Special Summer Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Fortinet NSE7_LED-7.0 Fortinet NSE 7 - LAN Edge 7.0 Exam Practice Test

Page: 1 / 6
Total 61 questions

Fortinet NSE 7 - LAN Edge 7.0 Questions and Answers

Question 1

Which CLI command should an administrator use on FortiGate to view the RSSO authentication process in real time?

Options:

A.

diagnose debug application fnbamd -1

B.

diagnose debug application authd -1

C.

diagnose debug application radiusd -1

D.

diagnose debug application foauthd -1

Question 2

Refer to the exhibits.

Question # 2

In the WTP profile configuration shown in the exhibit, the AP profile is assigned to two FAP-320 APs that are installed in an open plan office.

Question # 2

The first AP has 32 clients associated with the 5 GHz radios and 22 clients associated with the 2.4 GHz radio. The second AP has 12 clients associated with the 5 GHz radios and 20 clients associated with the 2.4 GHz radio.

A dual-band-capable client enters the office near the first AP and the first AP measures the new client at -33 dBm signal strength. The second AP measures the new client at 2 -43 dBm signal strength.

If the new client attempts to connect to the corporate wireless network, with which AP radio will the client be associated?

Options:

A.

The second AP 2.4 GHz interface.

B.

The first AP 5 GHz interface.

C.

The second AP 5 GHz interface.

D.

The first AP 2.4 GHz interface.

Question 3

A wireless network in a school provides guest access using a captive portal to allow unregistered users to self-register and access the network The administrator is requested to update the existing configuration to provide captive portal authentication through a secure connection (HTTPS)

Which two changes must the administrator make to enforce HTTPS authentication"? (Choose two >

Options:

A.

Create a new SSID with the HTTPS captive portal URL

B.

Enable HTTP redirect in the user authentication settings

C.

Disable HTTP administrative access on the guest SSID to enforce HTTPS connection

D.

Update the captive portal URL to use HTTPS on FortiGate and FortiAuthenticator

Question 4

Refer to the exhibits showing AP monitoring information.

Question # 4

The exhibits show the status of an AP in a small office building. The building is located at the edge of a campus, and users are reporting issues with wireless network performance.

Question # 4

Which configuration change would best improve the wireless network performance?

Options:

A.

Select an alternative channel for the 5 GHz interface.

B.

Disable lower data rates on the 5 GHz interface.

C.

Enable band steering on the AP.

D.

Relocate the AP to be closer to the clients.

Question 5

Which three protocols are used for controlling FortiSwitch devices on FortiGate? (Choose three.)

Options:

A.

HTTPS

B.

CAPWAP

C.

IGMP

D.

FTP

E.

FortiLink

Question 6

Exhibit.

Question # 6

Refer to the exhibit showing a network topology and SSID settings.

FortiGate is configured to use an external captive portal However wireless users are not able to see the captive portal login page

Which configuration change should the administrator make to fix the problem?

Options:

A.

Enable NAT in the firewall policy with the ID 13.

B.

Add the FortiAuthenticator and WindowsAD address objects as exempt destinations services

C.

Enable the captive-portal-exempt option in the firewall policy with the ID 12

D.

Remove the guest.portal user group in the firewall policy with the ID 12

Question 7

Refer to the exhibits.

Question # 7

Examine the debug output and the SSL VPN configuration shown in the exhibits.

Question # 7

An administrator has configured SSL VPN on FortiGate. To improve security, the administrator enabled Required Client Certificate on the SSL VPN configuration page. However, a user is unable to successfully authenticate to SSL VPN.

Which configuration change should the administrator make to fix the problem?

Options:

A.

Enable Redirect HTTP to SSL-VPN on the SSL VPN configuration page.

B.

Import the CA that signed the SSL VPN Server Certificate to FortiGate.

C.

Set the user certificate as the Server Certificate on the SSL VPN configuration page.

D.

Import the CA that signed the user certificate to FortiGate.

Question 8

Refer to the exhibit.

Question # 8

Examine the partial debug output shown in the exhibit.

Question # 8

Which two statements about the debug output are true? (Choose1 two.)

Options:

A.

The LDAP DN search did not match any LDAP user.

B.

The credentials provided for student are correct.

C.

The Training-Lab LDAP server is configured to use regular bind.

D.

The connection to the Training-Lab LDAP server timed out.

Question 9

Refer to the exhibit

Question # 9

A device connected to port2 on FortiSwitch cannot access the network The port is assigned a security policy to enforce 802 1X authentication While troubleshooting the issue, the administrator obtains the debug output shown in the exhibit

Which two scenarios are likely to cause this issue? (Choose two.)

Options:

A.

The device is not configured for 802 IX authentication.

B.

The device has been quarantined for 3600 seconds.

C.

The device has been assigned the guest VLAN

D.

