Certification Guaranteed, The Easy Way!

A wireless network has been created to support a group of users in a specific area of a building. The
wireless network is configured but users are unable to connect to it. The exhibits show the relevant
controller configuration for the APs and the wireless network.
Which two configuration changes will resolve the issue? (Choose two.)
A. For both interfaces in the wtp-profile, configure set vaps to be "Authors"

16
IT Certification Guaranteed, The Easy Way!

B. Disable intra-vap-privacy for the Authors vap-wireless network


C. For both interfaces in the wtp-profile, configure vap-all to be manual
D. Increase the transmission power of the AP radio interfaces
Answer: B,C

NO.28 Which two phases are part of the process to plan a wireless design project? (Choose two.)
A. Project information phase
B. Hardware selection phase
C. Site survey phase
D. Installation phase
Answer: C,D
Reference:
https://www.automation.com/en-us/articles/2015-2/wireless-device-network-planning-and-design

NO.29 Part of the location service registration process is to link FortiAPs in FortiPresence.
Which two management services can configure the discovered AP registration information from the
FortiPresence cloud? (Choose two.)
A. AP Manager
B. FortiAP Cloud
C. FortiSwitch
D. FortiGate
Answer: B,D
Explanation:
FortiGate, FortiCloud wireless access points (send visitor data in the form of station reports directly
to FortiPresence)

NO.30 Which administrative access method must be enabled on a FortiGate interface to allow APs
to connect and function?
A. Security Fabric
B. SSH
C. HTTPS
D. FortiTelemetry
Answer: A

17

You might also like