What is the primary function of FortiPlanner in wireless network planning?
- A . Managing FortiAP devices
- B . Configuring wireless security policies
- C . Predictive modeling for wireless network coverage
- D . Real-time monitoring of wireless traffic
What is the first step in troubleshooting client connection issues on a wireless network managed by FortiGate?
- A . Check the SSID broadcast settings
- B . Analyze packet captures
- C . Verify VLAN configurations
- D . Review the client’s signal strength
What functionalities can be achieved using FortiAP profiles?
- A . Deploying advanced wireless settings
- B . VLAN configuration for each SSID
- C . FortiAP load balancing
- D . Client connection rules with advanced bridge mode
Which command is used to monitor wireless client traffic on a FortiGate device?
- A . diagnose wireless-controller wlac -d Sta
- B . get system wireless client
- C . execute wireless-controller client-status
- D . monitor wifi-client traffic
Which tools might be useful when troubleshooting wireless performance issues?
- A . RF spectrum analyzer
- B . Packet capture analyzer
- C . DHCP lease tracker
- D . Encryption key generator
In a scenario where multiple SSIDs are broadcasting on a FortiAP device, how would you ensure that a specific SSID is associated with a particular network segment?
- A . Using the FortiGate guest management feature.
- B . By configuring VLANs on SSIDs.
- C . Using advanced bridge mode options.
- D . Through FortiAP and client load balancing.
Advanced bridge mode options on FortiAP devices allow for direct communication between wireless and wired networks.
- A . True
- B . False
The suppression of rogue APs is essential because:
- A . It helps in allocating IP addresses efficiently.
- B . It prevents Wi-Fi signal interference.
- C . It ensures authorized APs get more bandwidth.
- D . It aids in stopping potential security threats.
To achieve centralized management of multiple FortiAP devices, one would most likely use:
- A . FortiPlanner
- B . FortiGate integrated wireless controller
- C . FortiPresence analytics
- D . Directly via each FortiAP’s web interface
Which actions can be taken to provision and manage FortiAP devices using the FortiGate wireless controller? (Select all that apply)
- A . Create and apply FortiAP profiles
- B . Enable SSID hiding
- C . Configure advanced wireless settings
- D . Implement VLAN load-balancing
Which configuration would enable the most reliable wireless connectivity for the remote clients?
- A . Configure a bridge mode wireless network and enable the Local authentication configuration option
- B . Configure a tunnel mode wireless network and enable split tunneling to the local network
- C . Install supported FortiAP and configure a bridge mode wireless network
- D . Configure a bridge mode wireless network and enable the Local standalone configuration option
Which of the following tools are associated with predictive modeling or analytics?
- A . FortiPlanner
- B . FortiPresence
- C . FortiGate
- D . FortiAP Cloud
What type of server roles does the FortiPresence VM require to operate on-premises? (Choose two.)
- A . Infrastructure server
- B . Terminal server
- C . Application server
- D . Authentication server
Which FortiGate feature can be configured to automatically suppress detected rogue APs?
- A . VLAN segmentation
- B . WIDS profiles
- C . SSID hiding
- D . Advanced bridge mode options
What factors should be considered when troubleshooting FortiGuard issues? (Select all that apply)
- A . DNS resolution for FortiGuard servers
- B . Active FortiGuard subscription status
- C . Firewall rules that may block FortiGuard updates
- D . Time synchronization between FortiGate and NTP servers
Which tool is most useful for gathering information about wireless network performance issues on FortiGate?
- A . FortiAP Cloud
- B . RF spectrum analyzer
- C . FortiPresence
- D . FortiPlanner
How can you find upstream and downstream link rates of a wireless client using FortiGate?
- A . On the FortiAP CLI, using the cw_diag ksta command
- B . On the FortiAP CLI, using the cw_diag -d sta command
- C . On the FortiGate GUI, using the WiFi Client monitor
- D . On the FortiGate CLI, using the diag wireless-controller wlac -d Sta command
Which two statements are true about AP profiles? (Choose two.)
- A . AP profiles are model specific.
- B . A profile must be applied manually to an AP before it can be managed by FortiGate.
- C . An AP must be authorized before having a profile applied.
- D . A FortiAP profile must be applied to a FortiAP group.
Why might a client have difficulty connecting to an SSID broadcasting on 5 GHz, but not on 2.4 GHz?
- A . The AP’s location is unsuitable
- B . Limitations of the client device’s radio
- C . DHCP server issues
- D . Encryption mismatch issues
A tunnel mode wireless network is configured on a FortiGate wireless controller.
Which task must be completed before the wireless network can be used?
- A . Security Fabric and HTTPS must be enabled on the wireless network interface
- B . The wireless network interface must be assigned a Layer 3 address
- C . The wireless network to Internet firewall policy must be configured
- D . The new network must be manually assigned to a FortiAP profile.
You are investigating a wireless performance issue and you are trying to audit the neighboring APs in the PF environment. You review the Rogue APs widget on the GUI but it is empty, despite the known presence of other APs.
