nse7_led-70

Here you have the best Fortinet nse7_led-70 practice exam questions

  • You have 37 total questions to study from
  • Each page has 5 questions, making a total of 8 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on November 3, 2024
Question 1 of 37

Refer to the exhibit.

Examine the FortiGate user group configuration and the Windows AD LDAP group membership information shown in the exhibit.

FortiGate is configured to authenticate SSL VPN users against Windows AD using LDAP. The administrator configured the SSL VPN user group for SSL VPN users. However, the administrator noticed that both the t and student and jsmith users can connect to SSL VPN.

Which change can the administrator make on FortiGate to restrict the SSL VPN service to the student user only?

    Correct Answer: A

    In a FortiGate SSL VPN user group configuration, to restrict access to a specific LDAP group, you need to ensure that the remote group mapping matches exactly the group intended for access control. Setting the Group Name to CN=SSLVPN,CN=Users,DC=trainingAD,DC=training,DC=lab ensures that only users belonging to the SSLVPN group in the LDAP directory will be authenticated for SSL VPN access. This excludes other users who are not part of this specific group, achieving the desired restriction.

Question 2 of 37

Refer to the exhibits.

Examine the firewall policy configuration and SSID settings.

An administrator has configured a guest wireless network on FortiGate using the external captive portal. The administrator has verified that the external captive portal URL is correct. However, wireless users are not able to see the captive portal login page.

Given the configuration shown in the exhibit and the SSID settings, which configuration change should the administrator make to fix the problem?

    Correct Answer: D

    The administrator should include the wireless client subnet range in the Exempt Source section. This ensures that traffic from the wireless clients is allowed to access the external captive portal, enabling them to see the login page. This configuration bypasses the normal authentication process for the captive portal web traffic, which is essential for the users to be able to access and view the captive portal login page.

Question 3 of 37

Which two statements about the MAC-based 802.1X security mode available on FortiSwitch are true? (Choose two.)

    Correct Answer: B, D

    FortiSwitch authenticates each device connected to the port because in MAC-based 802.1X security mode, authentication happens at the device level rather than the port level, which ensures that each device connected via the port is individually authenticated. Additionally, FortiSwitch can grant different access levels to each device connected to the port, allowing for flexible and granular control over network access based on the credentials provided by each authenticated device.

Question 4 of 37

A wireless network in a school provides guest access using a captive portal to allow unregistered users to self-register and access the network. The administrator is requested to update the existing configuration to provide captive portal authentication through a secure connection (HTTPS).

Which two changes must the administrator make to enforce HTTPS authentication? (Choose two.)

    Correct Answer: B, D

    To enforce HTTPS authentication for a captive portal, the administrator must enable HTTP redirect in the user authentication settings to redirect traffic from HTTP to HTTPS. Additionally, updating the captive portal URL to use HTTPS ensures that the authentication process is conducted over a secure connection. Creating a new SSID or disabling HTTP administrative access on the guest SSID are not necessary steps for enforcing HTTPS authentication.

Question 5 of 37

Refer to the exhibit.

The exhibits show the wireless network (VAP) SSID profiles defined on FortiManager and an AP profile assigned to a group of APs that are supported by FortiGate.

None of the APs are broadcasting the SSIDs defined by the AP profile.

Which changes do you need to make to enable the SSIDs to broadcast?

    Correct Answer: B

    To enable the SSIDs to broadcast, you need to ensure that at least one channel is selected in the Channels section. If no channels are selected, the radio will not broadcast any SSIDs. Therefore, enabling one channel in the Channels section will allow the SSIDs to be broadcast.