You are configuring FortiSwitch to perform layer 3 inter-VLAN routing while managed by FortiGate over FortiLink. On supported hardware models, FortiSwitch can offload routing decisions for better performance.
How does FortiSwitch perform routing between VLANs?
ABy using a hardware forwarding table (FIB) programmed into ASIC.
BBy supporting only dynamic routing protocols in hardware.
CBy disabling routing when managed by FortiGate.
DBy relying entirely on the CPU in software.
You are deploying a small office network with a single FortiGate and a single FortiSwitch. The office currently has moderate traffic, but the IT team expects the network to grow in the near future, adding more FortiSwitch devices and endpoints.
Which FortiLink configuration should you deploy to provide the best combination of current performance and scalability for future growth?
AConfigure FortiLink using hardware-based switch interfaces.
BConfigure FortiLink using software-based switch interfaces.
CConfigure FortiLink as a link aggregation group (LAG) interface.
DConfigure FortiLink as a multichassis LAG (MCLAG) interface.
When Dynamic Host Configuration Protocol (DHCP) snooping is enabled on a FortiSwitch VLAN, which two statements are true? (Choose two.)
ADHCP replies are accepted only on trusted ports.
BDHCP snooping blocks all unicast traffic.
COption 82 can be inserted into DHCP requests.
DDHCP requests are dropped if sent from trusted ports.
Which two statements about the FortiLink authorization process are true? (Choose two.)
AA FortiLink frame is sent by FortiGate to FortiSwitch to complete the authorization.
BFortiLink authorization sets the FortiSwitch management mode to FortiLink.
CFortiSwitch requires a reboot to complete the authorization process.
DFortiLink authorization permanently erases the existing configuration of the FortiSwitch.
Question 6
Network Security
0
Question 7
Enterprise Networking
Question 8
Network Security
Question 9
Enterprise Networking
Question 10
Enterprise Networking
Question 11
Enterprise Networking
Question 12
Enterprise Networking
Question 13
Enterprise Networking
Question 14
Enterprise Networking
Question 15
Enterprise Networking
Question 16
Enterprise Networking
Question 17
Enterprise Networking
Question 18
Network Security
Question 19
Enterprise Networking
Question 20
Enterprise Networking
Question 21
Enterprise Networking
Question 22
Network Security
Question 23
Enterprise Networking
Question 24
Enterprise Networking
Question 25
Enterprise Networking
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
In which two ways can you assign a FortiSwitch port to a VDOM using a multi-tenancy setup? (Choose two.)
AAssign the switch port to a VLAN on FortiGate and perform VDOM mapping
BCreate a virtual port pool on the FortiGate CLI.
CAssign a port to a VDOM directly on the managed FortiSwitch.
DSwitch the FortiLink interface to the target VDOM.
When you change FortiSwitch management mode from standalone to managed, what happens to the existing standalone configuration?
AFortiSwitch registers to FortiSwitch Cloud to save a copy before managing with FortiGate.
BFortiSwitch merges the existing standalone configuration with the default FortiLink configuration.
CFortiSwitch saves the standalone configuration and changes to the default FortiLink configuration.
DFortiGate automatically saves the existing FortiSwitch configuration during the FortiLink management process.
Refer to the exhibits.
Network Topology -
DHCP Snooping database -
All three FortiSwitch-connected ports are configured in VLAN 10.
FortiGate acts as the Dynamic Host Configuration Protocol (DHCP) server and is connected to a DHCP snooping trusted trunk port. PC1 and PC2 are connected to ports configured as untrusted for DAI, and no static bindings are configured in the IP source guard (IPSG) database.
PC2 is compromised and attempts to spoof the FortiGate IP address by sending forged Address Resolution Protocol (ARP) replies with its own MAC address.
What will FortiSwitch do with the ARP packets from PC2?
AForward the ARP replies because there are no IPSG bindings blocking them.
BAccept the ARP replies because the VLAN has DAI enabled and FortiGate is a trusted DHCP server.
CForward the ARP replies to all VLAN 10 ports because DAI is only active on trusted ports.
DDrop the ARP replies because they fail DAI validation against the DHCP snooping database.
Refer to the exhibit.
Commands -
The LLDP profile shown in the exhibit was configured to detect IP phones and automatically assign them to the appropriate VLAN. You apply this LLDP profile on a FortiSwitch port.
Which configuration should you enable on the FortiSwitch profile to collect detailed information about all the connected IP phones?
ACreate a new LLDP profile to handle different LLDP-MED TLVs.
BConfigure a dedicated voice VLAN with DSCP 46.
CEnable LLDP-MED inventory management TLVs.
DEnable auto-isl.
You are deploying a FortiSwitch virtual stack in a network that contains Cisco devices. You want the Cisco devices to automatically discover the FortiSwitch devices and exchange device information.
Which two protocols must be enabled on the FortiSwitch devices to achieve this? (Choose two.)
AUnidirectional Link Detection
BCisco Discovery Protocol
CLink Layer Discovery Protocol
DLLDP - Media Endpoint Discovery
Refer to the exhibit.
Topology view -
You just connected three FortiSwitch devices: Core-1, Core-2, and Access-1. Core-1 and Core-2 both connect to Access-1 for redundancy.
All switches are managed by FortiGate, which uses port4 as the FortiLink interface. After you enable the uplink ports on Core-2, you notice that port3 on Access-1 enters the Discarding STP state.
What is the most likely cause of this behavior?
ABridge Protocol Data Unit (BPDU) Guard is enabled, which shuts down the port after it receives BPDUs.