Which configuration change will allow neighboring APs to be successfully detected?
- A . Enable Locate WiFi clients when not connected in the relevant AP profiles.
- B . Enable Monitor channel utilization on the relevant AP profiles.
- C . Ensure that all allowed channels are enabled for the AP radios.
- D . Enable Radio resource provisioning on the relevant AP profiles.
You have just authorized a newly added FortiAP device on FortiGate. It went offline for an extended time without coming back online again.
What troubleshooting process must you take to bring FortiAP back online?
- A . Access FortiAP management using HTTPs.
- B . Verify that communication between FortiAP and the wireless controller is not blocked.
- C . Restart the wireless controller if it is unresponsive for the newly added FortiAP device.
- D . Check the power feed to the FortiAP device and PoE status if powered by a switch.
Which of the following features distinguishes FortiPresence from FortiPlanner?
- A . FortiPresence is used primarily for network threat detection.
- B . FortiPresence provides analytics solutions.
- C . FortiPlanner is used as a wireless controller.
- D . FortiPlanner is a cloud-based deployment tool.
Which two statements about distributed automatic radio resource provisioning (DARRP) are correct? (Choose two.)
- A . DARRP performs continuous spectrum analysis to detect sources of interference. It uses this information to allow the AP to select the optimum channel.
- B . DARRP performs measurements of the number of BSSIDs and their signal strength (RSSI). The controller then uses this information to select the optimum channel for the AP.
- C . DARRP measurements can be scheduled to occur at specific times.
- D . DARRP requires that wireless intrusion detection (WIDS) be enabled to detect neighboring devices.
Which of the following are considered wireless security options?
- A . WPA3 encryption
- B . Rogue AP scanning
- C . Firmware updating
- D . SSID hiding
What configurations can be applied through FortiAP profiles to manage FortiAP devices? (Select all that apply)
- A . Advanced wireless settings
- B . SSID hiding
- C . VLAN configurations
- D . Client load balancing
As standard best practice, which configuration should be performed before configuring FortiAPs using a FortiGate wireless controller?
- A . Set the wireless controller country setting
- B . Create a custom AP profile
- C . Preauthorize APs
- D . Create wireless LAN specific policies
When using FortiPresence as a captive portal, which two types of public authentication services can be used to access guest Wi-Fi? (Choose two.)
- A . Hardware security token authentication
- B . Short message service authentication
- C . Software security token authentication
- D . Social networks authentication
WIDS profiles are primarily used for:
- A . Deploying firmware updates to APs.
- B . Wireless Intrusion Detection System configurations.
- C . Enhancing Wi-Fi signal strength.
- D . Assigning IP addresses to wireless clients.
Part of the location service registration process is to link FortiAPs in FortiPresence.
Which two management services can configure the discovered AP registration information from the FortiPresence cloud? (Choose two.)
- A . AP Manager
- B . FortiAP Cloud
- C . FortiSwitch
- D . FortiGate
Which of the following options are considered wireless security measures?
- A . WPA3 encryption
- B . Rogue AP scanning
- C . Firmware updating
- D . SSID hiding
What is the purpose of configuring WPA3 encryption on a wireless network?
- A . To improve wireless signal strength
- B . To provide strong security for wireless communications
- C . To enable load balancing for wireless clients
- D . To manage guest accounts on the network
What might cause poor performance in a wireless network? (Select all that apply)
- A . High client density on a single AP
- B . RF interference from neighboring devices
- C . Incorrect VLAN assignments
- D . Overlapping SSID broadcasts
What are the benefits of using FortiPresence analytics in a wireless network? (Select all that apply)
- A . Monitoring and suppressing rogue APs
- B . Gaining insights into user behavior and footfall patterns
- C . Enhancing wireless signal strength
- D . Providing real-time data for decision-making
What is the main advantage of deploying FortiAP devices using FortiAP Cloud?
- A . Direct access to FortiGate configurations
- B . Enhanced threat analytics and monitoring
- C . Simplified deployment and centralized management
- D . Predictive modeling capabilities for network expansion
A company requires a secure wireless network to span several adjacent buildings. Employees need seamless roaming access across buildings, floors, and, potentially, outdoor areas. FortiAP devices will be used.
Which deployment is the most scalable, manageable, and cost-effective in this scenario?
- A . Install FortiWiFi with a cellular modem in the buildings and areas where no wireless signal reaches from the main building.
- B . Deploy a WAN connection on each building to allow FortiAP devices to communicate with FortiGate in the main building.
- C . Implement a wireless mesh design to allow FortiAP devices to use neighboring FortiAP devices to connect with FortiGate in the main building.
- D . Configure FortiGuard-capable FortiAP devices to broadcast the corporate SSID without being managed by FortiGate in the main building.
Which command is used to enable WIDS profiles on a FortiGate device?
