Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Fortinet NSE7_LED-7.0 Fortinet NSE 7 - LAN Edge 7.0 Exam Practice Test

Demo: 18 questions
Total 61 questions

Fortinet NSE 7 - LAN Edge 7.0 Questions and Answers

Question 1

Refer to the exhibit.

Examine the LDAP server configuration shown in the exhibit Note that the Username setting has been expanded to display Its full content

On the Windows AD server 10.0.1.10, the administrator used dsquery. which returned the following output:

According to the output which FortiGate LDAP setting is configured incorrectly''

Options:

A.

Common Name Identifier

B.

Bind Type

C.

Distinguished Name

D.

Username

Question 2

Refer to the exhibit.

Examine the network diagram and packet capture shown in the exhibit

The packet capture was taken between FortiGate and FortiAuthenticator and shows a RADIUS Access-Request packet sent by FortiSwitch to FortiAuthenticator through FortiGate

Why does the User-Name attribute in the RADIUS Access-Request packet contain the client MAC address?

Options:

A.

The client is performing AD machine authentication

B.

FortiSwitch is authenticating the client using MAC authentication bypass

C.

The client is performing user authentication

D.

FortiSwitch is sending a RADIUS accounting message to FortiAuthenticator

Question 3

Refer to the exhibit.

Examine the FortiManager information shown in the exhibit

Which two statements about the FortiManager status are true'' (Choose two)

Options:

A.

FortiSwitch manager is working in per-device management mode

B.

FortiSwitch is not authorized

C.

FortiSwitch manager is working in central management mode

D.

FortiSwitch is authorized and offline

Question 4

An administrator is testing the connectivity for a new VLAN The devices in the VLAN are connected to a FortiSwitch device that is managed by FortiGate Quarantine is disabled on FortiGate

While testing the administrator noticed that devices can ping FortiGate and FortiGate can ping the devices The administrator also noticed that inter-VLAN communication works However intra-VLAN communication does not work

Which scenario is likely to cause this issue?

Options:

A.

Access VLAN is enabled on the VLAN

B.

The native VLAN configured on the ports is incorrect

C.

The FortiSwitch MAC address table is missing entries

D.

The FortiGate ARP table is missing entries

Question 5

Refer to the exhibit.

Examine the FortiGate logs, widget, and CLI output shown in the exhibit.

An administrator is testing the Security Fabric quarantine automation. The test device (10.0.2.2) is connected to a managed FortiSwitch device.

A few seconds after trying to access a malicious website from the test device, the test device can no longer access the internet and other VLANs in the network. However, the device is still able to access other devices in the same VLAN.

Based on the information shown in the exhibit, which modification should the administrator make to fix the problem?

Options:

A.

Configure a firewall policy on FortiGate to block the intra-VLAN traffic.

B.

Change the quarantine mode to by VLAN mode.

C.

Enable the access layer quarantine action on the Quarantine_Devices automation stitch.

D.

Change the quarantine mode to by redirect mode.

Question 6

Which two pieces of information can the diagnose test authserver ldap command provide? (Choose two.)

Options:

A.

It displays whether the admin bind user credentials are correct

B.

It displays whether the user credentials are correct

C.

It displays the LDAP codes returned by the LDAP server

D.

It displays the LDAP groups found for the user

Question 7

Refer to the exhibits

The exhibits show the wireless network (VAP) SSID profiles defined on FortiManager and an AP profile assigned to a group of APs that are supported by FortiGate

None of the APs are broadcasting the SSlDs defined by the AP profile

Which changes do you need to make to enable the SSIDs to broadcast?

Options:

A.

In the SSIDs section enable Tunnel

B.

Enable one channel in the Channels section

C.

Enable multiple channels in the Channels section and enable Radio Resource Provision

D.

In the SSIDs section enable Manual and assign the networks manually

Question 8

Exhibit.

Refer to the exhibit showing a network topology and SSID settings.

FortiGate is configured to use an external captive portal However wireless users are not able to see the captive portal login page

Which configuration change should the administrator make to fix the problem?

Options:

A.

Enable NAT in the firewall policy with the ID 13.

B.

Add the FortiAuthenticator and WindowsAD address objects as exempt destinations services

C.

Enable the captive-portal-exempt option in the firewall policy with the ID 12

D.

Remove the guest.portal user group in the firewall policy with the ID 12

Question 9

Refer to the exhibits.

In the WTP profile configuration shown in the exhibit, the AP profile is assigned to two FAP-320 APs that are installed in an open plan office.

The first AP has 32 clients associated with the 5 GHz radios and 22 clients associated with the 2.4 GHz radio. The second AP has 12 clients associated with the 5 GHz radios and 20 clients associated with the 2.4 GHz radio.

A dual-band-capable client enters the office near the first AP and the first AP measures the new client at -33 dBm signal strength. The second AP measures the new client at 2 -43 dBm signal strength.

If the new client attempts to connect to the corporate wireless network, with which AP radio will the client be associated?

Options:

A.

The second AP 2.4 GHz interface.

B.

The first AP 5 GHz interface.

C.

The second AP 5 GHz interface.

D.

The first AP 2.4 GHz interface.

