Where can FortiGate learn the FortiManager IP address or FQDN for zero-touch provisioning'?
According to the FortiGate Administration Guide, ''FortiGate can learn the FortiManager IP address or FQDN for zero-touch provisioning from a DNS server using A or AAAA records. The DNS server must be configured to resolve the hostname fortimanager.fortinet.com to the IP address or FQDN of the FortiManager device.'' Therefore, option D is true because it describes the method for FortiGate to learn the FortiManager IP address or FQDN for zero-touch provisioning. Option A is false because LDAP is not used for zero-touch provisioning. Option B is false because TFTP is not used for zero-touch provisioning. Option C is false because DHCP options 240 and 241 are not used for zero-touch provisioning.
When you configure a FortiAP wireless interface for auto TX power control which statement describes how it configures its transmission power"?
Which CLI command should an administrator use to view the certificate verification process in real time?
According to the FortiOS CLI Reference Guide, ''The diagnose debug application foauthd command enables debugging of certificate verification process in real time.'' Therefore, option A is true because it describes the CLI command that an administrator should use to view the certificate verification process in real time. Option B is false because diagnose debug application radiusd -1 enables debugging of RADIUS authentication process, not certificate verification process. Option C is false because diagnose debug application authd -1 enables debugging of authentication daemon process, not certificate verification process. Option D is false because diagnose debug application fnbamd -1 enables debugging of FSSO daemon process, not certificate verification process.
Which two statements about the MAC-based 802 1X security mode available on FortiSwitch are true? (Choose two.)
According to the FortiSwitch Administration Guide, ''MAC-based 802.1X security mode allows you to authenticate each device connected to a port using its MAC address as the username and password.'' Therefore, option B is true because it describes the MAC-based 802.1X security mode available on FortiSwitch. Option D is also true because FortiSwitch can grant different access levels to each device connected to the port based on the user group and security policy assigned to them. Option A is false because FortiSwitch does not authenticate a single device and open the port to other devices connected to the port, but rather authenticates each device individually. Option C is false because MAC-based 802.1X security mode can be used in conjunction with MAC authentication bypass (MAB) or EAP pass-through modes, which are fallback options for non-802.1X devices.
Which two statements about MAC address quarantine by redirect mode are true? (Choose two)
According to the FortiGate Administration Guide, ''MAC address quarantine by redirect mode allows you to quarantine devices by adding their MAC addresses to a firewall address group called Quarantined Devices. The quarantined devices are kept in their current VLANs, but their traffic is redirected to a quarantine portal.'' Therefore, options B and D are true because they describe the statements about MAC address quarantine by redirect mode. Option A is false because the quarantined device is not moved to the quarantine VLAN, but rather kept in the current VLAN. Option C is false because redirect mode is not the default mode for MAC address quarantine, but rather an alternative mode that can be enabled by setting mac-quarantine-mode to redirect.
: https://docs.fortinet.com/document/fortiap/7.0.0/configuration-guide/734537/radius-authenticated-dynamic-vlan-allocation : https://docs.fortinet.com/document/fortigate/7.0.0/administration-guide/734537/mac-address-quarantine