Which statement about the IGMP snooping querier when enabled on a VLAN is true?
Answer(s): A
Active multicast receiver entries are aging on each IGMP query sent on the VLAN (A): When IGMP snooping querier is enabled on a VLAN, it functions to manage multicast traffic within the VLAN by keeping track of multicast group memberships. The IGMP querier sends queries to determine which ports require the multicast traffic. The multicast receiver entries, which are entries that indicate which devices have requested the multicast data, age or time out based on these IGMP queries. Each query refreshes active connections but ages out entries that no longer respond, helping to ensure that multicast traffic is only sent to ports with active receivers.
Refer to the exhibit.The security port policy is configured as shown in the exhibit. Which behavior occurs if a device connected to the port that does not support 802.1X? (Choose one answer)
Answer(s): B
According to theFortiSwitchOS 7.6 Administration Guideand theFortiSwitch 7.6 Study Guide, the interaction between a managed switch and a connected endpoint depends on whether the endpoint can participate in the 802.1X authentication process. When a security policy is applied to a port, the switch sends EAP (Extensible Authentication Protocol) requests to the device to initiate the login.The FortiSwitch handles two primary failure scenarios differently:Non-supplicant (No 802.1X Support):If a device, such as a legacy PC or a basic printer, does not have an 802.1X supplicant, it will not respond to the switch's EAP requests. In this case, the switch waits for the duration specified in theGuest authentication delayfield (30 seconds in the exhibit). Once this timer expires without a response, the switch places the device into theGuest VLAN. As shown in the exhibit, the Guest VLAN is explicitly set to"onboarding.fortilink (onboarding)".Authentication Failure:If a devicedoessupport 802.1X but the user provides incorrect credentials, the RADIUS server returns an Access-Reject message. In this scenario, the device is moved to theAuthentication fail VLAN, which the exhibit identifies as"quarantine.fortilink (quarantine)".Note:BecauseMAC authentication bypass (MAB)is disabled in the exhibit, the switch will not attempt to authenticate the device's MAC address against the RADIUS server before defaulting to the Guest VLAN. Therefore, for any device lacking an 802.1X supplicant, the result is placement into theonboardingVLAN.
Which drop policy mode, if assigned to a congested port, will drop incoming packets until there is no congestion on the egress port?
Tail-drop mode is a congestion management technique used in network devices, including FortiSwitches, to handle congestion on network ports:Tail-Drop Mode (A):Behavior:When a queue reaches its maximum capacity on a congested port, tail-drop mode simply drops any incoming packets that arrive after the buffer is full. This continues until the congestion is alleviated and there is space in the queue to accommodate new packets.Application:This is a straightforward approach used when the device's buffer allocated to the port becomes full due to sustained high traffic, preventing buffer overflow and maintaining system stability.
For more details on congestion management techniques and settings on FortiSwitch, you can refer to the configuration manuals available on:Fortinet Product Documentation
On supported FortiSwitch models, which access control list (ACL) stage is recommended for applying actions before the switch performs any layer 2 or layer 3 processing? (Choose one answer)
Answer(s): D
According to theFortiSwitchOS 7.6 Administration Guideand theNSE 5 FortiSwitch 7.6 Administrator Study Guide, FortiSwitch supports a multi-stage ACL pipeline that allows for granular traffic control at different points in a packet's journey through the switch.1The documentation identifies three primary stages for ACL application:Prelookup,Ingress, andEgress.Prelookup (Option D):This is the earliest stage in the switching pipeline. The documentation explicitly states thatPrelookup ACLsare processedbefore any Layer 2 or Layer 3 lookupsare performed by the switch hardware. This stage is highly recommended for high-performance security actions, such as dropping unwanted traffic immediately upon arrival, because it prevents the switch from wasting internal resources (CPU and ASIC lookup cycles) on frames that are destined to be discarded anyway.Ingress (Option A):This stage occursafterthe switch has completed its Layer 2 (MAC table) and Layer 3 (routing table) lookups butbeforethe packet is queued for the egress port. While powerful, actions here occur after initial processing has already taken place.Egress (Option C):This stage is processed just before the frame leaves the switch through the destination port. It is typically used for final modifications or filtering based on the outgoing interface context.Therefore, to achieve the goal of applying actionsbeforeany Layer 2 or Layer 3 processing occurs, thePrelookupstage is the technically correct and recommended choice in FortiSwitchOS 7.6.Forwarding (Option B)is a general functional stage of a switch but is not a specific ACL stage type in the FortiSwitch configuration hierarchy.
(Full question statement start from here)How does FortiSwitch determine the route for traffic traversing its interfaces? (Choose one answer)
Answer(s): C
FortiSwitch determines how traffic is routed by leveraging atwo-tier routing lookup mechanismthat prioritizes hardware-based forwarding before software-based processing. According to theFortiSwitchOS 7.6 Administrator Guide, FortiSwitch first checks thehardware routing table, which is populated with a subset of routes installed from the Forwarding Information Base (FIB) and programmed directly into the switch ASIC.The hardware routing table contains routes that are eligible for ASIC acceleration. When a packet arrives on a FortiSwitch interface, the switch performs a lookup in this hardware routing table. If a matching route is found, the packet is forwarded at wire speed using ASIC-based forwarding, which provides optimal performance and minimal latency. This process is referred to ashardware-based routing.If no matching route exists in the hardware routing table, FortiSwitch then performs a lookup in theForwarding Information Base (FIB), which resides in the kernel. Routes in the FIB are handled by the CPU and processed throughsoftware-based routing. This fallback mechanism ensures correct forwarding behavior even when routes cannot be offloaded to hardware.The FortiSwitchOS documentation explicitly states that the hardware routing table indicates which routes in the FIB are installed in hardware. This confirms that routing decisions are not exclusively offloaded to FortiGate, nor are they limited to CPU-based processing alone. Instead, FortiSwitch uses ahierarchical lookup order: hardware routing table first, followed by the FIB.Therefore, the correct and fully documented answer isC. FortiSwitch looks up the hardware routing table and then the forwarding information base (FIB).