Question 10

Which two statements about FortiSwitch manager are true1? (Choose two)

Options:

A.

Per-device management is the default management mode on FortiManager

B.

FortiManager obtains the FortiSwitch status information by querying the FortiGate REST API every three minutes

C.

If the administrator makes any changes on FortiSwitch manager they must also install those changes on FortiGate so that those changes are applied on the managed switches

D.

Any switch discovered or authorized on FortiGate must be added manually on FortiSwitch manager

Question 11

You are setting up an SSID (VAP) to perform RADlUS-authenticated dynamic VLAN allocation

Which three RADIUS attributes must be supplied by the RADIUS server to enable successful VLAN allocation'' (Choose three.)

Options:

A.

Tunnel-Private-Group-ID

B.

Tunnel-Pvt-Group-ID

C.

Tunnel-Preference

D.

Tunnel-Type

E.

Tunnel-Medium-Type

Question 12

Refer to the exhibit

Examine the sections of the configuration shown in the output

What action will FortiGate take when verifying the student certificate through OCSP?

Options:

A.

Reject the student certificate if the OCSP server replies that the student certificate status is unknown

B.

Not verify the OCSP server certificate

C.

Use the OCSP URL included in the student certificate to verify the student certificate

D.

Consider the student certificate status as valid if the OCSP server is unreachable

Question 13

Which three FortiOS tools can you use to troubleshoot RADIUS authentication issues? (Choose three.)

Options:

A.

You can enable debug for the fssod process to view RADIUS authentication details.

B.

You can use the diagnose test authserver radius command to verify RADIUS server configuration, user credentials, and user group membership.

C.

You can check the Firewall Users widget to view the list of active RADIUS users.

D.

You can enable debug for the fnbamd process to view RADIUS authentication details.

E.

You can use the diagnose test application radiusd command to verify the RADIUS server configuration, user credentials, and user group membership.

Question 14

Refer to the exhibit.

Examine the FortiGate configuration FortiAnalyzer logs and FortiGate widget shown in the exhibit

An administrator is testing the Security Fabric quarantine automation The administrator added FortiAnalyzer to the Security Fabric and configured an automation stitch to automatically quarantine compromised devices The test device (::.:.:.!) s connected to a managed Fort Switch dev :e

After trying to access a malicious website from the test device, the administrator verifies that FortiAnalyzer has a log (or the test connection However the device is not getting quarantined by FortiGate as shown in the quarantine widget

Which two scenarios are likely to cause this issue? (Choose two)

Options:

A.

The web filtering rating service is not working

B.

FortiAnalyzer does not have a valid threat detection services license

C.

The device does not have FortiClient installed

D.

FortiAnalyzer does not consider the malicious website an indicator of compromise (IOC)

Question 15

What is the purpose of enabling Windows Active Directory Domain Authentication on FortiAuthenticator?

Options:

A.

It enables FortiAuthenticator to use Windows administrator credentials to perform an LDAP lookup for a user search

B.

It enables FortiAuthenticator to use a Windows CA certificate when authenticating RADIUS users

C.

It enables FortiAuthenticator to import users from Windows AD

D.

It enables FortiAuthenticator to register itself as a Windows trusted device to proxy authentication using Kerberos

Question 16

An administrator is deploying a new FortiGate device using zero-touch provisioning. Before deployment, the administrator added the FortiGate serial number on FortiManager and configured all the FortiGate settings FortiGate has a factory default configuration. However, when the administrator connects FortiGate to the network, FortiManager does not start the installation automatically. Which two scenarios are likely to cause this issue? (Choose two.)

Options:

A.

The serial number added on FortiManager does not match the FortiGate serial number.

B.

The DHCP server that serves FortiGate is not configured with options 240 and 241.

C.

Zero-touch provisioning is disabled on FortiManager.

D.

The pre-shared key set on FortiManager does not match the one set on FortiGate.

Question 17

Refer to the exhibit.

Examine the partial debug output shown in the exhibit.

Which two statements about the debug output are true? (Choose1 two.)

Options:

A.

The LDAP DN search did not match any LDAP user.

B.

The credentials provided for student are correct.

C.

The Training-Lab LDAP server is configured to use regular bind.

D.

The connection to the Training-Lab LDAP server timed out.

Question 18

Refer to the exhibit.

Examine the RADIUS server configuration shown in the exhibit

An administrator has configured a RADIUS server on FortiGate that points to FortiAuthenticator FortiAuthenticator is acting as an authentication proxy and is configured to relay all authentication requests to a remote Windows AD server using LDAP

While testing the configuration the administrator noticed that the diagnose test authserver command worked with PAP, however authentication requests failed when using MSCHAP2

Which two solutions can the administrator implement to get MSCHAP2 authentication to work'' (Choose two.)

Options:

A.

On FortiAuthenticator enable Windows Active Directory Domain Authentication to add FortiAuthenticator to the Windows domain

B.

On FortiGate configure the NAS IP setting on the RADIUSserver

C.

On FortiAuthenticator change the back-end authentication server from LDAP to RADIUS

D.

On FortiGate update the Secret setting on the RADIUS server

Demo: 18 questions
Total 61 questions