Refer to the exhibitsTraffic arriving on port2 on FortiSwitch is tagged with VLAN ID 10 and destined for PC1 connected on port1. PC1 expects to receive traffic untagged from port1 on FortiSwitch. Which two configurations can you perform on FortiSwitch to ensure PC1 receives untagged traffic on port1? (Choose two.)
Answer(s): B,C
According to theFortiSwitchOS 7.6 Administration Guideand theFortiSwitch 7.6 Study Guide, the way a FortiSwitch handles VLAN tags on egress (outgoing) traffic is governed by the port'sNative VLANand itsUntagged VLAN list. When traffic for VLAN 10 arrives at port2 (the uplink) and is forwarded to port1, the switch must determine whether to strip the 802.1Q tag before transmission.Untagged VLAN List (Option B):The documentation explicitly states that the "untagged VLAN list" specifies VLANs for which the port will transmit frameswithout the VLAN tag. By adding VLAN ID 10 to the untagged VLANs on port1, any traffic belonging to VLAN 10 will have its tag stripped at the egress point, ensuring PC1 receives a standard untagged frame.Configuration Logic (Option C):In FortiSwitch management, moving a VLAN from the "Allowed" list (which typically implies tagged delivery) to the "Untagged" list on a specific interface forces the switch to perform the tag-stripping action. This effectively converts the port from a trunked behavior for that VLAN to an "access" or untagged behavior.Regarding the incorrect options:Option A (MAC-based assignment)is used primarily foringress classification. While it can assign a device to a VLAN when it sends trafficintothe switch, the documentation notes that by default, egress packets for MAC-based VLANs still include the tag unless the untagged list is configured.Option D(Private VLANs) is a security feature for isolating traffic between ports within the same VLAN and does not address the physical tagging requirements of the endpoint.
Which two requirements must be met before FortiGate can manage a FortiSwitch stack? (Choose two answers)
Answer(s): B,D
According to theFortiOS 7.6 Study Guideand theFortiSwitch 7.6 FortiLink Guide, several prerequisite steps and compatibility checks must be performed before a FortiGate can successfully discover,authorize, and manage a FortiSwitch or a stack of switches.First, theSwitch Controller feature must be enabled (Option B)on the FortiGate.2By default, on many FortiGate models, the "Switch Controller" menu is hidden in the GUI to simplify the interface. Administrators must navigate toSystem > Feature Visibilityand toggle theSwitch Controllerswitch to "on" to expose the management menus required to configure FortiLink interfaces and manage FortiSwitch units.3Without this feature enabled, the FortiGate cannot act as a centralized management entity for the switch fabric.Second, theFortiSwitchOS version must be compatible with FortiOS (Option D). While it is not strictly required to be on the "latest" version (Option A), the firmware on both devices must fall within the supported compatibility matrix provided by Fortinet. If the versions are incompatible, the FortiLink tunnel (CAPWAP) may fail to establish, or certain management features may be unavailable in the FortiOS GUI.Regarding the incorrect options:Option Ais not a requirement because older, compatible versions are often used in stable environments.Option Cis incorrect because FortiLink interfaces are the very mechanism used for management; they must be correctly configured and enabled, not disabled, for management to function. Therefore, ensuring feature visibility and verifying the compatibility matrix are the two essential administrative requirements for establishing a managed switch stack.
You are configuring VLANs on a FortiSwitch device managed by FortiGate. Which two statements accurately describe VLAN assignment requirements and behavior on FortiSwitch ports? (Choose two answers)
According to theFortiSwitchOS 7.6 Administration Guideand theFortiSwitch 7.6 Study Guide, understanding how VLANs are processed on a switch port is fundamental to network segmentation. A FortiSwitch port behaves differently depending on whether traffic is entering (ingress) or leaving (egress) the interface.First,you can assign only one native VLAN on a port (Option C). The Native VLAN (often called the PVID or Port VLAN ID) is the default internal ID assigned to any untagged frames arriving at the port. In a managed environment, this is typically set via the FortiGate's switch controller. By design, a single physical interface can only belong to one primary broadcast domain for untagged ingress traffic to ensure there is no ambiguity in the switch's internal forwarding logic.Second, theuntagged VLAN setting applies to egress traffic only (Option B). While the "Allowed VLANs" list defines which tagged traffic can pass through the port, the "Untagged VLANs" list specifies which of those VLAN tags should beremovedby the switch before the frame is transmitted out of the physical port. This is crucial for connecting devices that do not support 802.1Q tagging, such as standard PCs or printers.Regarding the incorrect options:Option Ais incorrect because the "Untagged" list does not define ingress rules; ingress is governed by the Native VLAN for untagged packets and the Allowed list for tagged packets.Option Dis incorrect because, in a managed FortiLink environment, all VLAN assignments should be performed through theFortiGate's Switch Controllerto ensure centralized management and consistency.
Which QoS mechanism maps packets with specific CoS or DSCP markings to an egress queue?
Answer(s): B
"Classification: FortiSwitch maps packets with a given CoS or DSCP marking to an egress queue. There are eight egress queues on each port: queues 0 to 7."In Quality of Service (QoS) mechanisms, the process of mapping packets with specific CoS (Class of Service) or DSCP (Differentiated Services Code Point) markings to an egress queue involves two key steps:classificationandqueuing.Classification: This occurs on the ingress side (incoming traffic). The switch examines the packet headers (e.g., CoS or DSCP values) to determine how the traffic should be treated. Based on this classification, the switch assigns the packet to a specific priority level or queue.Queuing: Once the packet is classified, it is mapped to an egress queue based on its priority level. The egress queues are used to manage how traffic is transmitted out of the switch.Option A (Queuing for egress traffic)refers to managing how packets leave the switch, but it does not involve the initial mapping of CoS/DSCP values to a queue.Option C (Rate limiting for egress traffic)is about controlling the rate of outgoing traffic, which is unrelated to CoS/DSCP mapping.Option D (Marking for ingress traffic)involves modifying the CoS or DSCP values of packets as they enter the switch, but it does not map them to an egress queue.Thus,classification for ingress trafficis the mechanism that identifies and maps packets with specific CoS or DSCP markings to an appropriate egress queue.
