Pre-Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free and Premium Fortinet NSE7_LED-7.0 Dumps Questions Answers

Fortinet NSE 7 - LAN Edge 7.0 Questions and Answers

Question 1

Which EAP method requires the use of a digital certificate on both the server end and the client end?

Options:

A.

EAP-TTLS

B.

PEAP

C.

EAP-GTC

D.

EAP-TLS

Buy Now
Question 2

An administrator has configured an SSID in bridge mode for corporate employees All APs are online and provisioned using default AP profiles Employees are unable to locate the SSID to conned

Which two configurations can the administrator verify? (Choose two)

Options:

A.

Verify that the broadcast SSID option is enabled in the SSID configuration

B.

Verify that the Block Intra-SSID Traffic (intra-vap-privacy) option in the SSID configuration is disabled

C.

Verify that the SSID to an AP group that should be broadcasting the SSID is applied

D.

Verify that the SSID is manually applied on AP profiles for both 2 4 GHz and 5 GHz radios

Question 3

Which two pieces of information can the diagnose test authserver ldap command provide? (Choose two.)

Options:

A.

It displays whether the admin bind user credentials are correct

B.

It displays whether the user credentials are correct

C.

It displays the LDAP codes returned by the LDAP server

D.

It displays the LDAP groups found for the user

Question 4

Refer to the exhibits.

Examine the LDAP server configuration and output shown in the exhibits.

Note that the Distinguished Name and Username settings on the LDAP server configuration have been expanded to display their full contents.

An LDAP user named student cannot authenticate. While testing the student account, the administrator gets the CLI output shown in the exhibit.

According to the output, which FortiGate LDAP server settings must the administrator check?

Options:

A.

Distinguished Name

B.

Bind Type

C.

Common Name Identifier

D.

Username

Question 5

Refer to the exhibit.

Examine the FortiManager information shown in the exhibit

Which two statements about the FortiManager status are true'' (Choose two)

Options:

A.

FortiSwitch manager is working in per-device management mode

B.

FortiSwitch is not authorized

C.

FortiSwitch manager is working in central management mode

D.

FortiSwitch is authorized and offline

Question 6

Which three protocols are used for controlling FortiSwitch devices on FortiGate? (Choose three.)

Options:

A.

HTTPS

B.

CAPWAP

C.

IGMP

D.

FTP

E.

FortiLink

Question 7

Which two statements about the guest portal on FortiAuthenticator are true? (Choose two.)

Options:

A.

Each remote user on FortiAuthenticator can sponsor up to 10 guest accounts

B.

Administrators must approve all guest accounts before they can be used

C.

The guest portal provides pre and post-log in services

D.

Administrators can use one or more incoming parameters to configure a mapping rule for the guest portal

Question 8

Which two statements about the MAC-based 802 1X security mode available on FortiSwitch are true? (Choose two.)

Options:

A.

FortiSwitch authenticates a single device and opens the port to other devices connected to the port

B.

FortiSwitch authenticates each device connected to the port

C.

It cannot be used in conjunction with MAC authentication bypass

D.

FortiSwitch can grant different access levels to each device connected to the port

Question 9

Refer to the exhibit.

Examine the partial debug output shown in the exhibit.

Which two statements about the debug output are true? (Choose1 two.)

Options:

A.

The LDAP DN search did not match any LDAP user.

B.

The credentials provided for student are correct.

C.

The Training-Lab LDAP server is configured to use regular bind.

D.

The connection to the Training-Lab LDAP server timed out.

Question 10

Which two statements about the use of digital certificates are true? (Choose two.)

Options:

A.

A chain of trust may include one or more intermediate CAs.

B.

In a chain of trust, the root CA is signed by another certificate.

C.

To validate the signature on a certificate, an endpoint does not need to know the CA of that certificate.

D.

An intermediate CA can sign other certificates.

Question 11

When you configure a FortiAP wireless interface for auto TX power control which statement describes how it configures its transmission power"?

Options:

A.

Every 30 seconds the AP will measure the signal strength of the AP using the client The AP will adjust its signal strength up or down until the AP signal is detected at -70 dBm

B.

Every 30 seconds FortiGate measures the signal strength of adjacent AP interfaces It will adjust its own AP power to match the adjacent AP signal strength

C.

Every 30 seconds FortiGate measures the signal strength of adjacent FortiAP interfaces It will adjust the adjacent AP power to be detectable at -70 dBm

D.

