New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Fortinet NSE7_LED-7.0 Dumps Questions Answers

Fortinet NSE 7 - LAN Edge 7.0 Questions and Answers

Question 1

You are setting up an SSID (VAP) to perform RADlUS-authenticated dynamic VLAN allocation

Which three RADIUS attributes must be supplied by the RADIUS server to enable successful VLAN allocation'' (Choose three.)

Options:

A.

Tunnel-Private-Group-ID

B.

Tunnel-Pvt-Group-ID

C.

Tunnel-Preference

D.

Tunnel-Type

E.

Tunnel-Medium-Type

Buy Now
Question 2

Refer to the exhibits.

Exhibit.

Examine the troubleshooting outputs shown in the exhibits

Users have been reporting issues with the speed of their wireless connection in a particular part of the wireless network The interface that is having issues is the 2 4 GHz interface that is currently configured on channel 6

The administrator of the wireless network has investigated and surveyed the local RF environment using the tools available at the AP and FortiGate

Which configuration would improve the wireless connection?

Options:

A.

Change the AP 2 4 GHz channel to 11

B.

Change the AP 2 4 GHz channel to 1.

C.

Change the AP 2 4 GHz channel to 9.

D.

Change the AP 2 4 GHz channel to 13.

Question 3

Refer to the exhibit.

Examine the network diagram and packet capture shown in the exhibit

The packet capture was taken between FortiGate and FortiAuthenticator and shows a RADIUS Access-Request packet sent by FortiSwitch to FortiAuthenticator through FortiGate

Why does the User-Name attribute in the RADIUS Access-Request packet contain the client MAC address?

Options:

A.

The client is performing AD machine authentication

B.

FortiSwitch is authenticating the client using MAC authentication bypass

C.

The client is performing user authentication

D.

FortiSwitch is sending a RADIUS accounting message to FortiAuthenticator

Question 4

Refer to the exhibit.

Examine the LDAP server configuration shown in the exhibit Note that the Username setting has been expanded to display Its full content

On the Windows AD server 10.0.1.10, the administrator used dsquery. which returned the following output:

According to the output which FortiGate LDAP setting is configured incorrectly''

Options:

A.

Common Name Identifier

B.

Bind Type

C.

Distinguished Name

D.

Username

Question 5

Which EAP method requires the use of a digital certificate on both the server end and the client end?

Options:

A.

EAP-TTLS

B.

PEAP

C.

EAP-GTC

D.

EAP-TLS

Question 6

An administrator is testing the connectivity for a new VLAN The devices in the VLAN are connected to a FortiSwitch device that is managed by FortiGate Quarantine is disabled on FortiGate

While testing the administrator noticed that devices can ping FortiGate and FortiGate can ping the devices The administrator also noticed that inter-VLAN communication works However intra-VLAN communication does not work

Which scenario is likely to cause this issue?

Options:

A.

Access VLAN is enabled on the VLAN

B.

The native VLAN configured on the ports is incorrect

C.

The FortiSwitch MAC address table is missing entries

D.

The FortiGate ARP table is missing entries

Question 7

Refer to the exhibit.

Examine the debug output shown in the exhibit

Which two statements about the RADIUS debug output are true'' (Choose two)

Options:

A.

The user student belongs to the SSLVPN group

B.

User authentication failed

C.

The RADIUS server sent a vendor-specific attribute in the RADIUS response

D.

User authentication succeeded using MSCHAP

Question 8

Which FortiSwitch VLANs are automatically created on FortGate when the first FortiSwitch device is discovered1?

Options:

A.

default quarantine, rspan voice video onboarding and nac_segment

B.

access, quarantine, rspan. voice, video, and onboarding

C.

default quarantine rspan voice video and nac_segment

D.

fortilink. quarantine erspan voice video and onboarding

Question 9

When you configure a FortiAP wireless interface for auto TX power control which statement describes how it configures its transmission power"?

Options:

A.

Every 30 seconds the AP will measure the signal strength of the AP using the client The AP will adjust its signal strength up or down until the AP signal is detected at -70 dBm

B.

Every 30 seconds FortiGate measures the signal strength of adjacent AP interfaces It will adjust its own AP power to match the adjacent AP signal strength

C.

Every 30 seconds FortiGate measures the signal strength of adjacent FortiAP interfaces It will adjust the adjacent AP power to be detectable at -70 dBm

D.

Every 30 seconds FortiGate measures the signal strength of the weakest associated client The AP will then configure its radio power to match the detected signal strength of the client

Question 10

Refer to the exhibit.

Examine the RADIUS server configuration shown in the exhibit

An administrator has configured a RADIUS server on FortiGate that points to FortiAuthenticator FortiAuthenticator is acting as an authentication proxy and is configured to relay all authentication requests to a remote Windows AD server using LDAP

While testing the configuration the administrator noticed that the diagnosetest authserver command worked with PAP, however authentication requests failed when using MSCHAP2

Which two solutions can the administrator implement to get MSCHAP2 authentication to work'' (Choose two.)

Options:

A.

On FortiAuthenticator enable Windows Active Directory Domain Authentication to add FortiAuthenticator to the Windows domain

B.

On FortiGate configure the NAS IP setting on the RADIUS

server

C.

On FortiAuthenticator change the back-end authentication server from LDAP to RADIUS

D.

On FortiGate update the Secret setting on the RADIUS server

Question 11

Refer to the exhibits.

Firewall Policy

Examine the firewall policy configuration and SSID settings

An administrator has configured a guest wireless network on FortiGate using the external captive portal The administrator has verified that the external captive portal URL is correct However wireless users are not able to see the captive portal login page

Given the configuration shown in the exhibit and the SSID settings which configuration change should the administrator make to fix the problem?

Options:

A.

Disable the user group from the SSID configuration

B.

Enable the captivs-portal-exempt option in the firewall policy with the ID 11.

C.

Apply a guest.portal user group in the firewall policy with the ID 11.

D.

Include the wireless client subnet range in the Exempt Source section

Exam Detail
Vendor: Fortinet
Certification: Fortinet Certification
Exam Code: NSE7_LED-7.0
Last Update: Dec 21, 2024
NSE7_LED-7.0 Question Answers