NSE5_FCT-7.0 Topic 1
Q1. Which security fabric component sends a notification to quarantine an endpoint after IOC detection in the automation process?
A. FortiClient EMS
B. FortiAnalyzer
C. FortiClient
D. FortiGate
Hint answer: B
Q2. An administrator has a requirement to add user authentication to the ZTNA access for remote or off-fabric users. Which FortiGate feature is required in addition to ZTNA?
A. FortiGate endpoint control
B. FortiGate certificates
C. FortiGate FSSO
D. FortiGate explicit proxy
Hint answer: D
Q3. A new chrome book is connected in a school’s network. Which component can the EMS administrator use to manage the FortiClient web filter extension installed on the Google Chromebook endpoint?
A. FortiClient web filter extension
B. FortiClient site categories
C. FortiClient customer URL list
D. FortiClient EMS
Hint answer: D
Q4. An administrator installs FortiClient EMS in the enterprise. Which component is responsible for enforcing protection and checking security posture?
A. FortiClient vulnerability scan
B. FortiClient EMS tags
C. FortiClient
D. FortiClient EMS
Hint answer: A
Q5. An administrator is required to maintain a software vulnerability on the endpoints, without showing the feature on the FortiClient dashboard.
What must the administrator do to achieve this requirement?
A. Click the hide icon on the vulnerability scan tab
B. Use the default endpoint profile
C. Disable select the vulnerability scan feature in the deployment package
D. Select the vulnerability scan feature in the deployment package, but disable the feature on the endpoint profile
Hint answer: A
Q6. Refer to the exhibit.
Based on the FortiClient logs shown in the exhibit, which software application is blocked by the application firewall?
A. Twitter
B. Facebook
C. Firefox
D. Internet Explorer
Hint answer: C
Q7. Refer to the exhibit.
Based on the settings shown in the exhibit, which statement about FortiClient behaviour is true?
A. FortiClient blocks and deletes infected files after scanning them.
B. FortiClient copies infected files to the Resources folder without scanning them.
C. FortiClient quarantines infected files and reviews later, after scanning them.
D. FortiClient scans infected files when the user copies files to the Resources folder.
Hint answer: C
Q8. In a FortiSandbox integration, what does the remediation option do?
A. Deny access to a file when it sees no results
B. Wait for FortiSandbox results before allowing files
C. Alert and notify only
D. Exclude specified files
Hint answer: C
Q9. Refer to the exhibit, which shows the endpoint summary information on FortiClient EMS.
What two conclusions can you make based on the Remote-Client status shown above? (Choose two.)
A. The endpoint is classified as at risk.
B. The endpoint has been assigned the Default endpoint policy.
C. The endpoint is configured to support FortiSandbox.
D. The endpoint is currently off-net.
Hint answer: B D
Q10. Which component or device shares ZTNA tag information through Security Fabric integration?
A. FortiClient
B. FortiClient EMS
C. FortiGate
D. FortiGate Access Proxy
Hint answer: B
Q11. Refer to the exhibit.
Based on the FortiClient log details shown in the exhibit, which two statements are true? (Choose two.)
A. The filename is sent to FortiSandbox for further inspection.
B. The file status is Quarantined.
C. The file location is \??\D:\Users\.
D. The filename is Unconfirmed 899290.crdownload.
Hint answer: B D
Q12. Refer to the exhibit.
Based on the settings shown in the exhibit, which two actions must the administrator take to make the endpoint compliant? (Choose two.)
A. Enable the webfilter profile.
B. Integrate FortiSandbox for infected file analysis.
C. Patch applications that have vulnerability rated as high or above.
D. Run Calculator application on the endpoint.
Hint answer: C D
Q13. Refer to the exhibit.
An administrator has restored the modified XML configuration file to FortiClient and sees the error shown in the exhibit.
Based on the XML settings, what must the administrator do to resolve the issue with the XML configuration file?
A. The administrator must use a password to decrypt the file.
B. The administrator must resolve the XML syntax error.
C. The administrator must save the file as FortiClient-config.conf.
D. The administrator must change the file format.
Hint answer: B
Q14. Refer to the exhibit, which shows the Zero Trust Tagging Rule Set configuration.
Which two statements about the rule set are true? (Choose two.)
A. The endpoint must satisfy that only Windows 10 is running.
B. The endpoint must satisfy that only AV software is installed and running.
C. The endpoint must satisfy that antivirus is installed and running and Windows 10 is running.
D. The endpoint must satisfy that only Windows Server 2012 R2 is running.
Hint answer: C D
Q15. Refer to the exhibit, which shows FortiClient EMS deployment profiles. When an administrator creates a deployment profile on FortiClient EMS, which statement about the deployment profile is true?
