Which step can be taken to ensure that only FortiAP devices receive IP addresses from a DHCP server on FortiGate?
A. Change the interface addressing mode to FortiAP devices.
B. Create a reservation list in the DHCP server settings.
C. Configure a VCI string value of FortiAP in the DHCP server settings.
D. Use DHCP option 138 to assign IPs to FortiAP devices.
Which two EAP methods can use MSCHAPV2 for client authentication? (Choose two.)
A. PEAP
B. EAP-TTLS
C. EAP-TLS
D. EAP-GTC
Refer to the exhibit.

A host machine connected to port2 on FortiSwitch cannot connect to the network. All ports on FortiSwitch are assigned a security policy to enforce 802.1X port authentication. While troubleshooting the issue, the administrator runs the debug command and obtains the output shown in the exhibit.
Which two scenarios are the likely cause of this issue? (Choose two.)
A. The host machine is not configured for 802.1X port authentication.
B. The host machine does not support 802. 1X authentication.
C. The host machine is quarantined due to a security incident.
D. The host machine is configured with wrong VLAN ID.
What action does FortiSwitch take when it receives a loop guard data packet (LGDP) that was sent by itself?
A. The receiving port is shut down.
B. The sending port is shut down
C. The receiving port is moved to the STP blocking state.
D. The sending port is moved to the STP blocking state
Examine the sections of the configuration shown in the following output:

What action will the FortiGate take when using OCSP certificate validation?
A. FortiGate will reject the certificate if the OCSP server replies that the certificate is unknown.
B. FortiGate will use the OCSP server 10.0.1.150 even when the OCSP URL field in the user certificate
contains a different OCSP server IP address.
C. FortiGate will use the OCSP server 10.0.1.150 even when there is a different OCSP IP address in the ocsp-override-serveroption under config user peer.
D. FortiGate will invalidate the certificate if the OSCP server is unavailable.
Refer to the exhibit.
Examine the packet capture shown in the exhibit, which contains a RADIUS access request packet sent by FortiSwitch to a RADIUS server.

Why does the User-Name field in the RADIUS access request packet contain a MAC address?
A. The FortiSwitch interface is configured for 802.1X port authentication with MAC address bypass, and the connected device does not support 802.1X.
B. FortiSwitch authenticates itself using its MAC address as the user name.
C. The connected device is doing machine authentication.
D. FortiSwitch is replying to an access challenge packet sent by the RADIUS server and requesting the client MAC address.
Refer to the exhibits.

Examine the VAP configuration and the WiFi zones table shown in the exhibits.

Which two statements describe FortiGate behavior regarding assignment of VLANs to wireless clients? (Choose two.)
A. FortiGate will load balance clients using VLAN 101 and VLAN 102 and assign them an IP address from the 10.0.3.0/24 subnet.
B. Clients connecting to APs in the Floor 1 group will not be able to receive an IP address.
C. All clients connecting to the Corp SSID will receive an IP address from the 10.0.3.1/24 subnet.
D. Clients connecting to APs in the Office group will be assigned an IP address from the 10.0.20.1/24 subnet.
Refer to the exhibit.
The exhibit shows a network topology and SSID settings.

FortiGate is configured to use an external captive portal. However, wireless users are not able to see the captive portal login page.
Which configuration change should the administrator make to fix the problem?
A. Create a firewall policy to allow traffic from the Guest SSID to FortiAuthenticator and Windows AD devices.
B. Enable the captive-portal-exemptoption in the firewall policy with the ID 10.
C. Remove guest.portal user group in the firewall policy.
D. FortiAuthenticator and WindowsAD address objects should be added as exempt sources.
Which CLI command should an administrator use to view the certificate validation process in real-time?
A. diagnose debug application certd -1
B. diagnose debug application fnbamd -1
C. diagnose debug application authd -1
D. diagnose debug application foauthd -1
Refer to the exhibit.

Given the network topology shown in the exhibit, which two ports should be configured as untrusted DHCP ports? (Choose two.)
A. FortiSwitch A, port2
B. FortiSwitch A, port1
C. FortiSwitch B, port1
D. FortiSwitch B, port2