Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

  1. Home
  2. Fortinet
  3. Fortinet Certification
  4. NSE7_LED-7.0 - Fortinet NSE 7 - LAN Edge 7.0

NSE7_LED-7.0 Exam Dumps - Fortinet NSE 7 - LAN Edge 7.0

Go to page:
Question # 9

You are configuring a FortiGate wireless network to support automated wireless client quarantine using IOC Which two configurations must you put in place for a wireless client to be quarantined successfully? (Choose two)

A.

Configure the wireless network to be in tunnel mode

B.

Configure the FortiGate device in the Security Fabric with a FortiAnalyzer device

C.

Configure a firewall policy to allow communication

D.

Configure the wireless network to be in bridge mode

Full Access
Question # 10

An administrator is deploying a new FortiGate device using zero-touch provisioning. Before deployment, the administrator added the FortiGate serial number on FortiManager and configured all the FortiGate settings FortiGate has a factory default configuration. However, when the administrator connects FortiGate to the network, FortiManager does not start the installation automatically. Which two scenarios are likely to cause this issue? (Choose two.)

A.

The serial number added on FortiManager does not match the FortiGate serial number.

B.

The DHCP server that serves FortiGate is not configured with options 240 and 241.

C.

Zero-touch provisioning is disabled on FortiManager.

D.

The pre-shared key set on FortiManager does not match the one set on FortiGate.

Full Access
Question # 11

An administrator is deploying AP's that are connecting over an IPsec network. All APs have been configured to connect to FortiGate manually. FortiGate can discover the APs and authorize them. However, FortiGate is unable to establish CAPWAP tunnels to manage the APs.

Which configuration setting can the administrator perform to resolve the problem?

A.

Upgrade the FortiAP firmware image to ensure compatibility with the FortiOS version.

B.

Decrease the CAPWAP tunnel MTU size for APs to prevent fragmentation.

C.

Enable CAPWAP administrative access on the IPsec interface.

D.

Assign a custom AP profile for the remote APs with the set mpls-connection option enabled.

Full Access
Question # 12

Refer to the exhibits.

Examine the debug output and the SSL VPN configuration shown in the exhibits.

An administrator has configured SSL VPN on FortiGate. To improve security, the administrator enabled Required Client Certificate on the SSL VPN configuration page. However, a user is unable to successfully authenticate to SSL VPN.

Which configuration change should the administrator make to fix the problem?

A.

Enable Redirect HTTP to SSL-VPN on the SSL VPN configuration page.

B.

Import the CA that signed the SSL VPN Server Certificate to FortiGate.

C.

Set the user certificate as the Server Certificate on the SSL VPN configuration page.

D.

Import the CA that signed the user certificate to FortiGate.

Full Access
Question # 13

An administrator has deployed multiple dual-band wireless APs in a wireless network. APs are installed at measured distances to ensure fast roaming for the clients. Multiple 2.4 GHz-only wireless clients are connecting to the network, and subsequent monitoring shows that individual AP 2.4 GHz interfaces are being overloaded with wireless connections.

Which configuration change would best resolve the overloading issue?

A.

Configure load balancing AP handoff on both AP interfaces on all Aps.

B.

Configure a client limit on all AP 2.4 GHz interfaces.

C.

Configure load balancing frequency handoff on both AP interfaces.

D.

Configure load balancing AP handoff on only the 2.4 GHz interfaces of all APs.

Full Access
Question # 14

Refer to the exhibits.

Examine the LDAP server configuration and output shown in the exhibits.

Note that the Distinguished Name and Username settings on the LDAP server configuration have been expanded to display their full contents.

An LDAP user named student cannot authenticate. While testing the student account, the administrator gets the CLI output shown in the exhibit.

According to the output, which FortiGate LDAP server settings must the administrator check?

A.

Distinguished Name

B.

Bind Type

C.

Common Name Identifier

D.

Username

Full Access
Question # 15

Which two statements about the use of digital certificates are true? (Choose two.)

A.

A chain of trust may include one or more intermediate CAs.

B.

In a chain of trust, the root CA is signed by another certificate.

C.

To validate the signature on a certificate, an endpoint does not need to know the CA of that certificate.

D.

An intermediate CA can sign other certificates.

Full Access
Question # 16

Refer to the exhibit.

Examine the FortiGate user group configuration and the Windows AD LDAP group membership information shown in the exhibit

FortiGate is configured to authenticate SSL VPN users against Windows AD using LDAP The administrator configured the SSL VPN user group for SSL VPN users However the administrator noticed that both the student and j smith users can connect to SSL VPN

Which change can the administrator make on FortiGate to restrict the SSL VPN service to the student user only?

A.

In the SSL VPN user group configuration set Group Nam© to CN-SSLVPN, CN="users, DC-trainingAD, DC-training, DC-lab

B.

In the SSL VPN user group configuration, change Name to cn=sslvpn, CN=users, DC=trainingAD, Detraining, DC-lab.

C.

In the SSL VPN user group configuration set Group Name to ::;=Domain users.CN-Users/DC=trainingAD, DC-training, DC=lab.

D.

In the SSL VPN user group configuration change Type to Fortinet Single Sign-On (FSSO)

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps