Fortinet NSE 6 - Secure Wireless LAN 6.4 v1.0

Page:    1 / 2   
Exam contains 33 questions

Which two statements about distributed automatic radio resource provisioning (DARRP) are correct? (Choose two.)

  • A. DARRP performs continuous spectrum analysis to detect sources of interference. It uses this information to allow the AP to select the optimum channel.
  • B. DARRP performs measurements of the number of BSSIDs and their signal strength (RSSI). The controller then uses this information to select the optimum channel for the AP.
  • C. DARRP measurements can be scheduled to occur at specific times.
  • D. DARRP requires that wireless intrusion detection (WIDS) be enabled to detect neighboring devices.

Answer : AD

DARRP (Distributed Automatic Radio Resource Provisioning) technology ensures the wireless infrastructure is always optimized to deliver maximum performance.
Fortinet APs enabled with this advanced feature continuously monitor the RF environment for interference, noise and signals from neighboring APs, enabling the
FortiGate WLAN Controller to determine the optimal RF power levels for each AP on the network. When a new AP is provisioned, DARRP also ensures that it chooses the optimal channel, without administrator intervention.

Which factor is the best indicator of wireless client connection quality?

  • A. Downstream link rate, the connection rate for the AP to the client
  • B. The receive signal strength (RSS) of the client at the AP
  • C. Upstream link rate, the connection rate for the client to the AP
  • D. The channel utilization of the channel the client is using

Answer : B

SSI, or ג€Received Signal Strength Indicator,ג€ is a measurement of how well your device can hear a signal from an access point or router. Itג€™s a value that is useful for determining if you have enough signal to get a good wireless connection.

When configuring Auto TX Power control on an AP radio, which two statements best describe how the radio responds? (Choose two.)

  • A. When the AP detects any other wireless signal stronger that -70 dBm, it will reduce its transmission power until it reaches the minimum configured TX power limit.
  • B. When the AP detects PF Interference from an unknown source such as a cordless phone with a signal stronger that -70 dBm, it will increase its transmission power until it reaches the maximum configured TX power limit.
  • C. When the AP detects any wireless client signal weaker than -70 dBm, it will reduce its transmission power until it reaches the maximum configured TX power limit.
  • D. When the AP detects any interference from a trusted neighboring AP stronger that -70 dBm, it will reduce its transmission power until it reaches the minimum configured TX power limit.

Answer : AC


Refer to the exhibits.
Exhibit A.

Exhibit B.

Exhibit C.

A wireless network has been installed in a small office building and is being used by a business to connect its wireless clients. The network is used for multiple purposes, including corporate access, guest access, and connecting point-of-sale and Io׀¢ devices.
Users connecting to the guest network located in the reception area are reporting slow performance. The network administrator is reviewing the information shown in the exhibits as part of the ongoing investigation of the problem. They show the profile used for the AP and the controller RF analysis output together with a screenshot of the GUI showing a summary of the AP and its neighboring APs.
To improve performance for the users connecting to the guest network in this area, which configuration change is most likely to improve performance?

  • A. Increase the transmission power of the AP radios
  • B. Enable frequency handoff on the AP to band steer clients
  • C. Reduce the number of wireless networks being broadcast by the AP
  • D. Install another AP in the reception area to improve available bandwidth

Answer : A

Which two statements about background rogue scanning are correct? (Choose two.)

  • A. A dedicated radio configured for background scanning can support the connection of wireless clients
  • B. When detecting rogue APs, a dedicated radio configured for background scanning can suppress the rogue AP
  • C. Background rogue scanning requires DARRP to be enabled on the AP instance
  • D. A dedicated radio configured for background scanning can detect rogue devices on all other channels in its configured frequency band.

Answer : AB


To enable rogue AP scanning -

Configuration_Guide.pdf -

When configuring a wireless network for dynamic VLAN allocation, which three IETF attributes must be supplied by the radius server? (Choose three.)

