Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE7_LED-7.0

Free Fortinet NSE7_LED-7.0 Exam Braindumps (page: 7)

Page 3 of 17
PDF with 61 Questions

Refer to the exhibit.



Examine the FortiManager information shown in the exhibit Which two statements about the FortiManager status are true'' (Choose two)

  1. FortiSwitch manager is working in per-device management mode
  2. FortiSwitch is not authorized
  3. FortiSwitch manager is working in central management mode
  4. FortiSwitch is authorized and offline

Answer(s): A,D



An administrator has configured an SSID in bridge mode for corporate employees All APs are online and provisioned using default AP profiles Employees are unable to locate the SSID to conned Which two configurations can the administrator verify? (Choose two)

  1. Verify that the broadcast SSID option is enabled in the SSID configuration
  2. Verify that the Block Intra-SSID Traffic (intra-vap-privacy) option in the SSID configuration is disabled
  3. Verify that the SSID to an AP group that should be broadcasting the SSID is applied
  4. Verify that the SSID is manually applied on AP profiles for both 2 4 GHz and 5 GHz radios

Answer(s): A,D

Explanation:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-enable-and-disable-broadcast- of-SSID/ta-p/191840



What is the purpose of enabling Windows Active Directory Domain Authentication on FortiAuthenticator?

  1. It enables FortiAuthenticator to use Windows administrator credentials to perform an LDAP lookup for a user search
  2. It enables FortiAuthenticator to use a Windows CA certificate when authenticating RADIUS users
  3. It enables FortiAuthenticator to import users from Windows AD
  4. It enables FortiAuthenticator to register itself as a Windows trusted device to proxy authentication using Kerberos

Answer(s): D

Explanation:

According to the FortiAuthenticator Administration Guide2, "Windows Active Directory domain authentication enables FortiAuthenticator to join a Windows Active Directory domain as a machine entity and proxy authentication requests using Kerberos." Therefore, option D is true because it describes the purpose of enabling Windows Active Directory domain authentication on FortiAuthenticator. Option A is false because FortiAuthenticator does not need Windows administrator credentials to perform an LDAP lookup for a user search. Option B is false because FortiAuthenticator does not use a Windows CA certificate when authenticating RADIUS users, but rather its own CA certificate. Option C is false because FortiAuthenticator does not import users from Windows AD, but rather synchronizes them using LDAP or FSSO.



Refer to the exhibits.



Firewall Policy



Examine the firewall policy configuration and SSID settings An administrator has configured a guest wireless network on FortiGate using the external captive portal The administrator has verified that the external captive portal URL is correct However wireless users are not able to see the captive portal login page Given the configuration shown in the exhibit and the SSID settings which configuration change should the administrator make to fix the problem?

  1. Disable the user group from the SSID configuration
  2. Enable the captivs-portal-exempt option in the firewall policy with the ID 11.
  3. Apply a guest.portal user group in the firewall policy with the ID 11.
  4. Include the wireless client subnet range in the Exempt Source section

Answer(s): C

Explanation:

According to the FortiGate Administration Guide, "To use an external captive portal, you must configure a user group that uses the external captive portal as the authentication method and apply it to a firewall policy." Therefore, option C is true because it will allow the wireless users to be redirected to the external captive portal URL when they try to access the Internet. Option A is false because disabling the user group from the SSID configuration will prevent the wireless users from being authenticated by the FortiGate device. Option B is false because enabling the captive-portal- exempt option in the firewall policy will bypass the captive portal authentication for the wireless users, which is not the desired outcome. Option D is false because including the wireless client subnet range in the Exempt Source section will also bypass the captive portal authentication for the wireless users, which is not the desired outcome.



Viewing page 7 of 17
Viewing questions 25 - 28 out of 61 questions



Post your Comments and Discuss Fortinet NSE7_LED-7.0 exam prep with other Community members:

NSE7_LED-7.0 Exam Discussions & Posts