Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. Fortinet
  3. NSE5_FSW_AD-7.6

Fortinet NSE5_FSW_AD-7.6 (page: 3)

Fortinet NSE 5 - FortiSwitch 7.6 Administrator

Updated 12-Apr-2026

Page 3 of 15 NSE5_FSW_AD-7.6 PDF — 34 Questions

Refer to the exhibits





Traffic arriving on port2 on FortiSwitch is tagged with VLAN ID 10 and destined for PC1 connected on port1. PC1 expects to receive traffic untagged from port1 on FortiSwitch.
Which two configurations can you perform on FortiSwitch to ensure PC1 receives untagged traffic on port1? (Choose two.)

  1. Add the MAC address of PC1 as a member of VLAN 10.
  2. Add VLAN ID 10 as a member of the untagged VLANs on port1.
  3. Remove VLAN 10 from the allowed VLANs and add it to untagged VLANs on port1.
  4. Enable Private VLAN on VLAN 10 and add VLAN 20 as an isolated VLAN.

Answer(s): B,C

Explanation:

According to theFortiSwitchOS 7.6 Administration Guideand theFortiSwitch 7.6 Study Guide, the way a FortiSwitch handles VLAN tags on egress (outgoing) traffic is governed by the port'sNative VLANand itsUntagged VLAN list.
When traffic for VLAN 10 arrives at port2 (the uplink) and is forwarded to port1, the switch must determine whether to strip the 802.1Q tag before transmission.

Untagged VLAN List (Option B):The documentation explicitly states that the "untagged VLAN list" specifies VLANs for which the port will transmit frameswithout the VLAN tag. By adding VLAN ID 10 to the untagged VLANs on port1, any traffic belonging to VLAN 10 will have its tag stripped at the egress point, ensuring PC1 receives a standard untagged frame.

Configuration Logic (Option C):In FortiSwitch management, moving a VLAN from the "Allowed" list (which typically implies tagged delivery) to the "Untagged" list on a specific interface forces the switch to perform the tag-stripping action. This effectively converts the port from a trunked behavior for that VLAN to an "access" or untagged behavior.

Regarding the incorrect options:Option A (MAC-based assignment)is used primarily foringress classification.
While it can assign a device to a VLAN when it sends trafficintothe switch, the documentation notes that by default, egress packets for MAC-based VLANs still include the tag unless the untagged list is configured.Option D(Private VLANs) is a security feature for isolating traffic between ports within the same VLAN and does not address the physical tagging requirements of the endpoint.



Which two requirements must be met before FortiGate can manage a FortiSwitch stack? (Choose two answers)

  1. The latest FortiOS and FortiSwitchOS versions must be running.
  2. The switch controller feature must be enabled.
  3. All existing FortiLink interfaces must be disabled.
  4. The FortiSwitchOS version must be compatible with FortiOS.

Answer(s): B,D

Explanation:

According to theFortiOS 7.6 Study Guideand theFortiSwitch 7.6 FortiLink Guide, several prerequisite steps and compatibility checks must be performed before a FortiGate can successfully discover,

authorize, and manage a FortiSwitch or a stack of switches.

First, theSwitch Controller feature must be enabled (Option B)on the FortiGate.2By default, on many FortiGate models, the "Switch Controller" menu is hidden in the GUI to simplify the interface. Administrators must navigate toSystem > Feature Visibilityand toggle theSwitch Controllerswitch to "on" to expose the management menus required to configure FortiLink interfaces and manage FortiSwitch units.3Without this feature enabled, the FortiGate cannot act as a centralized management entity for the switch fabric.

Second, theFortiSwitchOS version must be compatible with FortiOS (Option D).
While it is not strictly required to be on the "latest" version (Option A), the firmware on both devices must fall within the supported compatibility matrix provided by Fortinet. If the versions are incompatible, the FortiLink tunnel (CAPWAP) may fail to establish, or certain management features may be unavailable in the FortiOS GUI.

Regarding the incorrect options:Option Ais not a requirement because older, compatible versions are often used in stable environments.Option Cis incorrect because FortiLink interfaces are the very mechanism used for management; they must be correctly configured and enabled, not disabled, for management to function. Therefore, ensuring feature visibility and verifying the compatibility matrix are the two essential administrative requirements for establishing a managed switch stack.



