Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Examstrust Logo
examstrust mcafee
  1. Home
  2. Fortinet
  3. Fortinet Certification
  4. NSE7_LED-7.0 - Fortinet NSE 7 - LAN Edge 7.0

Fortinet NSE7_LED-7.0 Fortinet NSE 7 - LAN Edge 7.0 Exam Practice Test

Page: 1 / 6
Total 61 questions
Get NSE7_LED-7.0 Full Access Download NSE7_LED-7.0 PDF

Fortinet NSE 7 - LAN Edge 7.0 Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99
Add to Cart

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$52.5  $174.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Add to Cart
Question 1

Refer to the exhibit

Examine the sections of the configuration shown in the output

What action will FortiGate take when verifying the student certificate through OCSP?

Options:

A.

Reject the student certificate if the OCSP server replies that the student certificate status is unknown

B.

Not verify the OCSP server certificate

C.

Use the OCSP URL included in the student certificate to verify the student certificate

D.

Consider the student certificate status as valid if the OCSP server is unreachable

Question 2

Which CLI command should an administrator use to view the certificate verification process in real time?

Options:

A.

diagnose debug application foauthd -1

B.

diagnose debug application radiusd -1

C.

diagnose debug application authd -1

D.

diagnose debug application fnbamd -1

Question 3

Refer to the exhibit.

Examine the debug output shown in the exhibit

Which two statements about the RADIUS debug output are true'' (Choose two)

Options:

A.

The user student belongs to the SSLVPN group

B.

User authentication failed

C.

The RADIUS server sent a vendor-specific attribute in the RADIUS response

D.

User authentication succeeded using MSCHAP

Question 4

An administrator has deployed multiple dual-band wireless APs in a wireless network. APs are installed at measured distances to ensure fast roaming for the clients. Multiple 2.4 GHz-only wireless clients are connecting to the network, and subsequent monitoring shows that individual AP 2.4 GHz interfaces are being overloaded with wireless connections.

Which configuration change would best resolve the overloading issue?

Options:

A.

Configure load balancing AP handoff on both AP interfaces on all Aps.

B.

Configure a client limit on all AP 2.4 GHz interfaces.

C.

Configure load balancing frequency handoff on both AP interfaces.

D.

Configure load balancing AP handoff on only the 2.4 GHz interfaces of all APs.

Question 5

Refer to the exhibit.

Examine the LDAP server configuration shown in the exhibit Note that the Username setting has been expanded to display Its full content

On the Windows AD server 10.0.1.10, the administrator used dsquery. which returned the following output:

According to the output which FortiGate LDAP setting is configured incorrectly''

Options:

A.

Common Name Identifier

B.

Bind Type

C.

Distinguished Name

D.

Username

Question 6

Exhibit.

Refer to the exhibit showing a network topology and SSID settings.

FortiGate is configured to use an external captive portal However wireless users are not able to see the captive portal login page

Which configuration change should the administrator make to fix the problem?

Options:

A.

Enable NAT in the firewall policy with the ID 13.

B.

Add the FortiAuthenticator and WindowsAD address objects as exempt destinations services

C.

Enable the captive-portal-exempt option in the firewall policy with the ID 12

D.

Remove the guest.portal user group in the firewall policy with the ID 12

Question 7

Refer to the exhibits.

Exhibit.

Examine the troubleshooting outputs shown in the exhibits

Users have been reporting issues with the speed of their wireless connection in a particular part of the wireless network The interface that is having issues is the 2 4 GHz interface that is currently configured on channel 6

The administrator of the wireless network has investigated and surveyed the local RF environment using the tools available at the AP and FortiGate

Which configuration would improve the wireless connection?

Options:

A.

Change the AP 2.4 GHz channel to 11

B.

Change the AP 2.4 GHz channel to 1.

C.

Change the AP 2.4 GHz channel to 9.

D.

Change the AP 2.4 GHz channel to 13.

Question 8

Refer to the exhibit.

Examine the FortiSwitch security policy shown in the exhibit

If the security profile shown in the exhibit is assigned to all ports on a FortiSwitch device for 802 1X authentication which statement about the switch is correct?

Options:

A.

FortiSwitch cannot authenticate multiple devices connected to the same port

B.

FortiSwitch will try to authenticate non-802 1X devices using the device MAC address as the username and password

C.

FortiSwitch will assign non-802 1X devices to the onboarding VLAN

D.

All EAP messages will be terminated on FortiSwitch

Question 9

Refer to the exhibits.

The CLI output shows a FortiGate configuration supporting a remote AP in an employee's home. The employee requires access to resources located on the company network, including the database server and AD server. The employee is trying to print to a printer connected in their home, but is not able to.

Which two solutions would resolve the issue? (Choose two.)

Options:

A.

Configure the EmployeeHome VAP profile for local bridging using the command set local-bridging enable.

B.

Configure the EmployeeHome VAP profile to disable host isolation using the command set intra-vap-privacy disable.

C.

Configure the FAPU431F-EmployeeHome WTP profile to enable split tunneling to the AP subnet using the command set split-tunneling-acl-local-ap-subnet enable.

D.

Configure the FARU431F-EmployeeHome wtp-profile to add a split tunneling ACL with a destination subnet of 192.168.1.1/24, using the command set dest-ip 192.168.1.1/24.

Question 10

Refer to the exhibit

Examine the FortiGate RSSO configuration shown in the exhibit

FortiGate is configured to receive RADIUS accounting messages on port3 to authenticate RSSO users The users are located behind port3 and the internet link is connected to port1 FortiGate is processing incoming RADIUS accounting messages successfully and RSSO users are getting associated with the RSSO Group user group However all the users are able to access the internet, and the administrator wants to restrict internet access to RSSO users only

Which configuration change should the administrator make to fix the problem?

Options:

A.

Change the RADIUS Attribute Value selling to match the name of the RADIUS attribute containing the group membership information of the RSSO users

B.

Add RSSO Group to the firewall policy

C.

Enable Security Fabric Connection on port3

D.

Create a second firewall policy from port3 lo port1 and select the target destination subnets

Question 11

Refer to the exhibits showing AP monitoring information.

The exhibits show the status of an AP in a small office building. The building is located at the edge of a campus, and users are reporting issues with wireless network performance.

Which configuration change would best improve the wireless network performance?

Options:

A.

Select an alternative channel for the 5 GHz interface.

B.

Disable lower data rates on the 5 GHz interface.

C.

Enable band steering on the AP.

D.

Relocate the AP to be closer to the clients.

Question 12

To troubleshoot configuration push issues on a managed FortiSwitch, which FortiGate process should an administrator enable debug for?

Options:

A.

httpsd

B.

cu_acd

C.

fortilinkd

D.

flcfgd

Question 13

Which three protocols are used for controlling FortiSwitch devices on FortiGate? (Choose three.)

Options:

A.

HTTPS

B.

CAPWAP

C.

IGMP

D.

FTP

E.

FortiLink

Question 14

Which CLI command should an administrator use on FortiGate to view the RSSO authentication process in real time?

Options:

A.

diagnose debug application fnbamd -1

B.

diagnose debug application authd -1

C.

diagnose debug application radiusd -1

D.

diagnose debug application foauthd -1

Question 15

Refer to the exhibit.

Examine the FortiGate configuration FortiAnalyzer logs and FortiGate widget shown in the exhibit

An administrator is testing the Security Fabric quarantine automation The administrator added FortiAnalyzer to the Security Fabric and configured an automation stitch to automatically quarantine compromised devices The test device (::.:.:.!) s connected to a managed Fort Switch dev :e

After trying to access a malicious website from the test device, the administrator verifies that FortiAnalyzer has a log (or the test connection However the device is not getting quarantined by FortiGate as shown in the quarantine widget

Which two scenarios are likely to cause this issue? (Choose two)

Options:

A.

The web filtering rating service is not working

B.

FortiAnalyzer does not have a valid threat detection services license

C.

The device does not have FortiClient installed

D.

FortiAnalyzer does not consider the malicious website an indicator of compromise (IOC)

Question 16

Refer to the exhibits.

Examine the VAP configuration and the Wi-Fi zones table shown in the exhibits.

Which two statements describe the FortiGate behavior regarding assignment of VLANs to wireless clients? (Choose two.)

Options:

A.

FortiGate will load balance clients using VLAN 101 and VLAN 102 and assign them an IP address from the 10.0.3.0/24 subnet.

B.

Clients connecting to APs in the Office group will be assigned to VLAN 102.

C.

All clients connecting to the Corp SSID will receive an IP address from the 10.0.3.1/24 subnet.

D.

Clients connecting to APs in the Floor group will not be able to receive an IP address.

Question 17

Refer to the exhibit.

Examine the FortiGate RSSO configuration shown in the exhibit.

FortiGate is configured to receive RADIUS accounting messages on port3 to authenticate RSSO users. The incoming RADIUS accounting messages contain the username and group membership information in the User-Name and Class RADIUS attributes, respectively.

Which three settings must you configure onFortiGate to successfully authenticate RSSO users and matchthem to the existing RSSO user groups? (Choose three)

Options:

A.

The rasc-endpoint-attribute CLI setting in the RSSO agent configuration should be set to User-Name.

B.

Device detection and Security Fabric Connection should be enabled on port3.

C.

The RADIUS Attribute Value setting configured for an RSSO user group should match the Class RADIUS attribute value in the RADIUS accounting message.

D.

RSSO user groups should be assigned to all firewall policies.

E.

The sso-attribute CLI setting in the RSSO agent configuration should be set to Class.

Question 18

Refer to the exhibits.

An administrator has configured FortiGate with an SSID (Corp) with dynamic VLAN assignment, and also configured a RADIUS server to send IETF 64, IETF 65, and IETF 81 VSAs.

The administrator has verified that the RADIUS server is sending all the required information to FortiGate. However, FortiGate is not assigning correct VLANs to the wireless clients.

What is causing the problem?

Options:

A.

Wireless clients must be assigned an IP address from the 10.0.3.0/24 subnet.

B.

The RADIUS server must send the framed-ip attribute to assign wireless clients an IP address.

C.

The administrator must define the corresponding VLANs that are sent by the RADIUS server.

D.

The administrator must configure a firewall policy to allow wireless clients to communicate with the RADIUS server.

Load More NSE7_LED-7.0 Questions
Page: 1 / 6
Total 61 questions
Get NSE7_LED-7.0 Full Access Download NSE7_LED-7.0 PDF