NSE5_FNC_AD_7.6 Dumps With Exact Questions and Answers

In a corporate domain environment where "enhanced endpoint visibility" is required, the Persistent Agent is the recommended choice. Unlike the Dissolvable Agent, which is temporary and intended for one-time compliance scans during registration, the Persistent Agent is an "install-and-stay-resident" application.

The Persistent Agent is specifically designed to be distributed through automated enterprise methods, including login scripts , Group Policy Objects (GPO), or third-party software management tools. When deployed via a login script, the agent can be configured to silently install and immediately begin communicating with the FortiNAC-F service interface. Once active, it provides continuous visibility by reporting host details such as logged-on users, installed applications, and adapter information. It also listens for Windows session events (logon/logoff) to trigger automatic single-sign-on (SSO) registration in FortiNAC-F, ensuring that as soon as a user connects to the domain, their device is identified and assigned the correct network access policy.

"The Persistent Agent can be distributed to Windows domain machines via login script or by any other software distribution method your organization might use. The Persistent Agent remains installed on the host at all times. Once the agent is installed it runs in the background and communicates with FortiNAC at intervals established by the FortiNAC administrator." — FortiNAC-F Administration Guide: Persistent Agent Overview.

The integration of FortiNAC-F with FortiGate VPN requires a specific policy workflow to bridge the gap between initial user authentication and full network access. When a user connects to the VPN, the FortiGate typically provides the User ID and IP address, but FortiNAC-F requires a MAC address to uniquely identify and manage the endpoint's record.

According to the FortiGate VPN Integration Guide , the Endpoint Compliance Policy is a mandatory component of this setup because it is used to designate the required agent type . Because a VPN connection is Layer 3, FortiNAC cannot "see" the MAC address through traditional SNMP or L2 polling. The compliance policy instructs the system to present a Captive Portal to the remote user, requiring them to download and run either the Persistent or Dissolvable Agent . The agent then reports the device's MAC address back to FortiNAC, allowing the system to correlate the VPN session with a host record.

Once the agent is running and the MAC is known, FortiNAC-F can evaluate the device's security posture (if scanning is configured) and send the necessary FSSO tags back to the FortiGate to lift the initial network restrictions. Without the compliance policy to enforce the agent requirement, the connection would remain in an isolated "IP-only" state with no unique hardware identity.

"The Endpoint Compliance Policy is necessary to control the agent requirement for VPN users. Create a default VPN Endpoint Compliance Policy to distribute an agent via captive portal for isolated machines. This policy allows the administrator to designate the required agent type (Persistent or Dissolvable) that will be used to collect the hardware (MAC) address and perform health scans on the remote endpoint." — FortiNAC FortiGate VPN Integration Guide: Default Endpoint Compliance Policy (Optional) Section.

In FortiNAC-F, the Security Incidents engine is used to automate responses to security threats reported by external devices. When an administrator wants to enforce a policy, such as quarantining contractors who access restricted websites, they must create a Security Rule . A Security Rule acts as the "if-then" logic that correlates incoming security data with the internal host database.

The documentation specifies that a Security Rule consists of three primary configurable components:

User/Host Profile: This identifies who or what the rule applies to (in this case, "Contractors").

Trigger: This is the event that initiates the rule evaluation. In this scenario, the Trigger would be configured to match specific syslog messages or NetFlow data indicating access to prohibited websites. Triggers use filters to match vendor-specific data, such as a "Web Filter" event from a FortiGate.

Action: This defines what happens when the Trigger and User/Host Profile are matched. For this scenario, the administrator would select a "Quarantine" action, which instructs FortiNAC-F to move the endpoint to a restricted VLAN or apply a restrictive ACL.

While "Methods" (A) relate to authentication and "Security Strings" (E) are used for specific SNMP or CLI matching, they are not the structural components of a Security Rule in the Security Incidents menu.

"Security Rules are used to perform a specific action based on certain criteria... To configure a Security Rule, navigate to Logs > Security Incidents > Rules . Each rule requires a Trigger to define the event criteria, an Action to define the automated response (such as Quarantine), and a User/Host Profile to limit the rule to specific groups." — FortiNAC-F Administration Guide: Security Rules and Incident Management.