You are configuring VLANs on a FortiSwitch device managed by FortiGate.
Which two statements accurately describe VLAN assignment requirements and behavior on FortiSwitch ports? (Choose two answers)

  1. Untagged defines the list of VLANs that are allowed on the port for both ingress and egress traffic.
  2. Untagged VLAN applies to egress traffic only.
  3. You can assign only one native VLAN on a port.
  4. VLAN assignments must be configured directly on the FortiSwitch.

Answer(s): B,C

Explanation:

According to theFortiSwitchOS 7.6 Administration Guideand theFortiSwitch 7.6 Study Guide, understanding how VLANs are processed on a switch port is fundamental to network segmentation. A FortiSwitch port behaves differently depending on whether traffic is entering (ingress) or leaving (egress) the interface.

First,you can assign only one native VLAN on a port (Option C). The Native VLAN (often called the PVID or Port VLAN ID) is the default internal ID assigned to any untagged frames arriving at the port. In a managed environment, this is typically set via the FortiGate's switch controller. By design, a single physical interface can only belong to one primary broadcast domain for untagged ingress traffic to ensure there is no ambiguity in the switch's internal forwarding logic.

Second, theuntagged VLAN setting applies to egress traffic only (Option B).
While the "Allowed VLANs" list defines which tagged traffic can pass through the port, the "Untagged VLANs" list specifies which of those VLAN tags should beremovedby the switch before the frame is transmitted out of the physical port. This is crucial for connecting devices that do not support 802.1Q tagging, such as standard PCs or printers.

Regarding the incorrect options:Option Ais incorrect because the "Untagged" list does not define ingress rules; ingress is governed by the Native VLAN for untagged packets and the Allowed list for tagged packets.Option Dis incorrect because, in a managed FortiLink environment, all VLAN assignments should be performed through theFortiGate's Switch Controllerto ensure centralized management and consistency.



Which QoS mechanism maps packets with specific CoS or DSCP markings to an egress queue?

  1. Queuing for egress traffic
  2. Classification for ingress traffic
  3. Rate limiting for egress traffic
  4. Marking for ingress traffic

Answer(s): B

Explanation:

"Classification: FortiSwitch maps packets with a given CoS or DSCP marking to an egress queue. There are eight egress queues on each port: queues 0 to 7."

In Quality of Service (QoS) mechanisms, the process of mapping packets with specific CoS (Class of Service) or DSCP (Differentiated Services Code Point) markings to an egress queue involves two key steps:classificationandqueuing.

Classification: This occurs on the ingress side (incoming traffic). The switch examines the packet headers (e.g., CoS or DSCP values) to determine how the traffic should be treated. Based on this classification, the switch assigns the packet to a specific priority level or queue.

Queuing: Once the packet is classified, it is mapped to an egress queue based on its priority level. The egress queues are used to manage how traffic is transmitted out of the switch.

Option A (Queuing for egress traffic)refers to managing how packets leave the switch, but it does not involve the initial mapping of CoS/DSCP values to a queue.

Option C (Rate limiting for egress traffic)is about controlling the rate of outgoing traffic, which is unrelated to CoS/DSCP mapping.

Option D (Marking for ingress traffic)involves modifying the CoS or DSCP values of packets as they enter the switch, but it does not map them to an egress queue.

Thus,classification for ingress trafficis the mechanism that identifies and maps packets with specific CoS or DSCP markings to an appropriate egress queue.



Exhibit.


LAG and MCLAG are used to increase the available network bandwidth and enable redundancy. How does spanning tree protocol see MCLAG and LAG if they are configured based on the physi-cal view shown in the exhibit? (Choose two)

  1. Switch 1. Switch 2, and Switch 3 are seen as one MCLAG peer group
  2. Switch 3 and Switch 4 uplinks are treated as single interfaces.
  3. Switch 3 and switch 4 are seen as one MCLAG switch client
  4. Switch 1 and Switch 2 both seen as one single switch.

