Fortinet Exam NSE6_FNC-7.2 Topic 8 Question 28 Discussion

Actual exam question for Fortinet's NSE6_FNC-7.2 exam

Question #: 28
Topic #: 8

With enforcement for network access policies and at-risk hosts enabled, what will happen if a host matches a network access policy and has a state of "at risk"?

AThe host is provisioned based on the default access defined by the point of connection.

BThe host is provisioned based on the network access policy.

CThe host is isolated.

DThe host is administratively disabled.

Show Suggested Answer

Suggested Answer: D

Open Windows PowerShell or a command prompt. Run the following command to determine if you already have WinRM over HTTPS configured.

Admin Guide on p. 362, 'Matches if the device successfully responds to a WinRM client session request. User name and password credentials are required. If there are multiple credentials, each set of credentials will be attempted to find a potential match. The commands are used to automate interaction with the device. Each command is run via Powershell.'

by Orville at Oct 19, 2024, 11:59 PM

Limited Time Offer

25%

Off

Get Premium NSE6_FNC-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Effie

1 months ago

Wait, is the host supposed to get a promotion to 'network access policy' if it's at-risk? That's like rewarding bad behavior!

upvoted 0 times

...

Ocie

1 months ago

I'm going with B. Isolating the host seems a bit extreme, and disabling it entirely doesn't make much sense with 'access policies' in the question.

upvoted 0 times

Ling

7 days ago

Yeah, disabling the host completely doesn't align with the idea of access policies. B is the most logical choice.

upvoted 0 times

...

Rueben

16 days ago

Agreed, isolating the host does seem extreme. It's better to stick with the defined policy.

upvoted 0 times

...

Kristeen

17 days ago

I think B is the correct answer too. It makes sense to provision based on the network access policy.

upvoted 0 times

...

Michell

1 months ago

D has to be the right answer. Why else would they ask about at-risk hosts if not to disable them administratively?

upvoted 0 times

Erasmo

5 days ago

C) The host is isolated.

upvoted 0 times

...

Isaac

14 days ago

B) The host is provisioned based on the network access policy.

upvoted 0 times

...

Laurene

1 months ago

A) The host is provisioned based on the default access defined by the point of connection.

upvoted 0 times

...

Valene

2 months ago

C seems like the correct answer to me. If the host is at-risk, it should be isolated to prevent further damage.

upvoted 0 times

Gerald

15 days ago

It's important to take action quickly when a host is at-risk to minimize the impact on the network.

upvoted 0 times

...

Annice

24 days ago

I agree, isolating the host will prevent any potential threats from spreading.

upvoted 0 times

...

Ma

1 months ago

I think C is the correct answer too. Isolating the at-risk host is the best way to protect the network.

upvoted 0 times

...

Ronny

2 months ago

I think the answer is B. The host should be provisioned based on the network access policy since that's the whole point of having it enabled.

upvoted 0 times

Stephane

1 months ago

Yes, that's correct. The host will be provisioned based on the network access policy.

upvoted 0 times

...

Stephane

2 months ago

I agree, the host should be provisioned based on the network access policy.

upvoted 0 times

...

Lai

2 months ago

That could make sense too, as it would ensure the host follows the specified policy.

upvoted 0 times

...

Elouise

2 months ago

I disagree, I believe the host will be provisioned based on the network access policy.

upvoted 0 times

...

Lai

3 months ago

I think if a host matches a network access policy and is 'at risk', it will be isolated.

upvoted 0 times

...