CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE7_LED-7.0

Free NSE7_LED-7.0 Exam Braindumps (page: 2)

Page 1 of 10
PDF with 47 Questions

Refer to the exhibits


The exhibits show the wireless network (VAP) SSID profiles defined on FortiManager and an AP profile assigned to a group of APs that are supported by FortiGate None of the APs are broadcasting the SSlDs defined by the AP profile

Which changes do you need to make to enable the SSIDs to broadcast?

  1. In the SSIDs section enable Tunnel
  2. Enable one channel in the Channels section
  3. Enable multiple channels in the Channels section and enable Radio Resource Provision
  4. In the SSIDs section enable Manual and assign the networks manually

Answer(s): B

Explanation:

According to the FortiManager Administration Guide1, "To enable the SSID, you must select at least one channel for the radio. If no channels are selected, the SSID will not be enabled." Therefore, enabling one channel in the Channels section will allow the SSIDs to broadcast.



Which two statements about the guest portal on FortiAuthenticator are true? (Choose two.)

  1. Each remote user on FortiAuthenticator can sponsor up to 10 guest accounts
  2. Administrators must approve all guest accounts before they can be used
  3. The guest portal provides pre and post-log in services
  4. Administrators can use one or more incoming parameters to configure a mapping rule for the guest portal

Answer(s): C,D

Explanation:

According to the FortiAuthenticator Administration Guide2, "The guest portal provides pre and post- log in services for users (such as password reset and token registration abilities), and rules and replacement messages can be configured." Therefore, option C is true. The same guide also states that "Administrators can use one or more incoming parameters to configure a mapping rule for the guest portal." Therefore, option D is true. Option A is false because remote users can sponsor any number of guest accounts, as long as they do not exceed the maximum number of guest accounts allowed by the license. Option B is false because administrators can choose to approve or reject guest accounts, or enable auto-approval.



Refer to the exhibit.



Exhibit.



Refer to the exhibits
In the wireless configuration shown in the exhibits, an AP is deployed in a remote site and has a wireless network (VAP) called Corporate deployed to it The network is a tunneled network however clients connecting to a wireless network require access to a local printer Clients are trying to print to a printer on the remote site but are unable to do so Which configuration change is required to allow clients connected to the Corporate SSID to print locally?

  1. Configure split-tunneling in the vap configuration
  2. Configure split-tunneling in the wtp-profile configuration
  3. Disable the Block Intra-SSID Traffic (intra-vap-privacy) setting on the SSID (VAP) profile
  4. Configure the printer as a wireless client on the Corporate wireless network

Answer(s): A

Explanation:

According to the Fortinet documentation1, "Split tunneling allows you to specify which traffic is tunneled to the FortiGate and which traffic is sent directly to the Internet. This can improve performance and reduce bandwidth usage." Therefore, by configuring split-tunneling in the vap configuration, you can allow the clients connected to the Corporate SSID to access both the corporate network and the local printer. Option B is incorrect because split-tunneling is configured at the vap level, not the wtp-profile level. Option C is incorrect because blocking intra-SSID traffic prevents wireless clients on the same SSID from communicating with each other, which is not related to accessing a local printer. Option D is unnecessary and impractical because the printer does not need to be a wireless client on the Corporate wireless network to be accessible by the clients.



Refer to the exhibit.



Examine the FortiManager configuration and FortiGate CLI output shown in the exhibit An administrator is testing the NAC feature The test device is connected to a managed FortiSwitch device {S224EPTF19"537)onpOrt2
After applying the NAC policy on port2 and generating traffic on the test device the test device is not matching the NAC policy therefore the test device remains m the onboarding VLAN Based on the information shown in the exhibit which two scenarios are likely to cause this issue? (Choose two.)

  1. Management communication between FortiGate and FortiSwitch is down
  2. The MAC address configured on the NAC policy is incorrect
  3. The device operating system detected by FortiGate is not Linux
  4. Device detection is not enabled on VLAN 4089

Answer(s): A,B

Explanation:

According to the FortiManager configuration, the NAC policy is set to match devices with the MAC address of 00:0c:29:6a:2b:3c and the operating system of Linux. However, according to the FortiGate CLI output, the test device has a different MAC address of 00:0c:29:6a:2b:3d. Therefore, option B is true. Option A is also true because the FortiSwitch device status is shown as down, which means that the management communication between FortiGate and FortiSwitch is not working properly. This could prevent the NAC policy from being applied correctly. Option C is false because the device operating system detected by FortiGate is Linux, which matches the NAC policy. Option D is false because device detection is enabled on VLAN 4089, as shown by the command "config switch- controller vlan".






Post your Comments and Discuss Fortinet NSE7_LED-7.0 exam with other Community members:

NSE7_LED-7.0 Discussions & Posts