Every 30 seconds FortiGate measures the signal strength of the weakest associated client The AP will then configure its radio power to match the detected signal strength of the client

Question 12

An administrator is deploying a new FortiGate device using zero-touch provisioning. Before deployment, the administrator added the FortiGate serial number on FortiManager and configured all the FortiGate settings FortiGate has a factory default configuration. However, when the administrator connects FortiGate to the network, FortiManager does not start the installation automatically. Which two scenarios are likely to cause this issue? (Choose two.)

Options:

A.

The serial number added on FortiManager does not match the FortiGate serial number.

B.

The DHCP server that serves FortiGate is not configured with options 240 and 241.

C.

Zero-touch provisioning is disabled on FortiManager.

D.

The pre-shared key set on FortiManager does not match the one set on FortiGate.

Question 13

Refer to the exhibit.

Examine the FortiGate configuration FortiAnalyzer logs and FortiGate widget shown in the exhibit

An administrator is testing the Security Fabric quarantine automation The administrator added FortiAnalyzer to the Security Fabric and configured an automation stitch to automatically quarantine compromised devices The test device (::.:.:.!) s connected to a managed Fort Switch dev :e

After trying to access a malicious website from the test device, the administrator verifies that FortiAnalyzer has a log (or the test connection However the device is not getting quarantined by FortiGate as shown in the quarantine widget

Which two scenarios are likely to cause this issue? (Choose two)

Options:

A.

The web filtering rating service is not working

B.

FortiAnalyzer does not have a valid threat detection services license

C.

The device does not have FortiClient installed

D.

FortiAnalyzer does not consider the malicious website an indicator of compromise (IOC)

Question 14

Which three FortiOS tools can you use to troubleshoot RADIUS authentication issues? (Choose three.)

Options:

A.

You can enable debug for the fssod process to view RADIUS authentication details.

B.

You can use the diagnose test authserver radius command to verify RADIUS server configuration, user credentials, and user group membership.

C.

You can check the Firewall Users widget to view the list of active RADIUS users.

D.

You can enable debug for the fnbamd process to view RADIUS authentication details.

E.

You can use the diagnose test application radiusd command to verify the RADIUS server configuration, user credentials, and user group membership.

Question 15

Refer to the exhibit

Examine the FortiGate RSSO configuration shown in the exhibit

FortiGate is configured to receive RADIUS accounting messages on port3 to authenticate RSSO users The users are located behind port3 and the internet link is connected to port1 FortiGate is processing incoming RADIUS accounting messages successfully and RSSO users are getting associated with the RSSO Group user group However all the users are able to access the internet, and the administrator wants to restrict internet access to RSSO users only

Which configuration change should the administrator make to fix the problem?

Options:

A.

Change the RADIUS Attribute Value selling to match the name of the RADIUS attribute containing the group membership information of the RSSO users

B.

Add RSSO Group to the firewall policy

C.

Enable Security Fabric Connection on port3

D.

Create a second firewall policy from port3 lo port1 and select the target destination subnets

Question 16

You are setting up an SSID (VAP) to perform RADlUS-authenticated dynamic VLAN allocation

Which three RADIUS attributes must be supplied by the RADIUS server to enable successful VLAN allocation'' (Choose three.)

Options:

A.

Tunnel-Private-Group-ID

B.

Tunnel-Pvt-Group-ID

C.

Tunnel-Preference

D.

Tunnel-Type

E.

Tunnel-Medium-Type

Question 17

Exhibit.

Refer to the exhibit showing a network topology and SSID settings.

FortiGate is configured to use an external captive portal However wireless users are not able to see the captive portal login page

Which configuration change should the administrator make to fix the problem?

Options:

A.

Enable NAT in the firewall policy with the ID 13.

B.

Add the FortiAuthenticator and WindowsAD address objects as exempt destinations services

C.

Enable the captive-portal-exempt option in the firewall policy with the ID 12

D.

Remove the guest.portal user group in the firewall policy with the ID 12

Question 18

An administrator is testing the connectivity for a new VLAN The devices in the VLAN are connected to a FortiSwitch device that is managed by FortiGate Quarantine is disabled on FortiGate

While testing the administrator noticed that devices can ping FortiGate and FortiGate can ping the devices The administrator also noticed that inter-VLAN communication works However intra-VLAN communication does not work

Which scenario is likely to cause this issue?

Options:

A.

Access VLAN is enabled on the VLAN

B.

The native VLAN configured on the ports is incorrect

C.

The FortiSwitch MAC address table is missing entries

D.

The FortiGate ARP table is missing entries