Exhibit.LAG and MCLAG are used to increase the available network bandwidth and enable redundancy. How does spanning tree protocol see MCLAG and LAG if they are configured based on the physi-cal view shown in the exhibit? (Choose two)
According to theFortiSwitchOS 7.6 Administration Guideand theFortiSwitch 7.6 Study Guide, Multichassis Link Aggregation (MCLAG) and standard Link Aggregation Groups (LAG) are designed to provide link-level and node-level redundancy while presenting a simplified logical view to the Spanning Tree Protocol (STP).In the provided topology:Logical Switch View (Option D):Switch 1 and Switch 2 are configured asMCLAG peersconnected via an Inter-Chassis Link (ICL). From the perspective of downstream devices and STP, these two physical switches act as a single logical entity. This prevents STP from seeing a loop between the two switches and the downstream Switch 3, as the redundant physical paths are bundled into a single logical MCLAG trunk.Logical Interface View (Option B):The exhibit shows Switch 4 connected to Switch 3 via two physical links bundled into aLAG, and Switch 3 connected to the MCLAG peers via split links. In both cases, STP treats the aggregated physical links as asingle logical interface. Because the multiple physical paths are managed by the Link Aggregation Control Protocol (LACP) as one trunk, STP does not block individual ports to prevent loops; instead, it sees one high-bandwidth path.Regarding the incorrect options:Option Ais false because Switch 3 is an MCLAGclient, not a peer in the group.Option Cis incorrect because Switch 3 and Switch 4 are separate physical and logical nodes; they are not seen as a single client entity by the core.
Which two types of Layer 3 interfaces can participate in dynamic routing on FortiSwitch? (Choose two.)
In dynamic routing on FortiSwitch, certain types of interfaces are utilized to participate in the routing processes. The types of interfaces that can be used include:Loopback Interfaces (B):Loopback interfaces are virtual interfaces that are always up, making them ideal for use in routing protocols where a stable interface is necessary. They are commonly used to establish router IDs and manage routing information more reliably.Switch Virtual Interfaces (C):Switch Virtual Interfaces (SVIs) are assigned to VLANs and can have IPaddresses assigned to them, making them capable of participating in Layer 3 routing. SVIs are essential for routing between different VLANs on a switch and can participate in dynamic routing protocols to advertise networks or make routing decisions.Physical Interfaces (D)andDetected Management Interfaces (A)are not typically used directly by dynamic routing protocols for their operations in the context of FortiSwitch.
For more information on how these interfaces interact with dynamic routing protocols, you can check the FortiSwitch documentation on Fortinet's official documentation site:Fortinet Product Documentation
Which Ethernet frame can create Layer 2 flooding due to all bytes on the destination MAC address being set to all FF?
Answer(s): A
Layer 2 flooding caused by Ethernet frames with all bytes in the destination MAC address set to FF refers to broadcast frames.Here's why:Broadcast Ethernet Frame (A):Address Specification:In Ethernet networking, a broadcast frame has a destination MAC address ofFF:FF:FF:FF:FF:FF, which instructs network devices to forward the frame to all devices within the broadcast domain.Network Behavior:This causes Layer 2 flooding as the frame is sent to all ports in the VLAN, except the originating port, ensuring that the broadcast reaches all network segments.Other Frame Types:Unicast (B)targets a single device.Multicast (C)targets a group of devices.Anycast (D)is not used in Ethernet but rather in IP-based routing to route to the nearest of multiple destinations, typically in internet addressing.
You can find more information about Ethernet frame types in networking textbooks or documentation that discusses network layer interaction:Network Theory Books
Refer to the configuration:Which two conditions does FortiSwitch need to meet to successfully configure the options shown in the exhibit above? (Choose two.)
Answer(s): A,B
Share your comments for Fortinet NSE5_FSW_AD-7.6 exam with other users:
vraag 20c: rsa veilig voor symmtrische cryptografie? antwoord c is toch fout. rsa is voor asymmetrische cryptogafie??
so far good
question 31 has obviously wrong answers. tls and ssl are used to encrypt data at transit, not at rest.
pls provide dump for 1z0-1080-23 planning exams
could you please upload the exam?
please upload this
good material
lets see if this is good stuff...
useful information
intéressant
thank you for making the interactive questions
questions are accurate
i need questions/dumps for this exam.
i need this exam, when will it be uploaded
i need the dumps !
very helpful
good source
my 3rd test and passed on first try. hats off to this brain dumps site.
please upload it
does anybody know if are these real exam questions?
are these questions similar to actual questions in the exam? because they seem to be too easy
i have a lot of experience but what comes in the exam is totally different from the practical day to day tasks. so i thought i would rather rely on these brain dumps rather failing the exam.
good questions
valied exam dumps. they were very helpful and i got a pretty good score. i am very grateful for this service and exam questions
will it help?
very useful to verify knowledge before exam
good stuffs
question 17 : responses arent b and c ?
just passed the exam on my first try using these dumps.
these questions look good.
this is very helpful content
please provide the dumps
it is amazing