  • A. 81 Tunnel-Private-Group-ID
  • B. 65 Tunnel-Medium-Type
  • C. 83 Tunnel-Preference
  • D. 58 Egress-VLAN-Name
  • E. 64 Tunnel-Type

Answer : ABE

The RADIUS user attributes used for the VLAN ID assignment are:
✑ IETF 64 (Tunnel Type)ג€"Set this to VLAN.
✑ IETF 65 (Tunnel Medium Type)ג€"Set this to 802
✑ IETF 81 (Tunnel Private Group ID)ג€"Set this to VLAN ID.

Which two phases are part of the process to plan a wireless design project? (Choose two.)

  • A. Project information phase
  • B. Hardware selection phase
  • C. Site survey phase
  • D. Installation phase

Answer : CD


When enabling security fabric on the FortiGate interface to manage FortiAPs, which two types of communication channels are established between FortiGate and
FortiAPs? (Choose two.)

  • A. Control channels
  • B. Security channels
  • C. FortLink channels
  • D. Data channels

Answer : AD

The control channel for managing traffic, which is always encrypted by DTLS. l The data channel for carrying client data packets.

Cookbook.pdf -

Part of the location service registration process is to link FortiAPs in FortiPresence.
Which two management services can configure the discovered AP registration information from the FortiPresence cloud? (Choose two.)

  • A. AP Manager
  • B. FortiAP Cloud
  • C. FortiSwitch
  • D. FortiGate

Answer : BD

FortiGate, FortiCloud wireless access points (send visitor data in the form of station reports directly to FortiPresence)
Reference: notes.pdf

Which two configurations are compatible for Wireless Single Sign-On (WSSO)? (Choose two.)

  • A. A VAP configured for captive portal authentication
  • B. A VAP configured for WPA2 or 3 Enterprise
  • C. A VAP configured to authenticate locally on FortiGate
  • D. A VAP configured to authenticate using a radius server

Answer : BD

In the SSID choose WPA2-Enterprise authentication.
WSSO is RADIUS-based authentication that passes the user's user group memberships to the FortiGate.

Configuration_Guide.pdf -

Where in the controller interface can you find a wireless clientג€™s upstream and downstream link rates?

  • A. On the AP CLI, using the cw_diag ksta command
  • B. On the controller CLI, using the diag wireless-controller wlac -d sta command
  • C. On the AP CLI, using the cw_diag -d sta command
  • D. On the controller CLI, using the WiFi Client monitor

Answer : B

Which administrative access method must be enabled on a FortiGate interface to allow APs to connect and function?

  • A. Security Fabric
  • B. SSH
  • C. HTTPS
  • D. FortiTelemetry

Answer : A


You are investigating a wireless performance issue and you are trying to audit the neighboring APs in the PF environment. You review the Rogue APs widget on the GUI but it is empty, despite the known presence of other APs.
Which configuration change will allow neighboring APs to be successfully detected?

  • A. Enable Locate WiFi clients when not connected in the relevant AP profiles.
  • B. Enable Monitor channel utilization on the relevant AP profiles.
  • C. Ensure that all allowed channels are enabled for the AP radios.
  • D. Enable Radio resource provisioning on the relevant AP profiles.

Answer : D

The ARRP (Automatic Radio Resource Provisioning) profile improves upon DARRP (Distributed Automatic Radio Resource Provisioning) by allowing more factors to be considered to optimize channel selection among FortiAPs. DARRP uses the neighbor APs channels and signal strength collected from the background scan for channel selection.

Which two roles does FortiPresence analytics assist in generating presence reports? (Choose two.)

  • A. Gathering details about on site visitors
  • B. Predicting the number of guest users visiting on-site
  • C. Comparing current data with historical records
  • D. Reporting potential threats by guests on site

Answer : AB

Reference: started.pdf

What type of design model does FortiPlanner use in wireless design project?

  • A. Architectural model
  • B. Predictive model
  • C. Analytical model
  • D. Integration model

Answer : A

FortiPlanner will look familiar to anyone who has used architectural or home design software.

Page:    1 / 2   
Exam contains 33 questions

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.