Answer(s): B,D

Explanation:

According to theFortiSwitchOS 7.6 Administration Guideand theFortiSwitch 7.6 Study Guide, Multichassis Link Aggregation (MCLAG) and standard Link Aggregation Groups (LAG) are designed to provide link-level and node-level redundancy while presenting a simplified logical view to the Spanning Tree Protocol (STP).

In the provided topology:

Logical Switch View (Option D):Switch 1 and Switch 2 are configured asMCLAG peersconnected via an Inter-Chassis Link (ICL). From the perspective of downstream devices and STP, these two physical switches act as a single logical entity. This prevents STP from seeing a loop between the two switches and the downstream Switch 3, as the redundant physical paths are bundled into a single logical MCLAG trunk.

Logical Interface View (Option B):The exhibit shows Switch 4 connected to Switch 3 via two physical links bundled into aLAG, and Switch 3 connected to the MCLAG peers via split links. In both cases, STP treats the aggregated physical links as asingle logical interface. Because the multiple physical paths are managed by the Link Aggregation Control Protocol (LACP) as one trunk, STP does not block individual ports to prevent loops; instead, it sees one high-bandwidth path.

Regarding the incorrect options:Option Ais false because Switch 3 is an MCLAGclient, not a peer in the group.Option Cis incorrect because Switch 3 and Switch 4 are separate physical and logical nodes; they are not seen as a single client entity by the core.



Which two types of Layer 3 interfaces can participate in dynamic routing on FortiSwitch? (Choose two.)

  1. Detected management interfaces
  2. Loopback interfaces
  3. Switch virtual interfaces
  4. Physical interfaces

Answer(s): B,C

Explanation:

In dynamic routing on FortiSwitch, certain types of interfaces are utilized to participate in the routing processes. The types of interfaces that can be used include:

Loopback Interfaces (B):Loopback interfaces are virtual interfaces that are always up, making them ideal for use in routing protocols where a stable interface is necessary. They are commonly used to establish router IDs and manage routing information more reliably.

Switch Virtual Interfaces (C):Switch Virtual Interfaces (SVIs) are assigned to VLANs and can have IP

addresses assigned to them, making them capable of participating in Layer 3 routing. SVIs are essential for routing between different VLANs on a switch and can participate in dynamic routing protocols to advertise networks or make routing decisions.

Physical Interfaces (D)andDetected Management Interfaces (A)are not typically used directly by dynamic routing protocols for their operations in the context of FortiSwitch.


Reference:

For more information on how these interfaces interact with dynamic routing protocols, you can check the FortiSwitch documentation on Fortinet's official documentation site:Fortinet Product Documentation



Which Ethernet frame can create Layer 2 flooding due to all bytes on the destination MAC address being set to all FF?

  1. The broadcast Ethernet frame
  2. The unicast Ethernet frame
  3. The multicast Ethernet frame
  4. The anycast Ethernet frame

Answer(s): A

Explanation:

Layer 2 flooding caused by Ethernet frames with all bytes in the destination MAC address set to FF refers to broadcast frames.Here's why:

Broadcast Ethernet Frame (A):

Address Specification:In Ethernet networking, a broadcast frame has a destination MAC address ofFF:FF:FF:FF:FF:FF, which instructs network devices to forward the frame to all devices within the broadcast domain.

Network Behavior:This causes Layer 2 flooding as the frame is sent to all ports in the VLAN, except the originating port, ensuring that the broadcast reaches all network segments.

Other Frame Types:

Unicast (B)targets a single device.

Multicast (C)targets a group of devices.

Anycast (D)is not used in Ethernet but rather in IP-based routing to route to the nearest of multiple destinations, typically in internet addressing.


Reference:

You can find more information about Ethernet frame types in networking textbooks or documentation that discusses network layer interaction:Network Theory Books



Refer to the configuration:



Which two conditions does FortiSwitch need to meet to successfully configure the options shown in the exhibit above? (Choose two.)

  1. The FortiSwitch model is equipped with a maximum of 54 interfaces
  2. FortiSwitch would need to be rebooted.
  3. The split port can be assigned to a native VLAN.
  4. The Dort full speed prior to the split was 100G QSFP+.

