Question 1

An administrator is required to maintain a software vulnerability on the endpoints, without showing the feature on the FortiClient dashboard. What must the administrator do to achieve this requirement?

ADisable select the vulnerability scan feature in the deployment package

BUse the default endpoint profile

CSelect the vulnerability scan feature in the deployment package, but disable the feature on the endpoint profile

DClick the hide icon on the vulnerability scan tab

Answer : D

Question 2

Refer to the exhibit.

Which shows FortiClient EMS deployment profiles.

When an administrator creates a deployment profile on FortiClient EMS, which statement about the deployment profile is true?

ADeployment-1 will install FortiClient on new AD group endpoints

BDeployment-2 will install FortiClient on both the AD group and workgroup

CDeployment-2 will upgrade FortiClient on both the AD group and workgroup

DDeployment-1 will upgrade FortiClient only on the workgroup

Answer : C

Question 3

An administrator needs to connect FortiClient EMS as a fabric connector to FortiGate. What is the prerequisite to get FortiClient EMS to connect to FortiGate successfully?

ARevoke and update the FortiClient EMS root CA.

BRevoke and update the FortiClient client certificate on EMS.

CImport and verify the FortiClient client certificate on FortiGate.

DImport and verify the FortiClient EMS root CA certificate on FortiGate

Answer : D

The FortiClient EMS root CA certificate needs to be imported and verified on the FortiGate appliance. This allows the FortiGate to trust the certificate authority (CA) used by FortiClient EMS for issuing client certificates. By importing and verifying the root CA certificate, FortiGate can establish a secure connection with FortiClient EMS and validate the authenticity of the client certificates presented during the connection process.

Question 4

Refer to the exhibit.

Based on the FortiClient logs shown in the exhibit which endpoint profile policy is currently applied to the FortiClient endpoint from the EMS server?

ADefault

BCompliance rules default

CFortinet- Training

DDefault configuration policy

Answer : C

Question 5

Refer to the exhibits, which show a network topology diagram of ZTNA proxy access and the ZTNA rule configuration.

An administrator runs the diagnose endpoint record list CLI command on FortiGate to check Remote-Client endpoint information, however Remote-Client is not showing up in the endpoint record list.

What is the cause of this issue?

ARemote-Client failed the client certificate authentication.

BRemote-Client provided an empty client certificate to connect to the ZTNA access proxy.

CRemote-Client has not initiated a connection to the ZTNA access proxy.

DRemote-Client provided an invalid certificate to connect to the ZTNA access proxy.

Answer : A

'You can use CLI Command [...] to verify the presence of matching endpoint record [...] If any of the Information is missing or incomplete, client certificate authentication might fail because FortiClient cannot locate corresponding endpoint entry.' There is probably a typo there and it should read: 'because FortiGate cannot locate corresponding endpoint entry.' --> see Admin guide for 'endpoint record list' and CLI command in that context. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/25915/establish-device-identity-and-trust-context-with-forticlient-ems

Free NSE5_FCT-7.0 Questions for Fortinet NSE5_FCT-7.0 Exam as PDF & Practice Test Software

Question 1

Question 2

Question 3

Question 4

Question 5