Fortinet nse6-fwf-6-4 online test

Fortinet NSE 6 - Secure Wireless LAN 6.4 Exam

What students need to know about the nse6-fwf-6-4 exam

  • Total 30 Questions & Answers

Question 1

Which two statements about distributed automatic radio resource provisioning (DARRP) are correct?
(Choose two.)

  • A. DARRP performs continuous spectrum analysis to detect sources of interference. It uses this information to allow the AP to select the optimum channel.
  • B. DARRP performs measurements of the number of BSSIDs and their signal strength (RSSI). The controller then uses this information to select the optimum channel for the AP.
  • C. DARRP measurements can be scheduled to occur at specific times.
  • D. DARRP requires that wireless intrusion detection (WIDS) be enabled to detect neighboring devices.
Answer:

BC

Explanation:
According to Fortinet training: "When using DARRP, the AP selects the best channel available to use
based on the scan results of BSSID/receive signal strength (RSSI) to AC" and "To set the running time
for DARRP optimization, use the following CLI command within the wireless controller setting: set
darrp-optimize {integer}. Note that DARRP doesn't do continuous spectrum analysis..."

Discussions

Question 2

Which factor is the best indicator of wireless client connection quality?

  • A. Downstream link rate, the connection rate for the AP to the client
  • B. The receive signal strength (RSS) of the client at the AP
  • C. Upstream link rate, the connection rate for the client to the AP
  • D. The channel utilization of the channel the client is using
Answer:

C

Discussions

Question 3

When configuring Auto TX Power control on an AP radio, which two statements best describe how
the radio responds? (Choose two.)

  • A. When the AP detects any other wireless signal stronger that -70 dBm, it will reduce its transmission power until it reaches the minimum configured TX power limit.
  • B. When the AP detects PF Interference from an unknown source such as a cordless phone with a signal stronger that -70 dBm, it will increase its transmission power until it reaches the maximum configured TX power limit.
  • C. When the AP detects any wireless client signal weaker than -70 dBm, it will reduce its transmission power until it reaches the maximum configured TX power limit.
  • D. When the AP detects any interference from a trusted neighboring AP stronger that -70 dBm, it will reduce its transmission power until it reaches the minimum configured TX power limit.
Answer:

A, C

Explanation:
Reference:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/wireless/ap_wireless_signalstrength_c.html

Discussions

Question 4

Refer to the exhibits.
Exhibit A

Exhibit B

Exhibit C

A wireless network has been installed in a small office building and is being used by a business to
connect its wireless clients. The network is used for multiple purposes, including corporate access,
guest access, and connecting point-of-sale and Io devices.
Users connecting to the guest network located in the reception area are reporting slow performance.
The network administrator is reviewing the information shown in the exhibits as part of the ongoing
investigation of the problem. They show the profile used for the AP and the controller RF analysis
output together with a screenshot of the GUI showing a summary of the AP and its neighboring APs.
To improve performance for the users connecting to the guest network in this area, which
configuration change is most likely to improve performance?

  • A. Increase the transmission power of the AP radios
  • B. Enable frequency handoff on the AP to band steer clients
  • C. Reduce the number of wireless networks being broadcast by the AP
  • D. Install another AP in the reception area to improve available bandwidth
Answer:

B

Discussions

Question 5

Which two statements about background rogue scanning are correct? (Choose two.)

  • A. A dedicated radio configured for background scanning can support the connection of wireless clients
  • B. When detecting rogue APs, a dedicated radio configured for background scanning can suppress the rogue AP
  • C. Background rogue scanning requires DARRP to be enabled on the AP instance
  • D. A dedicated radio configured for background scanning can detect rogue devices on all other channels in its configured frequency band
Answer:

CD

Discussions

Question 6

When configuring a wireless network for dynamic VLAN allocation, which three IETF attributes must
be supplied by the radius server? (Choose three.)

  • A. 81 Tunnel-Private-Group-ID
  • B. 65 Tunnel-Medium-Type
  • C. 83 Tunnel-Preference
  • D. 58 Egress-VLAN-Name
  • E. 64 Tunnel-Type
Answer:

A, B, E

Explanation:
The RADIUS user attributes used for the VLAN ID assignment are:
IETF 64 (Tunnel Type)Set this to VLAN.
IETF 65 (Tunnel Medium Type)Set this to 802
IETF 81 (Tunnel Private Group ID)Set this to VLAN ID.
Reference:
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-vlan/71683-dynamicvlan-config.html

Discussions

Question 7

Which two phases are part of the process to plan a wireless design project? (Choose two.)

  • A. Project information phase
  • B. Hardware selection phase
  • C. Site survey phase
  • D. Installation phase
Answer:

AC

Discussions

Question 8

When enabling security fabric on the FortiGate interface to manage FortiAPs, which two types of
communication channels are established between FortiGate and FortiAPs? (Choose two.)

  • A. Control channels
  • B. Security channels
  • C. FortLink channels
  • D. Data channels
Answer:

A, D

Explanation:
The control channel for managing traffic, which is always encrypted by DTLS. l The data channel for
carrying client data packets.
Reference:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/ac61f4d3-
ce67-11e9-8977-00505692583a/FortiWiFi_and_FortiAP-6.2-Cookbook.pdf

Discussions

Question 9

Part of the location service registration process is to link FortiAPs in FortiPresence.
Which two management services can configure the discovered AP registration information from the
FortiPresence cloud? (Choose two.)

  • A. AP Manager
  • B. FortiAP Cloud
  • C. FortiSwitch
  • D. FortiGate
Answer:

B, D

Explanation:
FortiGate, FortiCloud wireless access points (send visitor data in the form of station reports directly
to FortiPresence)
Reference:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/df877622-
c976-11e9-8977-00505692583a/FortiPresence-v4.3-release-notes.pdf

Discussions

Question 10

Which two configurations are compatible for Wireless Single Sign-On (WSSO)? (Choose two.)

  • A. A VAP configured for captive portal authentication
  • B. A VAP configured for WPA2 or 3 Enterprise
  • C. A VAP configured to authenticate locally on FortiGate
  • D. A VAP configured to authenticate using a radius server
Answer:

B, D

Explanation:
In the SSID choose WPA2-Enterprise authentication.
WSSO is RADIUS-based authentication that passes the user's user group memberships to the
FortiGate.
Reference:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/b92a67f9-
73a6-11ea-9384-00505692583a/FortiWiFi_and_FortiAP-6.4.2-Configuration_Guide.pdf

Discussions
To page 2