Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Fortinet NSE7_LED-7.0 - Fortinet NSE 7 - LAN Edge 7.0

Fortinet NSE7_LED-7.0 Premium Access     Download Demo    
Page: 1 / 2
Total 61 questions

Refer to the exhibit.

Examine the FortiGate user group configuration and the Windows AD LDAP group membership information shown in the exhibit

FortiGate is configured to authenticate SSL VPN users against Windows AD using LDAP The administrator configured the SSL VPN user group for SSL VPN users However the administrator noticed that both the student and j smith users can connect to SSL VPN

Which change can the administrator make on FortiGate to restrict the SSL VPN service to the student user only?

A.

In the SSL VPN user group configuration set Group Nam© to CN-SSLVPN, CN="users, DC-trainingAD, DC-training, DC-lab

B.

In the SSL VPN user group configuration, change Name to cn=sslvpn, CN=users, DC=trainingAD, Detraining, DC-lab.

C.

In the SSL VPN user group configuration set Group Name to ::;=Domain users.CN-Users/DC=trainingAD, DC-training, DC=lab.

D.

In the SSL VPN user group configuration change Type to Fortinet Single Sign-On (FSSO)

Refer to the exhibits

The exhibits show the wireless network (VAP) SSID profiles defined on FortiManager and an AP profile assigned to a group of APs that are supported by FortiGate

None of the APs are broadcasting the SSlDs defined by the AP profile

Which changes do you need to make to enable the SSIDs to broadcast?

A.

In the SSIDs section enable Tunnel

B.

Enable one channel in the Channels section

C.

Enable multiple channels in the Channels section and enable Radio Resource Provision

D.

In the SSIDs section enable Manual and assign the networks manually

Which CLI command should an administrator use to view the certificate verification process in real time?

A.

diagnose debug application foauthd -1

B.

diagnose debug application radiusd -1

C.

diagnose debug application authd -1

D.

diagnose debug application fnbamd -1

Refer to the exhibit

Examine the sections of the configuration shown in the output

What action will FortiGate take when verifying the student certificate through OCSP?

A.

Reject the student certificate if the OCSP server replies that the student certificate status is unknown

B.

Not verify the OCSP server certificate

C.

Use the OCSP URL included in the student certificate to verify the student certificate

D.

Consider the student certificate status as valid if the OCSP server is unreachable

Exhibit.

Exhibit.

Refer to the exhibits

In the wireless configuration shown in the exhibits, an AP is deployed in a remote site and has a wireless network (VAP) called Corporate deployed to it

The network is a tunneled network however clients connecting to a wireless network require access to a local printer Clients are trying to print to a printer on the remote site but are unable to do so

Which configuration change is required to allow clients connected to the Corporate SSID to print locally?

A.

Configure split-tunneling in the vap configuration

B.

Configure split-tunneling in the wtp-profile configuration

C.

Disable the Block Intra-SSID Traffic (intra-vap-privacy) setting on the SSID (VAP) profile

D.

Configure the printer as a wireless client on the Corporate wireless network

Refer to the exhibit.

Examine the FortiGate RSSO configuration shown in the exhibit.

FortiGate is configured to receive RADIUS accounting messages on port3 to authenticate RSSO users. The incoming RADIUS accounting messages contain the username and group membership information in the User-Name and Class RADIUS attributes, respectively.

Which three settings must you configure onFortiGate to successfully authenticate RSSO users and matchthem to the existing RSSO user groups? (Choose three)

A.

The rasc-endpoint-attribute CLI setting in the RSSO agent configuration should be set to User-Name.

B.

Device detection and Security Fabric Connection should be enabled on port3.

C.

The RADIUS Attribute Value setting configured for an RSSO user group should match the Class RADIUS attribute value in the RADIUS accounting message.

D.

RSSO user groups should be assigned to all firewall policies.

E.

The sso-attribute CLI setting in the RSSO agent configuration should be set to Class.

What is the purpose of enabling Windows Active Directory Domain Authentication on FortiAuthenticator?

A.

It enables FortiAuthenticator to use Windows administrator credentials to perform an LDAP lookup for a user search

B.

It enables FortiAuthenticator to use a Windows CA certificate when authenticating RADIUS users

C.

It enables FortiAuthenticator to import users from Windows AD

D.

It enables FortiAuthenticator to register itself as a Windows trusted device to proxy authentication using Kerberos

Wireless guest users are unable to authenticate because they are getting a certificate error while loading the captive portal login page. This URL string is the HTTPS POST URL guest wireless users see when attempting to access the network using the web browser

Which two settings are the likely causes of the issue? (Choose two.)

A.

The external server FQDN is incorrect

B.

The wireless user's browser is missing a CA certificate

C.

The FortiGate authentication interface address is using HTTPS

D.

The user address is not in DDNS form

Refer to the exhibits.

The CLI output shows a FortiGate configuration supporting a remote AP in an employee's home. The employee requires access to resources located on the company network, including the database server and AD server. The employee is trying to print to a printer connected in their home, but is not able to.

Which two solutions would resolve the issue? (Choose two.)

A.

Configure the EmployeeHome VAP profile for local bridging using the command set local-bridging enable.

B.

Configure the EmployeeHome VAP profile to disable host isolation using the command set intra-vap-privacy disable.

C.

Configure the FAPU431F-EmployeeHome WTP profile to enable split tunneling to the AP subnet using the command set split-tunneling-acl-local-ap-subnet enable.

D.

Configure the FARU431F-EmployeeHome wtp-profile to add a split tunneling ACL with a destination subnet of 192.168.1.1/24, using the command set dest-ip 192.168.1.1/24.

An administrator is deploying a new FortiGate device using zero-touch provisioning. Before deployment, the administrator added the FortiGate serial number on FortiManager and configured all the FortiGate settings FortiGate has a factory default configuration. However, when the administrator connects FortiGate to the network, FortiManager does not start the installation automatically. Which two scenarios are likely to cause this issue? (Choose two.)

A.

The serial number added on FortiManager does not match the FortiGate serial number.

B.

The DHCP server that serves FortiGate is not configured with options 240 and 241.

C.

Zero-touch provisioning is disabled on FortiManager.

D.

The pre-shared key set on FortiManager does not match the one set on FortiGate.