FCSS_LED_AR-7.6 Exam Dumps : Fortinet NSE 6 - LAN Edge 7.6 Architect

Auto TX power control on FortiAP is an RF-optimization feature:

FortiGate (as wireless controller) continuously evaluatesRSSI of associated clientson each FortiAP radio.

The algorithm focuses on theweakest client(the one with the worst signal) and adjusts the AP’s transmit power so that this client’s signal level stays within a configured / target range.

This helps balance coverage and limit co-channel interference: APs don’t transmit at maximum power when clients are close, but will increase power when the weakest client signal drops too low.

Therefore the correct behavior description is:

✔C– AP power is adjusted based on the weakest associated client’s signal.

Why the others are wrong:

AandBtalk about matching nearby APs’ power or forcing everything to –70 dBm, which is not how FortiAP auto TX works.

Dincorrectly states the AP “evaluates its own transmission from the client perspective”; the AP can only infer client-side conditions from theclient’s RSSI at the AP, not the inverse.

Goal: enforce captive portal authentication overHTTPSfor guests.

On FortiGate/FortiAuthenticator captive portal setups:

HTTP redirectis used so that when a guest browses to any HTTP site, their request is redirected to theportal URL.

Theportal URLitself must beHTTPSif you want a secure login page.

FortiOS captive portal and firewall authentication guidelines recommend:

EnablingHTTP redirectso unauthenticated HTTP traffic is transparently sent to the portal.

Configuring theportal URL with HTTPS, often referencing a certificate on FortiGate or FortiAuthenticator.

Therefore:

A. Enable HTTP redirect in the user authentication settings.✔This ensures unauthenticated HTTP requests are redirected to the (now HTTPS) portal.

D. Update the captive portal URL to use HTTPS on FortiGate and FortiAuthenticator.✔This makes the login itself secure (TLS-protected).

Incorrect:

B– You don’t need a new SSID; the same SSID can use HTTPS portal.

C– Disabling HTTP admin access on the SSID doesn’t control the captive portal scheme; HTTPS enforcement is done by the portal configuration and redirect, not by admin-access flags.

From the exhibits:

Interface“APs”is a VLAN sub-interface onfortilinkwith IP10.10.100.254/24and a DHCP server scope 10.10.100.1–10.10.100.253.

This VLAN is assigned toport1on the managed FortiSwitch for FortiAPs.

The interface config showsonly allowaccess ping—Security Fabric Connection is not enabled.

In LAN Edge designs, FortiAPs connected through FortiSwitch are discovered and managed asLAN edge devices of the Security Fabric. FortiOS documentation states that FortiAPs and FortiSwitches appear in the Fabric topologyonly when connected on an interface with Security Fabric Connection enabled.

If the VLAN/AP management interface lacksSecurity Fabric Connection:

FortiGate does not treat that network as aFabric connection segment.

CAPWAP discovery from FortiAPs on that VLAN will not result in the AP being onboarded and shown for management.

Therefore the key misconfiguration is:

✔A – Security Fabric is disabled on the VLAN interface used for AP management.

Why the others are not the root cause:

B. Firmware incompatibility– would usually show as a “Managed (upgrade required)” or similar status after discovery, not complete non-detection. The scenario specifically points to a configuration issue, not firmware.

C. VLAN not tagged correctly on uplink– The FortiSwitch uplink to FortiGate is the FortiLink trunk, and the VLAN sub-interface APs is already bound to fortilink, so tagging on the uplink is correct by definition.

D. CAPWAP ports not open– CAPWAP (UDP 5246/5247) is terminated locally on FortiGate and does not depend on any firewall policy; these ports are open on the FortiGate itself by default.