Which agent is used only as part of a login script?

1. A. Mobile
2. B. Passive
3. C. Persistent
4. D. Dissolvable

Correct Answer: B
In the context of network access control systems like FortiNAC, a dissolvable agent is typically a piece of software that is executed on the endpoint as part of a login script or when a user accesses a captive portal. It runs once to gather information or enforce policies and then removes itself from the system, hence the term "dissolvable." References
✑ FortiNAC documentation on agent deployment and types of agents.

Which devices would be evaluated by device profiling rules?

1. A. Rogue devices, each time they connect
2. B. All hosts, each time they connect
3. C. Known trusted devices, each time they change location
4. D. Rogue devices, only when they are initially added to the database

Correct Answer: B
Device profiling rules in FortiNAC are used to evaluate and classify rogue devices. These rules can be configured to automatically, manually, or through sponsorship evaluate and classify unknown untrusted devices as they are identified and created. References
✑ FortiNAC 7.2 Study Guide, page 98

View the command and output shown in the exhibit.

What is the current state of this host?

1. A. Rogue
2. B. Registered
3. C. Not authenticated
4. D. At-Risk

Correct Answer: A
The exhibit's command and output detail various attributes for a specific host, including the MAC address, connection status, and various other parameters. The status "Connected" and state "Initial" indicate that the host has been detected on the network but has not yet completed any authentication process. The lines "Client Not Authenticated = true" and "Client needs to authenticate = false" suggest that the host has not yet been authenticated. Therefore, the current state of the host is "Not authenticated," since there is a clear indication that the authentication process has not been completed for this host.

Where should you configure MAC notification traps on a supported switch?

1. A. Configure them only after you configure linkup and linkdown traps.
2. B. Configure them on all ports on the switch.
3. C. Configure them only on ports set as 802 1g trunks.
4. D. Configure them on all ports except uplink ports.

Correct Answer: C
In general, for network switches supporting MAC notification traps, it's advisable to configure these traps on all ports except uplink ports. Uplink ports are used for connecting to other switches or network infrastructure devices and typically don't need MAC notification traps, which are more relevant for end-device connectivity monitoring.
The study guide specifies that MAC notification traps should not be configured on interfaces that are uplinks. They are the preferred method for learning and updating Layer 2 information and should be used whenever available, but not on uplink interfaces.

Which three of the following are components of a security rule? (Choose three.)

1. A. Security String
2. B. Methods
3. C. Action
4. D. User or host profile
5. E. Trigger

Correct Answer: CDE
Reference: https://docs.fortinet.com/document/fortinac/8.8.0/administration-guide/167668/add-or-modify-a-rule