Black Friday Special - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

Hot Vendors

NSE7_LED-7.0 Fortinet NSE 7 - LAN Edge 7.0 Questions and Answers

Questions 4

Refer to the exhibit.

NSE7_LED-7.0 Question 4

Examine the FortiGate user group configuration and the Windows AD LDAP group membership information shown in the exhibit

FortiGate is configured to authenticate SSL VPN users against Windows AD using LDAP The administrator configured the SSL VPN user group for SSL VPN users However the administrator noticed that both the student and j smith users can connect to SSL VPN

Which change can the administrator make on FortiGate to restrict the SSL VPN service to the student user only?

Options:

A.

In the SSL VPN user group configuration set Group Nam© to CN-SSLVPN, CN="users, DC-trainingAD, DC-training, DC-lab

B.

In the SSL VPN user group configuration, change Name to cn=sslvpn, CN=users, DC=trainingAD, Detraining, DC-lab.

C.

In the SSL VPN user group configuration set Group Name to ::;=Domain users.CN-Users/DC=trainingAD, DC-training, DC=lab.

D.

In the SSL VPN user group configuration change Type to Fortinet Single Sign-On (FSSO)

Buy Now
Questions 5

An administrator is testing the connectivity for a new VLAN The devices in the VLAN are connected to a FortiSwitch device that is managed by FortiGate Quarantine is disabled on FortiGate

While testing the administrator noticed that devices can ping FortiGate and FortiGate can ping the devices The administrator also noticed that inter-VLAN communication works However intra-VLAN communication does not work

Which scenario is likely to cause this issue?

Options:

A.

Access VLAN is enabled on the VLAN

B.

The native VLAN configured on the ports is incorrect

C.

The FortiSwitch MAC address table is missing entries

D.

The FortiGate ARP table is missing entries

Buy Now
Questions 6

An administrator has configured an SSID in bridge mode for corporate employees All APs are online and provisioned using default AP profiles Employees are unable to locate the SSID to conned

Which two configurations can the administrator verify? (Choose two)

Options:

A.

Verify that the broadcast SSID option is enabled in the SSID configuration

B.

Verify that the Block Intra-SSID Traffic (intra-vap-privacy) option in the SSID configuration is disabled

C.

Verify that the SSID to an AP group that should be broadcasting the SSID is applied

D.

Verify that the SSID is manually applied on AP profiles for both 2 4 GHz and 5 GHz radios

Buy Now
Questions 7

Refer to the exhibit.

NSE7_LED-7.0 Question 7

Examine the RADIUS server configuration shown in the exhibit

An administrator has configured a RADIUS server on FortiGate that points to FortiAuthenticator FortiAuthenticator is acting as an authentication proxy and is configured to relay all authentication requests to a remote Windows AD server using LDAP

While testing the configuration the administrator noticed that the diagnosetest authserver command worked with PAP, however authentication requests failed when using MSCHAP2

Which two solutions can the administrator implement to get MSCHAP2 authentication to work'' (Choose two.)

Options:

A.

On FortiAuthenticator enable Windows Active Directory Domain Authentication to add FortiAuthenticator to the Windows domain

B.

On FortiGate configure the NAS IP setting on the RADIUS

server

C.

On FortiAuthenticator change the back-end authentication server from LDAP to RADIUS

D.

On FortiGate update the Secret setting on the RADIUS server

Buy Now
Questions 8

Refer to the exhibit.

NSE7_LED-7.0 Question 8

Examine the IPsec VPN phase 1 configuration shown in theexhibit

An administrator wants to use certificate-based authentication for an IPsec VPN user

Which three configuration changes must you make on FortiGate to perform certificate-based authentication for the IPsec VPN user? (Choose three)

Options:

A.

Create a PKI user for the IPsec VPN user, and then configure the IPsec VPN tunnel to accept the PKI user as peer

certificate

B.

In the Authentication section of the IPsec VPN tunnel in the Method drop-down list select Signature and then select the certificate that FortiGate will use for IPsec VPN

C.

In the IKE section of the IPsec VPN tunnel in the Mode field select Main (ID protection)

D.

Import the CA that signed the user certificate

E.

Enable XAUTH on the IPsec VPN tunnel

Buy Now
Questions 9

Refer to the exhibit.

NSE7_LED-7.0 Question 9

Examine the network diagram and packet capture shown in the exhibit

The packet capture was taken between FortiGate and FortiAuthenticator and shows a RADIUS Access-Request packet sent by FortiSwitch to FortiAuthenticator through FortiGate

Why does the User-Name attribute in the RADIUS Access-Request packet contain the client MAC address?

Options:

A.

The client is performing AD machine authentication

B.

FortiSwitch is authenticating the client using MAC authentication bypass

C.

The client is performing user authentication

D.

FortiSwitch is sending a RADIUS accounting message to FortiAuthenticator

Buy Now
Questions 10

Refer to the exhibits.

NSE7_LED-7.0 Question 10

Exhibit.

NSE7_LED-7.0 Question 10

Examine the troubleshooting outputs shown in the exhibits

Users have been reporting issues with the speed of their wireless connection in a particular part of the wireless network The interface that is having issues is the 2 4 GHz interface that is currently configured on channel 6

The administrator of the wireless network has investigated and surveyed the local RF environment using the tools available at the AP and FortiGate

Which configuration would improve the wireless connection?

Options:

A.

Change the AP 2 4 GHz channel to 11

B.

Change the AP 2 4 GHz channel to 1.

C.

Change the AP 2 4 GHz channel to 9.

D.

Change the AP 2 4 GHz channel to 13.

Buy Now
Questions 11

Which two pieces of information can the diagnose test authserver ldap command provide? (Choose two.)

Options:

A.

It displays whether the admin bind user credentials are correct

B.

It displays whether the user credentials are correct

C.

It displays the LDAP codes returned by the LDAP server

D.

It displays the LDAP groups found for the user

Buy Now
Exam Code: NSE7_LED-7.0
Exam Name: Fortinet NSE 7 - LAN Edge 7.0
Last Update: Nov 20, 2024
Questions: 37

PDF + Testing Engine

$49.5  $164.99

Testing Engine

$37.5  $124.99
buy now NSE7_LED-7.0 testing engine

PDF (Q&A)

$31.5  $104.99
buy now NSE7_LED-7.0 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 23 Nov 2024