- A . config wireless-controller wids
- B . config wlan wids-profile
- C . config firewall wids
- D . config wifi wids
For protecting against wireless network intrusions, you would configure:
- A . WIDS profiles.
- B . Wi-Fi signal boosters.
- C . DHCP options.
- D . Bandwidth management profiles.
What is the primary function of FortiPlanner?
- A . Wireless network threat analysis
- B . Predictive modeling for wireless network planning
- C . FortiGate device configuration
- D . Management of FortiAP devices
Which option is used to configure connection rules between the wireless and wired network on a FortiAP device?
- A . VLAN configurations
- B . FortiGate guest management
- C . FortiAP load balancing
- D . Advanced bridge mode options
In an environment where multiple SSIDs are broadcasted, how can you segregate network traffic for better management?
- A . Deploy advanced wireless settings.
- B . Configure FortiAP profiles.
- C . Use VLANs on SSIDs.
- D . Provision guest accounts on each SSID.
VLAN load-balancing features are designed to:
- A . Create guest accounts for the network.
- B . Enhance wireless signal strength.
- C . Distribute traffic across multiple VLANs efficiently.
- D . Secure wireless traffic using encryption.
To ensure that traffic from different wireless clients is efficiently balanced among several access points in a high-density environment, you would primarily:
- A . Configure VLANs on each SSID.
- B . Enable advanced bridge mode.
- C . Use the FortiGate guest management feature.
- D . Configure FortiAP and client load balancing.
In the context of wireless security, SSID hiding:
- A . Helps in boosting Wi-Fi signal strength.
- B . Allows APs to automatically detect and connect to each other.
- C . Makes the network invisible to casual scanning by devices.
- D . Enables the AP to detect rogue APs.
What steps are necessary for provisioning and managing FortiAP devices using a FortiGate integrated wireless controller? (Select all that apply)
- A . Create and apply a FortiAP profile
- B . Assign a VLAN to each SSID
- C . Configure a tunnel mode for all wireless networks
- D . Preauthorize APs on the FortiGate
What might be the issue if multiple client devices can view an SSID but cannot connect to it?
- A . Signal strength
- B . RF interference from external devices
- C . AP’s capacity or security settings
- D . Client devices’ software version
Before a tunnel mode SSID can be used on a FortiGate wireless controller, which task must be completed?
- A . Assign a Layer 3 address to the wireless network interface
- B . Manually assign the network to a FortiAP profile
- C . Enable HTTPS on the wireless network interface
- D . Configure a wireless network to Internet firewall policy
Which configuration is necessary to allow guest users access to a wireless network using the FortiGate guest management feature?
- A . Configure VLANs on SSIDs
- B . Set up advanced bridge mode options
- C . Provision guest accounts
- D . Enable SSID hiding
Refer to the exhibit.
Why is Radio 3 used for the spectrum analysis?
- A . The 5 GHz frequency band is available only on Radio 3.
- B . Radio 3 is the configured dedicated monitoring radio for this FortiAP model.
- C . Only Radio 3 is compatible with the selected band.
- D . Radio 1 and Radio 2 are unavailable to run the spectrum analysis.
Which measure is the best indication of a wireless client’s connection quality?
- A . Client link rates
- B . AP association count
- C . Client signal strength
- D . Channel utilization
When configuring a wireless network for dynamic VLAN allocation, which three IETF attributes must be supplied by the radius server? (Choose three.)
- A . 81 Tunnel-Private-Group-ID
- B . 65 Tunnel-Medium-Type
- C . 83 Tunnel-Preference
- D . 58 Egress-VLAN-Name
- E . 64 Tunnel-Type
When configuring Auto TX Power control on an AP radio, which two statements best describe how the radio responds? (Choose two.)
- A . When the AP detects PF Interference from an unknown source such as a cordless phone with a signal stronger that -70 dBm, it will increase its transmission power until it reaches the maximum configured TX power limit.
- B . When the AP detects any wireless client signal weaker than -70 dBm, it will reduce its transmission power until it reaches the maximum configured TX power limit.
- C . When the AP detects any interference from a trusted neighboring AP stronger that -70 dBm, it will reduce its transmission power until it reaches the minimum configured TX power limit.
- D . When the AP detects any other wireless signal stronger that -70 dBm, it will reduce its transmission power until it reaches the minimum configured TX power limit.
VLAN load-balancing features mainly aim to:
- A . Strengthen wireless signals.
- B . Configure advanced bridge modes.
- C . Evenly distribute network traffic across VLANs.
- D . Set up guest accounts for visitors.
Which action would be most appropriate when a rogue AP is detected?
- A . Update the firmware of the rogue AP.
- B . Increase the number of active APs in the area.
- C . Suppress or quarantine the rogue AP.
- D . Assign a new SSID to the rogue AP.
When securing a wireless environment, which measures can help prevent unauthorized access?
- A . MAC address filtering
- B . Enabling a guest network
- C . Using strong encryption like WPA3
- D . Regularly changing the network name (SSID)