Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam NSE7_ZTA-7.2 Topic 2 Question 5 Discussion

Actual exam question for Fortinet's NSE7_ZTA-7.2 exam
Question #: 5
Topic #: 2
[All NSE7_ZTA-7.2 Questions]

FortiNAC has alarm mappings configured for MDM compliance failure, and FortiClient EMS is added as a MDM connector When an endpoint is quarantined by FortiClient EMS, what action does FortiNAC perform?

Show Suggested Answer Hide Answer
Suggested Answer: A

In the scenario where FortiNAC has alarm mappings configured for MDM (Mobile Device Management) compliance failure and FortiClient EMS (Endpoint Management System) is integrated as an MDM connector, the typical response when an endpoint is quarantined by FortiClient EMS is to isolate the host in the registration VLAN. This action is consistent with FortiNAC's approach to network access control, focusing on ensuring network security and compliance. By moving the non-compliant or quarantined host to a registration VLAN, FortiNAC effectively segregates it from the rest of the network, mitigating potential risks while allowing for further investigation or remediation steps. Reference: FortiNAC documentation, MDM Compliance and Response Actions.


Contribute your Thoughts:

Trinidad
7 months ago
I agree with Lashon. Disabling the host would be the most secure action to take in that situation.
upvoted 0 times
...
Lashon
7 months ago
Well, when an endpoint is quarantined, it makes sense to disable it to prevent any further risk.
upvoted 0 times
...
Marjory
7 months ago
But why do you think that? Can you explain your rationale?
upvoted 0 times
...
Lashon
7 months ago
I disagree, I believe the answer is D) The host is disabled.
upvoted 0 times
...
Marjory
7 months ago
I think the answer is A) The host is isolated in the registration VLAN.
upvoted 0 times
...
Luisa
8 months ago
Hmm, I'm leaning towards option B - 'The host is marked at risk'. That seems like the most logical action for FortiNAC to take when a device is quarantined by the MDM connector. Isolating the host or disabling it entirely might be a bit extreme.
upvoted 0 times
...
Marg
8 months ago
Agreed. Option B it is. Now let's just hope the actual exam question is as straightforward as this one!
upvoted 0 times
...
Kasandra
8 months ago
Haha, good one Rolland. But seriously, I think you're right, Liam. Marking the host as at-risk is probably the most appropriate action here. It allows FortiNAC to keep an eye on the device without completely cutting it off from the network.
upvoted 0 times
...
Rolland
8 months ago
Haha, yeah, disabling the host seems a bit harsh. Unless the device is, like, a rogue nation-state actor or something. 'The host has been deemed a threat to national security. Engaging self-destruct sequence.'
upvoted 0 times
Gilbert
8 months ago
B) The host is marked at risk
upvoted 0 times
...
Omer
8 months ago
A) The host is isolated in the registration VLAN
upvoted 0 times
...
Reuben
8 months ago
C) The host is forced to authenticate again
upvoted 0 times
...
Rueben
8 months ago
B) The host is marked at risk
upvoted 0 times
...
Gwen
8 months ago
A) The host is isolated in the registration VLAN
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77