A. Deployment-2 will install FortiClient on both the AD group and workgroup.
B. Deployment-2 will upgrade FortiClient on both the AD group and workgroup.
C. Deployment-1 will install FortiClient on new AD group endpoints.
D. Deployment-1 will upgrade FortiClient only on the workgroup.
Hint answer: B
Q16. Refer to the exhibit, which shows the output of the ZTNA traffic log on FortiGate.
What can you conclude from the log message?
A. The remote user connection does not match the explicit proxy policy.
B. The remote user connection does not match the ZTNA server configuration.
C. The remote user connection does not match the ZTNA firewall policy.
D. The remote user connection does not match the ZTNA rule configuration.
Hint answer: B
Q17. Which component or device shares device status information through ZTNA telemetry?
A. FortiClient
B. FortiGate
C. FortiGate Access Proxy
D. FortiClient EMS
Hint answer: A
Q18. What does FortiClient do as a fabric agent? (Choose two.)
A. Provides application inventory
B. Provides IOC verdicts
C. Automates Responses
D. Creates dynamic policies
Hint answer: A C
Q19. Refer to the exhibit, which shows multiple endpoint policies on FortiClient EMS.
Which policy is applied to the endpoint in the AD group trainingAD?
A. Both the Sales and Training policies because their priority is higher than the Default policy
B. The Training policy
C. The Default policy because it has the highest priority
D. The Sales policy
Hint answer: B
Q20. Why does FortiGate need the root CA certificate of FortiClient EMS?
A. To update FortiClient client certificates
B. To trust certificates issued by FortiClient EMS
C. To revoke FortiClient client certificates
D. To sign FortiClient CSR requests
Hint answer: B
Q21. An administrator configures ZTNA configuration on the FortiGate for remote users.
Which statement is true about the firewall policy?
A. It defines the access proxy.
B. It redirects the client request to the access proxy.
C. It applies security profiles to protect traffic.
D. It enforces access control.
Hint answer: B
Q22. Refer to the exhibits, which show a network topology diagram of ZTNA proxy access and the ZTNA rule configuration. An administrator runs the diagnose endpoint record list CLI command on FortiGate to check Remote-Client endpoint information, however Remote-Client is not showing up in the endpoint record list. What is the cause of this issue?
A. Remote-Client failed the client certificate authentication.
B. Remote-Client provided an empty client certificate to connect to the ZTNA access proxy.
C. Remote-Client has not initiated a connection to the ZTNA access proxy.
D. Remote-Client provided an invalid certificate to connect to the ZTNA access proxy.
Hint answer: A
Q22. Which two statements are true about the ZTNA rule? (Choose two.)
A. It enforces access control.
B. It redirects the client request to the access proxy.
C. It applies security profiles to protect traffic.
D. It defines the access proxy.
Hint answer: A C
Q23. What action does FortiClient anti-exploit detection take when it detects exploits?
A. Deletes the compromised application process
B. Blocks memory allocation to the compromised application process
C. Terminates the compromised application process
D. Patches the compromised application process
Hint answer: C
Q24. When site categories are disabled in FortiClient webfilter and antivirus (malicious websites), which feature can be used to protect the endpoint from malicious web access?
A. Web exclusion list
B. FortiSandbox URL list
C. Real-time protection list
D. Block malicious websites on antivirus
Hint answer: A
Q25. An administrator deploys a FortiClient installation through the Microsoft AD group policy. After the installation is complete, all the custom configuration is missing.
What could have caused this problem?
A. The FortiClient MST file is missing from the distribution package.
B. The FortiClient package is not assigned to the group.
C. The FortiClient .exe file is included in the distribution package.
D. FortiClient does not have permission to access the distribution package.
Hint answer: A
Q26. Refer to the exhibits, which show the Zero Trust Tag Monitor and the FortiClient GUI status.
Remote-Client is tagged as Remote-Users on the FortiClient EMS Zero Trust Tag Monitor. What must an administrator do to show the tag on the FortiClient GUI?
A. Change the FortiClient system settings to enable tag visibility.
B. Update tagging rule logic to enable tag visibility.
C. Change the user identity settings to enable tag visibility.
D. Change the endpoint control setting to enable tag visibility.
Hint answer: A
Q27. Refer to the exhibit.
Based on the settings shown in the exhibit, which action will FortiClient take when users try to access www facebook.com?
A. FortiClient will prompt a warning message to warn the user before they can access the Facebook website.
B. FortiClient will block access to Facebook and its subdomains.
C. FortiClient will monitor only the user’s web access to the Facebook website.
D. FortiClient will allow access to Facebook.
Hint answer: D
Q28. An administrator installs FortiClient on Windows Server.
What is the default behavior of real-time protection control?
A. Real-time protection must update AV signature database.
B. Real-time protection is disabled.
C. Real-time protection sends malicious files to FortiSandbox when the file is not detected locally.
D. Real-time protection must update the signature database from FortiSandbox.
Hint answer: B
Q29. Refer to the exhibit.
