Refer to the diagnostic output:
Two entries in the exhibit show that the same MAC address has been used in two different VLANs.
Which MAC address is shown in the above output?
- A . It is a MAC address of FortiLink interface on FortiGate.
- B . It is a MAC address of a switch that accepts multiple VLANs.
- C . It is a MAC address of an upstream FortiSwitch.
- D . It is a MAC address of FortiGate in HA configuration.
Refer to the exhibit.
Core-1 and Access-1 are managed and authorized by FortiGate-1. which uses port4 as the FortiLink interface. After FortiGate authorizes and manages Core-2. Port1 status becomes STP discarding.
Why is port1 in the discarding state?
- A . port1 on Core-2 is discarding only management traffic.
- B . Core-1 and Core-2 do not have MCLAG configuration.
- C . Access-1 is the root bridge and can only have one root port.
- D . Core-2 has the lowest bridge priority.
Which two statements about the FortiLink authorization process are true? (Choose two.)
- A . The administrator must manually pre-authorize FortiGate on FortiSwitch by adding the FortiGate serial number.
- B . FortiSwitch requires a reboot to complete the authorization process.
- C . A FortiLink frame is sent by FortiGate to FortiSwitch to complete the authorization.
- D . FortiLink authorization sets the FortiSwitch management mode to FortiLink.
Refer to the exhibits
Traffic arriving on port2 on FortiSwitch is tagged with VLAN ID 10 and destined for PC1 connected on port1. PC1 expects to receive traffic untagged from port1 on FortiSwitch.
Which two configurations can you perform on FortiSwitch to ensure PC1 receives untagged traffic on port1? (Choose two.)
- A . Add the MAC address of PCI as a member of VLAN 10.
- B . Add VLAN ID 10 as a member of the untagged VLANs on port1.
- C . Remove VLAN 10 from the allowed VLANs and add it to untagged VLANs on port1.
- D . Enable Private VLAN on VLAN 10 and add VLAN 20 as an isolated VLAN.
Refer to the exhibits.
Port1 and port2 are the only ports configured with the same native VLAN 10.
What are two reasons that can trigger port1 to shut down? (Choose two.)
- A . port1 was shut down by loop guard protection.
- B . STP triggered a loop and applied loop guard protection on port1.
- C . An endpoint sent a BPDU on port1 that it received from another interface.
- D . Loop guard frame sourced from port 1 was received on port 1.
Refer to the diagnostic output:
What makes the use of the sniffer command on the FortiSwitch CLI unreliable on__port__23?
- A . The types of packets captured is limited.
- B . Just the port egress payloads are printed on CLI.
- C . Only untagged VLAN traffic can be captured.
- D . The switch port might be used as a trunk member
Which interfaces on FortiSwitch send out FortiLink discovery frames by default in order to detect a FortiGate with an enabled FortiLink interface?
- A . All ports have auto-discovery enabled by default.
- B . No ports are enabled by default for auto-discovery. This must be configured under config switch interface.
- C . The ports with auto-discovery enabled by default are dependent upon the FortiSwitch model.
- D . The last four switch ports on FortiSwitch have auto-discovery enabled by default.
Which LLDP-MED Type-Length-Values does FortiSwitch collect from endpoints to track network devices and determine their characteristics?
- A . Network policy
- B . Power management
- C . Location
- D . Inventory management
Refer to the exhibit.
What two conclusions can be made regarding DHCP snooping configuration? (Choose two.)
- A . Maximum value to accept clients DHCP request is configured as per DHCP server range.
- B . FortiSwitch is configured to trust DHCP replies coming on FortiLink interface.
- C . DHCP clients that are trusted by DHCP snooping configured is only one.
- D . Global configuration for DHCP snooping is set to forward DHCP client requests on all ports in the VLAN.
What are two reasons why time synchronization between FortiGate and its managed FortiSwitch is critical in switch management? (Choose two.)
