NSE5_FSW_AD-7.6 Certification Exam Guide + Practice Questions Updated 2026

Explanation:
Active multicast receiver entries are aging on each IGMP query sent on the VLAN (A): When IGMP snooping querier is enabled on a VLAN, it functions to manage multicast traffic within the VLAN by keeping track of multicast group memberships. The IGMP querier sends queries to determine which ports require the multicast traffic. The multicast receiver entries, which are entries that indicate which devices have requested the multicast data, age or time out based on these IGMP queries. Each query refreshes active connections but ages out entries that no longer respond, helping to ensure that multicast traffic is only sent to ports with active receivers.

Explanation:
According to theFortiSwitchOS 7.6 Administration Guideand theFortiSwitch 7.6 Study Guide, Quality of Service (QoS) on a FortiSwitch involves several distinct stages to manage traffic priority and bandwidth. The specific process of taking identified packets and placing them into a specific priority buffer for transmission is known asQueuing.
On FortiSwitch, when a frame enters an ingress port, it is first classified based on its incomingCoS (Layer 2) orDSCP (Layer 3) markings.2However, it is theQueuing for egress traffic (Option B) mechanism that dictates which of the eight available hardware queues the frame will reside in before it is sent out of the destination port. The switch uses a mapping table (such as a CoS-to-queue or DSCP-to-queue map) to ensure that high-priority traffic, like voice or video, is placed in a higher-priority queue to minimize latency and jitter.
Regarding the other options: Classification (Option A) is the initial identification of the packet's priority but does not perform the physical mapping to a buffer.Policing (Option C) is an ingress mechanism used to drop or remark traffic that exceeds a defined rate.Shaping (Option D) is an egress mechanism that smooths out traffic bursts by delaying packets but is separate from the initial queue assignment. Therefore, the act of mapping specific markings to an egress queue is a fundamental function of the queuing mechanism.

Explanation:
In a multi-tenancy setup on FortiGate, you can assign a FortiSwitch port to a VDOM in two primary ways:
Switch the FortiLink Interface to the Target VDOM (A): This method involves configuring the FortiLink interface, which is the dedicated interface used to manage FortiSwitch units from FortiGate, to operate within a specific VDOM. This effectively assigns all ports on the FortiSwitch, managed through that FortiLink interface, to the designated VDOM.
Create a Virtual Port Pool on the FortiGate CLI (C): Virtual port pools are created on FortiGate and allow ports from FortiSwitch to be grouped and assigned to a VDOM. This method is more granular and flexible, as it allows specific ports on the FortiSwitch to be dedicated to different VDOMs without requiring the entire switch or FortiLink interface to be dedicated to a single VDOM.

Explanation:
According to theFortiSwitchOS 7.6 Administration Guideand theFortiSwitch 7.6 Study Guide, the Routing Information Base (RIB) contains all potential routes discovered by the switch, but theForwarding Information Base (FIB) only includes the "best" active routes used for hardware packet forwarding. When the routing process receives multiple paths to the exact same destination (in this case, the default route 0.0.0.0/0), it must select the most reliable source based on a specific hierarchy.
The primary tie-breaker for routes from different protocols is theAdministrative Distance (AD). AD is a value from 1 to 255 that represents the trustworthiness of the routing source, where alower value is more preferred. In the provided exhibit:
The OSPFroute has an AD of110 (shown as [110/10] ).
The Staticroute has been configured with an AD of220 (shown as [220/0] ).
Because the OSPF route's AD (110) is lower than the Static route's AD (220), the system considers the OSPF route to be superior. Consequently, only the OSPF route is "Selected" and installed into theFIB. The static route remains in the RIB as a "backup" or floating static route; it will only be moved to the FIB if the preferred OSPF route becomes unavailable.
Option D is incorrect because having identical prefixes is not a "conflict" but a standard part of route selection where AD decides the winner.
Option A is incorrect because metric is only compared if the AD is identical.

Explanation:
According to theFortiSwitchOS 7.6 Administration Guideand theNSE 5 FortiSwitch 7.6 Administrator Study Guide, FortiSwitch supports a multi-stage ACL pipeline that allows for granular traffic control at different points in a packet's journey through the switch.1The documentation identifies three primary stages for ACL application: Prelookup, Ingress, andEgress.
Prelookup (Option D): This is the earliest stage in the switching pipeline. The documentation explicitly states thatPrelookup ACLsare processedbefore any Layer 2 or Layer 3 lookupsare performed by the switch hardware. This stage is highly recommended for high-performance security actions, such as dropping unwanted traffic immediately upon arrival, because it prevents the switch from wasting
internal resources (CPU and ASIC lookup cycles) on frames that are destined to be discarded anyway.
Ingress (Option A): This stage occursafterthe switch has completed its Layer 2 (MAC table) and Layer 3 (routing table) lookups butbeforethe packet is queued for the egress port. While powerful, actions here occur after initial processing has already taken place.
Egress (Option C): This stage is processed just before the frame leaves the switch through the destination port. It is typically used for final modifications or filtering based on the outgoing interface context.
Therefore, to achieve the goal of applying actionsbeforeany Layer 2 or Layer 3 processing occurs, thePrelookupstage is the technically correct and recommended choice in FortiSwitchOS