The device does not support 802 1X authentication

Question 10

Which two statements about the MAC-based 802 1X security mode available on FortiSwitch are true? (Choose two.)

Options:

A.

FortiSwitch authenticates a single device and opens the port to other devices connected to the port

B.

FortiSwitch authenticates each device connected to the port

C.

It cannot be used in conjunction with MAC authentication bypass

D.

FortiSwitch can grant different access levels to each device connected to the port

Question 11

An administrator is testing the connectivity for a new VLAN The devices in the VLAN are connected to a FortiSwitch device that is managed by FortiGate Quarantine is disabled on FortiGate

While testing the administrator noticed that devices can ping FortiGate and FortiGate can ping the devices The administrator also noticed that inter-VLAN communication works However intra-VLAN communication does not work

Which scenario is likely to cause this issue?

Options:

A.

Access VLAN is enabled on the VLAN

B.

The native VLAN configured on the ports is incorrect

C.

The FortiSwitch MAC address table is missing entries

D.

The FortiGate ARP table is missing entries

Question 12

Refer to the exhibits.

Question # 12

Examine the LDAP server configuration and output shown in the exhibits.

Question # 12

Note that the Distinguished Name and Username settings on the LDAP server configuration have been expanded to display their full contents.

An LDAP user named student cannot authenticate. While testing the student account, the administrator gets the CLI output shown in the exhibit.

According to the output, which FortiGate LDAP server settings must the administrator check?

Options:

A.

Distinguished Name

B.

Bind Type

C.

Common Name Identifier

D.

Username

Question 13

Which statement correctly describes the guest portal behavior on FortiAuthenticator?

Options:

A.

FortiAuthenticator uses POST parameters and a RADIUS client configuration to map the request to a guest portal for authentication.

B.

Sponsored accounts cannot authenticate using guest portals.

C.

All self-registered and sponsored accounts are listed on the local Users GUI page on FortiAuthenticator.

D.

All guest accounts must be activated using SMS or email activation codes.

Question 14

Refer to the exhibit.

Question # 14

An administrator wants to telnet into the S224EPTF19005867 switch over the FortiGate FortiLink interface.

Which configuration change should the administrator make?

Options:

A.

Enable telnet access on the FortiLink interface.

B.

On the default local-access profile, add telnet to the list of allowed protocols for mgmt-allowaccess.

C.

On the default local-access profile, add telnet to the list of allowed protocols for internal-allowaccess.

D.

Factory reset the switch to enable telnet access.

Question 15

Which EAP method requires the use of a digital certificate on both the server end and the client end?

Options:

A.

EAP-TTLS

B.

PEAP

C.

EAP-GTC

D.

EAP-TLS

Question 16

Refer to the exhibit.

Question # 16

The exhibit shows a network topology and SSID settings. FortiGate is configured to use an external captive portal.

However, wireless users are not able to see the captive portal login page.

Which configuration change should the administrator make to fix the problem?

Options:

A.

Remove the guest.portal user group in the firewall policy.

B.

Enable the captive-portal-exempt option in the firewall policy with the ID 10.

C.

Create a firewall policy to allow traffic from the Guest SSID to FortiAuthenticator and Windows AD devices.

D.

Add the FortiAuthenticator and WindowsAD address objects as exempt sources.

Question 17

Refer to the exhibit.

Question # 17

Examine the network diagram and packet capture shown in the exhibit

The packet capture was taken between FortiGate and FortiAuthenticator and shows a RADIUS Access-Request packet sent by FortiSwitch to FortiAuthenticator through FortiGate

Why does the User-Name attribute in the RADIUS Access-Request packet contain the client MAC address?

Options:

A.

The client is performing AD machine authentication

B.

FortiSwitch is authenticating the client using MAC authentication bypass

C.

The client is performing user authentication

D.

FortiSwitch is sending a RADIUS accounting message to FortiAuthenticator

Question 18

Refer to the exhibits.

Question # 18

The CLI output shows a FortiGate configuration supporting a remote AP in an employee's home. The employee requires access to resources located on the company network, including the database server and AD server. The employee is trying to print to a printer connected in their home, but is not able to.

Which two solutions would resolve the issue? (Choose two.)

Options:

A.

Configure the EmployeeHome VAP profile for local bridging using the command set local-bridging enable.

B.

Configure the EmployeeHome VAP profile to disable host isolation using the command set intra-vap-privacy disable.

C.

Configure the FAPU431F-EmployeeHome WTP profile to enable split tunneling to the AP subnet using the command set split-tunneling-acl-local-ap-subnet enable.

D.

Configure the FARU431F-EmployeeHome wtp-profile to add a split tunneling ACL with a destination subnet of 192.168.1.1/24, using the command set dest-ip 192.168.1.1/24.

Page: 1 / 6
Total 61 questions