Which statement about the use of the switch port analyzer (SPAN) packet capture method is true?
The correct statement about using the Switch Port Analyzer (SPAN) packet capture method on FortiSwitch is that "Mirrored traffic can be sent across multiple switches (A)." This feature allows for extensive traffic analysis as it enables network administrators to configure SPAN sessions that span across different switches, thereby providing the capability to monitor traffic across a broad segment of the network infrastructure.
When Dynamic Host Configuration Protocol (DHCP) snooping is enabled on a FortiSwitch VLAN, which two statements are true? (Choose two answers)
Answer(s): A,C
According to theFortiSwitchOS 7.6 Administration Guideand theFortiLink 7.6 Study Guide, DHCP snooping is a security feature that prevents rogue DHCP servers from distributing incorrect IP addresses on a network. Once enabled for a specific VLAN, the switch differentiates betweentrustedanduntrustedports to regulate DHCP traffic.Trusted Ports and DHCP Replies (Option A):In a managed FortiSwitch environment, all ports areuntrusted by default. To allow a DHCP server (such as a FortiGate or an external server) to provide IP addresses, the administrator must explicitly set the connecting port astrusted. DHCP snooping validates incoming packets; it allowsDHCP server messages(such as DHCPOFFER and DHCPACK) only on these trusted ports. Any DHCP server reply arriving on an untrusted port is identified as coming from a potentially rogue source and is discarded by the switch.Option 82 Data Insertion (Option C):FortiSwitch supportsDHCP Option 82(also known as the Relay Information Option), which provides additional security by appending location-specific information (such as the Circuit ID and Remote ID) toDHCP request packets. When DHCP snooping is active, the switch can be configured to insert this data into client requests as they enter untrusted ports. This allows the upstream DHCP server to identify the specific physical port or VLAN from which the request originated, even if the server is located in a different subnet.Regarding the incorrect options:Option Bis false as DHCP snooping only inspects and filters DHCP-specific traffic, not general unicast data.Option Dis incorrect because DHCP requests (client-to- server) are generally permitted on all ports to ensure clients can find a server, though some configurations allow dropping requests from untrusted sources if they do not meet specific security criteria.
Refer to the exhibit.PC1 connected to port1 has joined multicast group 225.1.2.3 on VLAN 10 with IGMP snooping enabled. What will happen if you disable IGMP snooping on FortiSwitch? (Choose one answer)
According to theFortiSwitchOS 7.6 Administration Guideand theFortiSwitch 7.6 Study Guide, Internet Group Management Protocol (IGMP) snooping is a Layer 2 mechanism that allows a switch to "listen" to IGMP conversations between hosts and routers to maintain a map of which ports require specific multicast streams. When IGMP snooping is enabled, the switch populates aMulticast Layer 2 Forwarding Table(as shown in the exhibit), which ensures that multicast traffic is only forwarded to ports where a receiver has explicitly requested it (e.g., PC1 on port1).When IGMP snooping isdisabled, the switch no longer maintains this granular forwarding table. By default, a Layer 2 switch that is not performing IGMP snooping treats multicast traffic as if it werebroadcast traffic. Consequently, instead of being intelligently forwarded only to the interested receiver (PC1), the multicast traffic for group 225.1.2.3 will beflooded to all portswithin the same VLAN (VLAN 10). This means PC2, even if it has not joined the group, will receive the multicast packets at the physical layer, leading to unnecessary bandwidth consumption and increased CPU load on unintended recipients.The documentation explicitly states that disabling IGMP snooping reverts the switch to a "flood-all" behavior for multicast frames within the broadcast domain. Option A is incorrect because the host (PC1) remains a member of the group; only the switch's forwarding logic changes. Option B is incorrect as the switch may still see the messages but will not act on them to prune ports. Option D is incorrect as disabling the feature removes the prune/stop mechanism, causing traffic to flow everywhere rather than stopping.
Share your comments for Fortinet NSE5_FSW_AD-7.6 exam with other users:
need dump c_tadm_23
next time i will write a full review
first time using this site
please sent me oracle 1z0-1105-22 pdf
very helpful
good info about oml
very useful to practice
this website is very helpful.
good content
so challenging
17 should be d ,for morequery its scale out
nice question
yes.
good mateial
good practice exam
impressivre qustion
questions seem helpful
question 21 answer is alerts
am preparing for exam
good one thanks
only got thru 5 questions, need more to evaluate
q26 should be b
the aaa triad in information security is authentication, accounting and authorisation so the answer should be d 1, 3 and 5.
need to attend this
these are free brain dumps i understand, how can one get free pdf
provide access
good morning
please upload the ncp-mci 6.5 dumps, really need to practice this one. thanks guys
question 16: https://help.salesforce.com/s/articleview?id=sf.care_console_overview.htm&type=5
yes i m prepared exam
my experience was great with this site as i studied for the ms-900 from here and got 900/1000 on the test. my main focus was on the tutorials which were provided and practice questions. thanks!
great course
very good question