Special Summer Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

 
Home > Fortinet > Fortinet Certification > NSE7_LED-7.0

NSE7_LED-7.0 Fortinet NSE 7 - LAN Edge 7.0 Question and Answers

Question # 4

Which two statements about FortiSwitch manager are true1? (Choose two)

A.

Per-device management is the default management mode on FortiManager

B.

FortiManager obtains the FortiSwitch status information by querying the FortiGate REST API every three minutes

C.

If the administrator makes any changes on FortiSwitch manager they must also install those changes on FortiGate so that those changes are applied on the managed switches

D.

Any switch discovered or authorized on FortiGate must be added manually on FortiSwitch manager

Full Access
Question # 5

An administrator is deploying a new FortiGate device using zero-touch provisioning. Before deployment, the administrator added the FortiGate serial number on FortiManager and configured all the FortiGate settings FortiGate has a factory default configuration. However, when the administrator connects FortiGate to the network, FortiManager does not start the installation automatically. Which two scenarios are likely to cause this issue? (Choose two.)

A.

The serial number added on FortiManager does not match the FortiGate serial number.

B.

The DHCP server that serves FortiGate is not configured with options 240 and 241.

C.

Zero-touch provisioning is disabled on FortiManager.

D.

The pre-shared key set on FortiManager does not match the one set on FortiGate.

Full Access
Question # 6

When you configure a FortiAP wireless interface for auto TX power control which statement describes how it configures its transmission power"?

A.

Every 30 seconds the AP will measure the signal strength of the AP using the client The AP will adjust its signal strength up or down until the AP signal is detected at -70 dBm

B.

Every 30 seconds FortiGate measures the signal strength of adjacent AP interfaces It will adjust its own AP power to match the adjacent AP signal strength

C.

Every 30 seconds FortiGate measures the signal strength of adjacent FortiAP interfaces It will adjust the adjacent AP power to be detectable at -70 dBm

D.

Every 30 seconds FortiGate measures the signal strength of the weakest associated client The AP will then configure its radio power to match the detected signal strength of the client

Full Access
Question # 7

Which statement correctly describes the guest portal behavior on FortiAuthenticator?

A.

FortiAuthenticator uses POST parameters and a RADIUS client configuration to map the request to a guest portal for authentication.

B.

Sponsored accounts cannot authenticate using guest portals.

C.

All self-registered and sponsored accounts are listed on the local Users GUI page on FortiAuthenticator.

D.

All guest accounts must be activated using SMS or email activation codes.

Full Access
Question # 8

Refer to the exhibit.

Examine the LDAP server configuration shown in the exhibit Note that the Username setting has been expanded to display Its full content

On the Windows AD server 10.0.1.10, the administrator used dsquery. which returned the following output:

According to the output which FortiGate LDAP setting is configured incorrectly''

A.

Common Name Identifier

B.

Bind Type

C.

Distinguished Name

D.

Username

Full Access
Question # 9

An administrator has deployed multiple dual-band wireless APs in a wireless network. APs are installed at measured distances to ensure fast roaming for the clients. Multiple 2.4 GHz-only wireless clients are connecting to the network, and subsequent monitoring shows that individual AP 2.4 GHz interfaces are being overloaded with wireless connections.

Which configuration change would best resolve the overloading issue?

A.

Configure load balancing AP handoff on both AP interfaces on all Aps.

B.

Configure a client limit on all AP 2.4 GHz interfaces.

C.

Configure load balancing frequency handoff on both AP interfaces.

D.

Configure load balancing AP handoff on only the 2.4 GHz interfaces of all APs.

Full Access
Question # 10

Refer to the exhibits showing AP monitoring information.

The exhibits show the status of an AP in a small office building. The building is located at the edge of a campus, and users are reporting issues with wireless network performance.

Which configuration change would best improve the wireless network performance?

A.

Select an alternative channel for the 5 GHz interface.

B.

Disable lower data rates on the 5 GHz interface.

C.

Enable band steering on the AP.

D.

Relocate the AP to be closer to the clients.

Full Access
Question # 11

Refer to the exhibit.

