What would happen if a port was placed in both the Forced Registration and the Forced Remediation port groups?

1. A. Only rogue hosts would be impacted.
2. B. Both enforcement groups cannot contain the same port.
3. C. Only al-risk hosts would be impacted.
4. D. Both types of enforcement would be applied.

Correct Answer: B
Reference: https://docs.fortinet.com/document/fortinac/8.3.0/administration-guide/837785/system-groups

When FortiNAC passes a firewall tag to FortiGate, what determines the value that is passed?

1. A. Security rule
2. B. Device profiling rule
3. C. RADIUS group attribute
4. D. Logical network

Correct Answer: B

Refer to the exhibit.

If a host is connected to a port in the Building 1 First Floor Ports group, what must also be true to match this user/host profile?

1. A. The host must have a role value of contractor, an installed persistent agent or a security access value of contractor, and be connected between 6 AM and 5 PM.
2. B. The host must have a role value of contractor or an installed persistent agent, a security access value of contractor, and be connected between 9 AM and 5 PM.
3. C. The host must have a role value of contractor or an installed persistent agent and a security access value of contractor, and be connected between 6 AM and 5 PM.
4. D. The host must have a role value of contractor or an installed persistent agent or a security access value of contractor, and be connected between 6 AM and 5 PM.

Correct Answer: D
Looking at the provided exhibit which shows the Modify User/Host Profile window, the following must be true for a host to match the user/host profile:
✑ The host must be connected to a port within the "Building 1 First Floor Ports" group.
✑ The host must fulfill at least one of the following attributes:
✑ The host must be connected between the specified times of 6 AM and 5 PM on any day of the week.
The profile specifies that the host can match the profile by having any one of the listed attributes (Role as Contractor, Persistent Agent installed with specific security & access value), and the time condition must also be met. Therefore, the correct answer is D, which includes "or" conditions for the role value and persistent agent and specifies the correct time frame.

Which two device classification options can register a device automatically and transparently to the end user? (Choose two.)

1. A. Dissolvable agent
2. B. DotlxAuto Registration
3. C. Device importing
4. D. MDM integration
5. E. Captive portal

Correct Answer: BD
The FortiNAC 7.2 Study Guide does not explicitly mention Dot1x Auto Registration and MDM integration as the specific device classification options for automatic and transparent registration to the end user. However, based on the general functioning of FortiNAC, Dot1x Auto Registration and MDM integration are typically used for such purposes. The guide discusses automatic device registration in the context of profiling rules

Where do you look to determine when and why the FortiNAC made an automated network access change?

1. A. The Event view
2. B. The Port Changes view
3. C. The Connections view
4. D. The Admin Auditing view

Correct Answer: B
Reference: https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/536166/viewing- event-logs
Study Guide p. 356: Any time FortiNAC changes network access for an endpoint, the change is documented on the Port Changes view. This provides an administrator with valuable information when validating control configurations and enforcement.