Based on the logs shown in the exhibit, why did FortiClient EMS fail to install FortiClient on the endpoint?
A. The FortiClient antivirus service is not running.
B. The Windows installer service is not running.
C. The task scheduler service is not running.
D. The remote registry service is not running.
Hint answer: C
Q30. Which two statements are true about ZTNA? (Choose two.)
A. ZTNA provides role-based access.
B. ZTNA manages access for remote users only.
C. ZTNA manages access through the client only.
D. ZTNA provides a security posture check.
Hint answer: A D
Q31. Refer to the exhibit.
Based on the FortiClient logs shown in the exhibit, which endpoint profile policy is currently applied to the FortiClient endpoint from the EMS server?
A. Compliance rules default
B. Default
C. Default configuration policy
D. Fortinet-Training
Hint answer: D
Q32. A FortiClient EMS administrator has enabled the compliance rule for the sales department. Which Fortinet device will enforce compliance with dynamic access control?
A. FortiAnalyzer
B. FortiClient EMS
C. FortiGate
D. FortiClient
Hint answer: C
Q32. Refer to the exhibit, which shows the output of the ZTNA traffic log on FortiGate.
What can you conclude from the log message?
A. The remote user connection does not match the explicit proxy policy.
B. The remote user connection does not match the ZTNA server configuration.
C. The remote user connection does not match the ZTNA firewall policy.
D. The remote user connection does not match the ZTNA rule configuration.
Hint answer: D
Q33. Which three features does FortiClient endpoint security include? (Choose three.)
A. Real-time protection
B. IPsec
C. Vulnerability management
D. DLP
E. L2TP
Hint answer: A B C
Q34. Refer to the exhibit.
Based on the Security Fabric automation settings, what action will be taken on compromised endpoints?
A. Endpoints will be banned on FortiGate.
B. Endpoints will be quarantined through a network device.
C. An email notification will be sent for compromised endpoints.
D. Endpoints will be quarantined through EMS.
Hint answer: D
Q35. Which two VPN types can a FortiClient endpoint user initiate from the Windows command prompt? (Choose two.)
A. PPTP
B. L2TP
C. SSL VPN
D. IPSec
Hint answer: C D
Q36. An administrator needs to connect FortiClient EMS as a fabric connector to FortiGate. What is the prerequisite to get FortiClient EMS to connect to FortiGate successfully?
A. Import and verify the FortiClient EMS root CA certificate on FortiGate.
B. Revoke and update the FortiClient client certificate on EMS.
C. Revoke and update the FortiClient EMS root CA.
D. Import and verify the FortiClient client certificate on FortiGate.
Hint answer: A
Q37. Which two benefits are benefits of using multi-tenancy mode on FortiClient EMS? (Choose two.)
A. It provides granular access and segmentation.
B. The fabric connector must use an IP address to connect to FortiClient EMS.
C. Licenses are shared among sites.
D. Separate host servers manage each site.
Hint answer: A C
Q38. Which statement about the FortiClient enterprise management server is true?
A. It receives the configuration information of endpoints from FortiGate.
B. It provides centralized management of multiple endpoints running FortiClient software.
C. It receives the CA certificate from FortiGate to validate client certificates.
D. It enforces compliance on the endpoints using tags.
Hint answer: B
Q39. Refer to the exhibit.
Based on the settings shown in the exhibit, what action will FortiClient take when it detects that a user is trying to download an infected file?
A. Blocks the infected files as it is downloading
B. Sends the infected file to FortiGuard for analysis
C. Quarantines the infected files and logs all access attempts
D. Allows the infected file to download without scan
Hint answer: D
Q40. What is the function of the quick scan option on FortiClient?
A. It scans programs and drivers that are currently running, for threats.
B. It performs a full system scan including all files, executable files, DLLs, and drivers for threats.
C. It allows users to select a specific file folder on their local hard disk drive (HDD), to scan for threats.
D. It scans executable files, DLLs, and drivers that are currently running, for threats.
Hint answer: D
Q41. An administrator wants to simplify remote access without asking users to provide user credentials.
Which access control method provides this solution?
A. ZTNA full mode
B. SSL VPN
C. L2TP
D. ZTNA IP/MAC filtering mode
Hint answer: A
Q42. Which two third-party tools can an administrator use to deploy FortiClient? (Choose two.)
A. Microsoft Active Directory GPO
B. Microsoft SCCM
C. QR code generator
D. Microsoft Windows Installer
Hint answer: A B
Q43. Which statement about FortiClient comprehensive endpoint protection is true?
A. It helps to safeguard systems from email spam.
B. It helps to safeguard systems from advanced security threats, such as malware.
C. It helps to safeguard systems from data loss.
D. It helps to safeguard systems from DDoS.
Hint answer: B