BAccess-1 is not authorized by FortiGate.
CCore-2 has the lowest bridge priority.
DFortiGate is not running Spanning Tree Protocol (STP) on the FortiLink interface.
You are configuring VLANs on a FortiSwitch device managed by FortiGate.
Which two statements accurately describe VLAN assignment requirements and behavior on FortiSwitch ports? (Choose two.)
AUntagged defines the list of VLANs that are allowed on the port for both ingress and egress traffic.
BUntagged VLAN applies to egress traffic only.
CYou can assign only one native VLAN on a port.
DVLAN assignments must be configured directly on the FortiSwitch.
Refer to the exhibit.
Network Topology -
PC1 and PC2 are connected to port1 on FortiSwitch.
Which VLAN tags will FortiSwitch apply when forwarding PC1 and PC2 traffic out of port2?
AFortiSwitch will tag PC1 and PC2 frames with VLAN 20.
BFortiSwitch will tag both PC1 and PC2 frames with VLAN 10, due to MAC override.
CFortiSwith will tag PC1 frames with VLAN 10 and PC2 frames with VLAN 20.
DFortiSwitch will leave PC1 frames untagged and will tag PC2 frames with VLAN 10.
What is one key advantage of using a sniffer profile on FortiSwitch compared to using the sniffer command?
AIt allows packet capture on all switch ports without limitations.
BIt eliminates the need to use access control lists (ACLs) or port mirroring for analysis.
DIt automatically decrypts SSL/TLS traffic for full packet inspection.
A FortiGate is connected to a pair of FortiSwitch devices.
For redundancy, FortiGate must use uplinks on both switches simultaneously without depending on Spanning Tree Protocol (STP).
Which configuration is required?
AMulti-tier topology
BMultichassis link aggregation group (MCLAG)
CFull mesh high availability (HA)
DLink aggregation group (LAG)
Refer to the exhibit.
Debug capture of the fortilinkd process on FortiGate
A periodic heartbeat message sent from a managed FortiSwitch and corresponding acknowledgments from FortiGate is shown.
What does this behavior indicate?
AThe FortiLink connection between FortiGate and FortiSwitch is healthy and active.
BFortiGate is unable to establish a FortiLink session with FortiSwitch.
CForitSwitch is expecting an authorization from FortiGate.
DFortiSwitch has not been authorized yet.
What is an advantage of using a FortiSwitch stack in managed switch mode with FortiGate when deploying VLANs?
AFortiGate executing the routing and FortiSwitch managing its configuration.
BEnsuring VLAN traffic can pass between connected switches in the stack.
CFortiGate no longer needing to manage any VLAN configuration.
DFortiGate provides visibility and control for inter-vlan traffic.
Refer to the exhibit.
The security port policy is configured as shown in the exhibit.
Which behavior occurs if a device connected to the port that does not support 802.1X?
AThe device is blocked from accessing the network.
BThe device is placed into the onboarding VLAN.
CThe device is placed into the quarantine VLAN.
DThe device is assigned to the default management VLAN.
How does FortiSwitch determine the route for traffic traversing its interfaces?
AHardware-based routing on FortiSwitch is handled by the CPU.
BASIC hardware routing can handle only dynamic routing, if supported.
CFortiSwitch looks up the hardware routing table and then the forwarding information base (FIB).
DFortiSwitch forwards all traffic to FortiGate for routing decisions.
How does enabling an IGMP snooping proxy on FortiSwitch help reduce the number of IGMP reports processed by the IGMP querier?
ABy converting IGMP reports into broadcast packets to reach all VLAN members
BBy converting IGMP traffic to unicast
CBy suppressing duplicate IGMP reports within the VLAN
DBy forwarding IGMP reports only when the first member joins and the last member leaves
Which statement best describes a benefit of using MAC, IP address, or protocol-based VLAN assignments on FortiSwitch?
AIt disables 802.1X authentication while preserving user access control.
BIt requires devices to authenticate through a RADIUS server before VLAN tagging.
CIt assigns ports to VLANs regardless of device type or traffic.
DIt offers dynamic segmentation benefits similar to 802.1X authentication.
Refer to the exhibit.
FortiSwitch configuration -
You run the command diagnose switch-controller switch-info loopguard access-1 and see that the MAC-Move column displays a value of 0 for port1.
What does this indicate?
ALoop guard is disabled on port1.
BPort1 is not being monitored by loop guard.
CThe MAC move feature is not enabled.
DPort1 will shut down if a loop occurs on any VLAN.
Which QoS mechanism maps packets with specific class of service (COS) or Differentiated Services Code Point (DSCP) markings to an egress queue?
AClassification for ingress traffic
BQueuing for egress traffic
CPolicing for ingress traffic
DShaping for egress traffic
What does the switch auto-network setting control on FortiSwitch?
AThe automatic VLAN assignment based on connected devices
BThe automatic discovery of the FortiGate->FortiLink interface
CThe root bridge priority for Multipl Spanning Tree Protocol (MSTP)
DWhether the FortiSwitch can be managed by FortiManager
Refer to the exhibit.
Debug output -
Which two statements best describe what is displayed in the FortiLink debug output shown in the exhibit? (Choose two.)
AFortiSwitch is in a waiting state to join the stack group on FortiGate.
BFortiSwitch is sending FortiLink heartbeats to FortiGate.
CFortiSwitch is discovered and authorized by FortiGate.
DFortiSwitch is sending LLDP-MED inventory management updates to FortiGate.