- A . FortiSwitch does not retain its time after a reboot, which gets reset after each reboot.
- B . FortiSwitch will not be able to become an NTP server for downstream devices.
- C . FortiSwitch cannot complete the DTLS handshake used in the CAPWAP tunnel.
- D . FortiSwitch will not allow other FortiSwitch devices in the chain be discovered by FortiGate.
Which statement about the quarantine VLAN on FortiSwitch is true?
- A . Quarantine VLAN has no DHCP server
- B . Users who fail 802.1X authentication can be placed on the quarantine VLAN.
- C . It is only used for quarantined devices if global setting is set to quarantine by VLAN.
- D . FortiSwitch can block devices without configuring quarantine VLAN to be part of the allowed VLANs.
Refer to the exhibit.
The exhibit shows the current status of the ports on the managed FortiSwitch. Access-1.
Why would FortiGate display a serial number in the Native VLAN column associated with the port23 entry?
- A . port23 is configured as the dedicated management interface.
- B . Ports connected to adjacent FortiSwitch devices show their serial number as the native VLAN.
- C . port23 is a member of a trunk that uses the Access-1 FortiSwitch serial number as the name of the trunk.
- D . A standalone switch with the shown serial number is connected on port23.
What are two ways in which automatic MAC address quarantine works on FortiSwitch? (Choose two.)
- A . FortiSwitch supports only by VLAN quarantine mode.
- B . FortiGate applies the quarantine-related configuration only on FortiGate.
- C . FortiAnalyzer with a threat detection services license is required.
- D . MAC address quarantine can be enabled through the FortiGate CLI only.
How does FortiGate handle configuration of flow tracking sampling if you export the settings to a managed FortiSwitch stack with sampling mode set to perimeter is true?
- A . FortiGate configures FortiSwitch to perform ingress sampling on all switch interfaces.
- B . FortiGate configures FortiSwitch to perform ingress sampling on all switch interfaces, except ICL and ISL interfaces.
- C . FortiGate configures and enables flow sampling on FortiSwitch but does not change existing sampling settings of interfaces.
- D . FortiGate configures and enables egress sampling on all management interfaces.
Refer to the exhibit.
The profile shown in the exhibit is assigned to a group of managed FortiSwitch ports, and these ports are connected to endpoints which are powered by PoE.
Which configuration action can you perform on the LLDP profile to cause these endpoints to exchange PoE information and negotiate power with the managed FortiSwitch?
- A . Create new a LLDP-MED application type to define the PoE parameters.
- B . Assign a new LLDP profile to handle different LLDP-MED TLVs.
- C . Define an LLDP-MED location ID to use standard protocols for power.
- D . Add power management as part of LLDP-MED TLVs to advertise.
Which two types of Layer 3 interfaces can participate in dynamic routing on FortiSwitch? (Choose two.)
- A . Detected management interfaces
- B . Loopback interfaces
- C . Switch virtual interfaces
- D . Physical interfaces
What feature can network administrators use to segment network operations and the administration of managed FortiSwitch devices on FortiGate?
- A . FortiGate multi-tenancy
- B . Multi-chassis link aggregation trunk
- C . FortiGate clustering protocol
- D . FortiLink split interface
Which packet capture method allows FortiSwitch to capture traffic on trunks and management interfaces?
- A . SPAN
- B . Sniffer profile
- C . sFlow
- D . TCP dump
Which Ethernet frame can create Layer 2 flooding due to all bytes on the destination MAC address being set to all FF?
- A . The broadcast Ethernet frame
- B . The unicast Ethernet frame
- C . The multicast Ethernet frame
- D . The anycast Ethernet frame
Which is a requirement to enable SNMP v2c on a managed FortiSwitch?
- A . Create an SNMP user to use for authentication and encryption.
- B . Specify an SNMP host to send traps to.
- C . Enable an SNMP v3 to handle traps messages with SNMP hosts.
- D . Configure SNMP agent and communities.