New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Fortinet > Fortinet Certification > NSE7_LED-7.0

NSE7_LED-7.0 Fortinet NSE 7 - LAN Edge 7.0 Question and Answers

Question # 4

Refer to the exhibit

A device connected to port2 on FortiSwitch cannot access the network The port is assigned a security policy to enforce 802 1X authentication While troubleshooting the issue, the administrator obtains the debug output shown in the exhibit

Which two scenarios are likely to cause this issue? (Choose two.)

A.

The device is not configured for 802 IX authentication.

B.

The device has been quarantined for 3600 seconds.

C.

The device has been assigned the guest VLAN

D.

The device does not support 802 1X authentication

Full Access
Question # 5

Which EAP method requires the use of a digital certificate on both the server end and the client end?

A.

EAP-TTLS

B.

PEAP

C.

EAP-GTC

D.

EAP-TLS

Full Access
Question # 6

Refer to the exhibits.

Firewall Policy

Examine the firewall policy configuration and SSID settings

An administrator has configured a guest wireless network on FortiGate using the external captive portal The administrator has verified that the external captive portal URL is correct However wireless users are not able to see the captive portal login page

Given the configuration shown in the exhibit and the SSID settings which configuration change should the administrator make to fix the problem?

A.

Disable the user group from the SSID configuration

B.

Enable the captivs-portal-exempt option in the firewall policy with the ID 11.

C.

Apply a guest.portal user group in the firewall policy with the ID 11.

D.

Include the wireless client subnet range in the Exempt Source section

Full Access
Question # 7

Which CLI command should an administrator use to view the certificate verification process in real time?

A.

diagnose debug application foauthd -1

B.

diagnose debug application radiusd -1

C.

diagnose debug application authd -1

D.

diagnose debug application fnbamd -1

Full Access
Question # 8

Exhibit.

Exhibit.

Refer to the exhibits

In the wireless configuration shown in the exhibits, an AP is deployed in a remote site and has a wireless network (VAP) called Corporate deployed to it

The network is a tunneled network however clients connecting to a wireless network require access to a local printer Clients are trying to print to a printer on the remote site but are unable to do so

Which configuration change is required to allow clients connected to the Corporate SSID to print locally?

A.

Configure split-tunneling in the vap configuration

B.

Configure split-tunneling in the wtp-profile configuration

C.

Disable the Block Intra-SSID Traffic (intra-vap-privacy) setting on the SSID (VAP) profile

D.

Configure the printer as a wireless client on the Corporate wireless network

Full Access
Question # 9

An administrator is testing the connectivity for a new VLAN The devices in the VLAN are connected to a FortiSwitch device that is managed by FortiGate Quarantine is disabled on FortiGate

While testing the administrator noticed that devices can ping FortiGate and FortiGate can ping the devices The administrator also noticed that inter-VLAN communication works However intra-VLAN communication does not work

Which scenario is likely to cause this issue?

A.

Access VLAN is enabled on the VLAN

B.

The native VLAN configured on the ports is incorrect

C.

The FortiSwitch MAC address table is missing entries

D.

The FortiGate ARP table is missing entries

Full Access
Question # 10

A wireless network in a school provides guest access using a captive portal to allow unregistered users to self-register and access the network The administrator is requested to update the existing configuration to provide captive portal authentication through a secure connection (HTTPS)

Which two changes must the administrator make to enforce HTTPS authentication"? (Choose two >

A.

Create a new SSID with the HTTPS captive portal URL

B.

Enable HTTP redirect in the user authentication settings

C.

Disable HTTP administrative access on the guest SSID to enforce HTTPS connection

D.

Update the captive portal URL to use HTTPS on FortiGate and FortiAuthenticator

Full Access
Question # 11

Refer to the exhibit.

Examine the FortiGate user group configuration and the Windows AD LDAP group membership information shown in the exhibit

FortiGate is configured to authenticate SSL VPN users against Windows AD using LDAP The administrator configured the SSL VPN user group for SSL VPN users However the administrator noticed that both the student and j smith users can connect to SSL VPN

Which change can the administrator make on FortiGate to restrict the SSL VPN service to the student user only?

A.

In the SSL VPN user group configuration set Group Nam© to CN-SSLVPN, CN="users, DC-trainingAD, DC-training, DC-lab

B.

In the SSL VPN user group configuration, change Name to cn=sslvpn, CN=users, DC=trainingAD, Detraining, DC-lab.

C.

In the SSL VPN user group configuration set Group Name to ::;=Domain users.CN-Users/DC=trainingAD, DC-training, DC=lab.

D.

In the SSL VPN user group configuration change Type to Fortinet Single Sign-On (FSSO)

Full Access