Fortinet NSE6_FSW-7.2 Exam Sample Questions

Question # 1

Which QoS mechanism maps packets with specific CoS or DSCP markings to an egress queue?
A. Queuing for egress traffic
B. Classification for ingress traffic
C. Rate limiting for egress traffic
D. Marking for ingress traffic

A. Queuing for egress traffic

The QoS mechanism that directly maps packets with specific Class of Service (CoS) or Differentiated Services Code Point (DSCP) markings to an egress queue is: Queuing for Egress Traffic (A):

This QoS feature involves assigning outgoing packets to different queues based on their priority level, which is indicated by their CoS or DSCP markings. The queues then manage the packets based on their priority, ensuring that higher-priority traffic gets transmitted sooner or with more bandwidth.


For a deeper understanding of how egress queuing works and how it utilizes CoS and DSCP markings in FortiSwitch, detailed QoS configuration guides are available on: Fortinet Technical Documentation

Question # 2

What is the role of a device that is simultaneously functioning as both the distribution and core in the hierarchy network model?
A. POE with high density FortiSwitch
B. FortiGate managing FortiSwitch
C. FortiSwitch functioning as standalone
D. HA backup FortiGate managing FortiSwitch

B. FortiGate managing FortiSwitch

In a hierarchical network model, the role of a device functioning simultaneously as both the distribution and core is most accurately described as "FortiGate managing FortiSwitch (B)." In this setup, FortiGate acts as the central unit managing multiple FortiSwitch units, thereby functioning both as a distribution layer—handling traffic between network segments—and as a core layer—managing traffic within the network on a broader scale. This setup is typical in medium-sized networks where a single device is capable enough to handle both roles effectively.

Question # 3

FortiGate is unable to establish a tunnel with the FortiSwitch device it is supposed to manage Based on the debug output shown in the exhibit, what is the reason for the failure?
A. The handshake process timed out before FortiSwitch responded.
B. DTLS client hello had the incorrect pre-shared key.
C. The CAPWAP tunnel failed to come up due to a mismatch in time.
D. FortiSwitch has disabled FortiLink and is only managed as a standalone.

C. The CAPWAP tunnel failed to come up due to a mismatch in time.

The issue described pertains to the establishment of a tunnel (likely a CAPWAP tunnel for management purposes between FortiGate and FortiSwitch). Based on typical error analysis in tunnel setup scenarios:

The CAPWAP tunnel failed to come up due to a mismatch in time (Option C): This answer is plausible because time synchronization is crucial for security protocols that underpin tunnel establishments, such as DTLS (Datagram Transport Layer Security) used within CAPWAP tunnels. If the clocks on FortiGate and FortiSwitch are significantly out of sync, the security handshake (which can include timestamp validation) could fail, preventing the tunnel from coming up.

Question # 4

To enhance service in emergency situations, to which LLDP-MED Type-Length-Values does Forti-Switch advertise to IP phones?
A. Network policy
B. Inventory management
C. Location
D. Power management

C. Location

Location (C): FortiSwitch uses LLDP-MED (Link Layer Discovery Protocol - Media Endpoint Discovery) to advertise various attributes to IP phones, among which "Location" is crucial in emergency situations. This information helps emergency responders to determine the physical location of the calling device, which is vital for prompt response in critical situations.

Question # 5

In which two ways can you assign a FortiSwitch port to a VDOM using multi-tenancy setup? (Choose two.)
A. Switch the FortiLink interface to the target VDOM.
B. Remove the managed FortiSwitch and allocate ports directly on FortiSwitch.
C. Create a virtual port pool on the FortiGate CLI.
D. Assign a port to a VDOM directly on the managed FortiSwitch.

A. Switch the FortiLink interface to the target VDOM.
C. Create a virtual port pool on the FortiGate CLI.

In a multi-tenancy setup on FortiGate, you can assign a FortiSwitch port to a VDOM in two primary ways:

Switch the FortiLink Interface to the Target VDOM (A): This method involves configuring the FortiLink interface, which is the dedicated interface used to manage FortiSwitch units from FortiGate, to operate within a specific VDOM. This effectively assigns all ports on the FortiSwitch, managed through that FortiLink interface, to the designated VDOM.

Create a Virtual Port Pool on the FortiGate CLI (C): Virtual port pools are created on FortiGate and allow ports from FortiSwitch to be grouped and assigned to a VDOM. This method is more granular and flexible, as it allows specific ports on the FortiSwitch to be dedicated to different VDOMs without requiring the entire switch or FortiLink interface to be dedicated to a single VDOM.