Answer(s): A,B



Page 3 of 15

Share your comments for Fortinet NSE5_FSW_AD-7.6 exam with other users:

Asad Khan 11/1/2023 3:10:00 AM

answer 16 should be b your organizational policies require you to use virtual machines directly
Anonymous


Sale Danasabe 10/24/2023 5:21:00 PM

the question are kind of tricky of you didnt get the hnag on it.
Anonymous


Luis 11/16/2023 1:39:00 PM

can anyone tell me if this is for rhel8 or rhel9?
UNITED STATES


hik 1/19/2024 1:47:00 PM

good content
UNITED STATES


Blessious Phiri 8/15/2023 2:18:00 PM

pdb and cdb are critical to the database
Anonymous


Zuned 10/22/2023 4:39:00 AM

till 104 questions are free, lets see how it helps me in my exam today.
UNITED STATES


Muhammad Rawish Siddiqui 12/3/2023 12:11:00 PM

question # 56, answer is true not false.
SAUDI ARABIA


Amaresh Vashishtha 8/27/2023 1:33:00 AM

i would be requiring dumps to prepare for certification exam
Anonymous


Asad 9/8/2023 1:01:00 AM

very helpful
PAKISTAN


Blessious Phiri 8/13/2023 3:10:00 PM

control file is the heart of rman backup
Anonymous


Senthil 9/19/2023 5:47:00 AM

hi could you please upload the ibm c2090-543 dumps
Anonymous


Harry 6/27/2023 7:20:00 AM

appriciate if you could upload this again
AUSTRALIA


Anonymous 7/10/2023 4:10:00 AM

please upload the dump
SWEDEN


Raja 6/20/2023 5:30:00 AM

i found some questions answers mismatch with explanation answers. please properly update
UNITED STATES


Doora 11/30/2023 4:20:00 AM

nothing to mention
Anonymous


deally 1/19/2024 3:41:00 PM

knowable questions
UNITED STATES


Sonia 7/23/2023 4:03:00 PM

very helpfull
UNITED STATES


binEY 10/6/2023 5:15:00 AM

good questions
Anonymous


Neha 9/28/2023 1:58:00 PM

its helpful
Anonymous


Desmond 1/5/2023 9:11:00 PM

i just took my oracle exam and let me tell you, this exam dumps was a lifesaver! without them, iam not sure i would have passed. the questions were tricky and the answers were obscure, but the exam dumps had everything i needed. i would recommend to anyone looking to pass their oracle exams with flying colors (and a little bit of cheating) lol.
SINGAPORE


Davidson OZ 9/9/2023 6:37:00 PM

22. if you need to make sure that one computer in your hot-spot network can access the internet without hot-spot authentication, which menu allows you to do this? answer is ip binding and not wall garden. wall garden allows specified websites to be accessed with users authentication to the hotspot
Anonymous


381 9/2/2023 4:31:00 PM

is question 1 correct?
Anonymous


Laurent 10/6/2023 5:09:00 PM

good content
Anonymous


Sniper69 5/9/2022 11:04:00 PM

manged to pass the exam with this exam dumps.
UNITED STATES


Deepak 12/27/2023 2:37:00 AM

good questions
SINGAPORE


dba 9/23/2023 3:10:00 AM

can we please have the latest exam questions?
Anonymous


Prasad 9/29/2023 7:27:00 AM

please help with jn0-649 latest dumps
HONG KONG


GTI9982 7/31/2023 10:15:00 PM

please i need this dump. thanks
CANADA


Elton Riva 12/12/2023 8:20:00 PM

i have to take the aws certified developer - associate dva-c02 in the next few weeks and i wanted to know if the questions on your website are the same as the official exam.
Anonymous


Berihun Desalegn Wonde 7/13/2023 11:00:00 AM

all questions are more important
Anonymous


gr 7/2/2023 7:03:00 AM

ques 4 answer should be c ie automatically recover from failure
Anonymous


RS 7/27/2023 7:17:00 AM

very very useful page
INDIA


Blessious Phiri 8/12/2023 11:47:00 AM

the exams are giving me an eye opener
Anonymous


AD 10/22/2023 9:08:00 AM

3rd so far, need to cover more
Anonymous


AI Tutor 👋 I’m here to help!