Examine the FortiGate configuration FortiAnalyzer logs and FortiGate widget shown in the exhibit

An administrator is testing the Security Fabric quarantine automation The administrator added FortiAnalyzer to the Security Fabric and configured an automation stitch to automatically quarantine compromised devices The test device (::.:.:.!) s connected to a managed Fort Switch dev :e

After trying to access a malicious website from the test device, the administrator verifies that FortiAnalyzer has a log (or the test connection However the device is not getting quarantined by FortiGate as shown in the quarantine widget

Which two scenarios are likely to cause this issue? (Choose two)

A.

The web filtering rating service is not working

B.

FortiAnalyzer does not have a valid threat detection services license

C.

The device does not have FortiClient installed

D.

FortiAnalyzer does not consider the malicious website an indicator of compromise (IOC)

Full Access
Question # 12

Which two statements about MAC address quarantine by redirect mode are true? (Choose two)

A.

The quarantined device is moved to the quarantine VLAN

B.

The device MAC address is added to the Quarantined Devices firewall address group

C.

It is the default mode for MAC address quarantine

D.

The quarantined device is kept in the current VLAN

Full Access
Question # 13

Refer to the exhibit.

Examine the FortiManager configuration and FortiGate CLI output shown in the exhibit

An administrator is testing the NAC feature The test device is connected to a managed FortiSwitch device {S224EPTF19"53€7)onport2

After applying the NAC policy on port2 and generating traffic on the test device the test device is not matching the NAC policy therefore the test device remains m the onboarding VLAN

Based on the information shown in the exhibit which two scenarios are likely to cause this issue? (Choose two.)

A.

Management communication between FortiGate and FortiSwitch is down

B.

The MAC address configured on the NAC policy is incorrect

C.

The device operating system detected by FortiGate is not Linux

D.

Device detection is not enabled on VLAN 4089

Full Access
Question # 14

Refer to the exhibits.

Firewall Policy

Examine the firewall policy configuration and SSID settings

An administrator has configured a guest wireless network on FortiGate using the external captive portal The administrator has verified that the external captive portal URL is correct However wireless users are not able to see the captive portal login page

Given the configuration shown in the exhibit and the SSID settings which configuration change should the administrator make to fix the problem?

A.

Disable the user group from the SSID configuration

B.

Enable the captivs-portal-exempt option in the firewall policy with the ID 11.

C.

Apply a guest.portal user group in the firewall policy with the ID 11.

D.

Include the wireless client subnet range in the Exempt Source section

Full Access
Question # 15

Which three protocols are used for controlling FortiSwitch devices on FortiGate? (Choose three.)

A.

HTTPS

B.

CAPWAP

C.

IGMP

D.

FTP

E.

FortiLink

Full Access
Question # 16

Which two statements about the use of digital certificates are true? (Choose two.)

A.

A chain of trust may include one or more intermediate CAs.

B.

In a chain of trust, the root CA is signed by another certificate.

C.

To validate the signature on a certificate, an endpoint does not need to know the CA of that certificate.

D.

An intermediate CA can sign other certificates.

Full Access
Question # 17

Refer to the exhibit.

An administrator wants to telnet into the S224EPTF19005867 switch over the FortiGate FortiLink interface.

Which configuration change should the administrator make?

A.

Enable telnet access on the FortiLink interface.

B.

On the default local-access profile, add telnet to the list of allowed protocols for mgmt-allowaccess.

C.

On the default local-access profile, add telnet to the list of allowed protocols for internal-allowaccess.

D.

Factory reset the switch to enable telnet access.

Full Access
Question # 18

Refer to the exhibits.

In the WTP profile configuration shown in the exhibit, the AP profile is assigned to two FAP-320 APs that are installed in an open plan office.

The first AP has 32 clients associated with the 5 GHz radios and 22 clients associated with the 2.4 GHz radio. The second AP has 12 clients associated with the 5 GHz radios and 20 clients associated with the 2.4 GHz radio.

A dual-band-capable client enters the office near the first AP and the first AP measures the new client at -33 dBm signal strength. The second AP measures the new client at 2 -43 dBm signal strength.

If the new client attempts to connect to the corporate wireless network, with which AP radio will the client be associated?

A.

The second AP 2.4 GHz interface.

B.

The first AP 5 GHz interface.

C.

The second AP 5 GHz interface.

D.

The first AP 2.4 GHz interface.

Full Access
Copyright myexamcollection.com. All Right Reserved.