Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
Fortinet
NSE 7 Network Security Architect
NSE7_LED-7.0
Fortinet NSE 7 - LAN Edge 7.0 Questions and Answers

Pass the Fortinet NSE 7 Network Security Architect NSE7_LED-7.0 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam NSE7_LED-7.0 Premium Access

View all detail and faqs for the NSE7_LED-7.0 exam

Go to Exam

701 Students Passed

85% Average Score

93% Same Questions

Viewing page 2 out of 2 pages

Viewing questions 11-20 out of questions

Questions # 11:

Refer to the exhibit.

Examine the FortiGate RSSO configuration shown in the exhibit.

Question # 11

FortiGate is configured to receive RADIUS accounting messages on port3 to authenticate RSSO users. The incoming RADIUS accounting messages contain the username and group membership information in the User-Name and Class RADIUS attributes, respectively.

Which three settings must you configure onFortiGate to successfully authenticate RSSO users and matchthem to the existing RSSO user groups? (Choose three)

Options:

The rasc-endpoint-attribute CLI setting in the RSSO agent configuration should be set to User-Name.

Device detection and Security Fabric Connection should be enabled on port3.

The RADIUS Attribute Value setting configured for an RSSO user group should match the Class RADIUS attribute value in the RADIUS accounting message.

RSSO user groups should be assigned to all firewall policies.

The sso-attribute CLI setting in the RSSO agent configuration should be set to Class.

Answer

A, C, E

Questions # 12:

Refer to the exhibit.

Question # 12

Examine the FortiGate configuration FortiAnalyzer logs and FortiGate widget shown in the exhibit

An administrator is testing the Security Fabric quarantine automation The administrator added FortiAnalyzer to the Security Fabric and configured an automation stitch to automatically quarantine compromised devices The test device (::.:.:.!) s connected to a managed Fort Switch dev :e

After trying to access a malicious website from the test device, the administrator verifies that FortiAnalyzer has a log (or the test connection However the device is not getting quarantined by FortiGate as shown in the quarantine widget

Which two scenarios are likely to cause this issue? (Choose two)

Options:

The web filtering rating service is not working

FortiAnalyzer does not have a valid threat detection services license

The device does not have FortiClient installed

FortiAnalyzer does not consider the malicious website an indicator of compromise (IOC)

Answer

B, D

Explanation

According to the exhibits, the administrator has configured an automation stitch to automatically quarantine compromised devices based on FortiAnalyzer’s threat detection services. However, according to the FortiAnalyzer logs, the test device is not detected as compromised by FortiAnalyzer, even though it tried to access a malicious website. Therefore, option B is true because FortiAnalyzer does not have a valid threat detection services license, which is required to enable the threat detection services feature. Option D is also true because FortiAnalyzer does not consider the malicious website an indicator of compromise (IOC), which is a criterion for identifying compromised devices. Option A is false because the web filtering rating service is working, as shown by the log entry that indicates that the test device accessed a URL with a category of “Malicious Websites”. Option C is false because the device does not need to have FortiClient installed to be quarantined by FortiGate, as long as it is connected to a managed FortiSwitch device.

Questions # 13:

Refer to the exhibit.

Question # 13

Examine the LDAP server configuration shown in the exhibit Note that the Username setting has been expanded to display Its full content

On the Windows AD server 10.0.1.10, the administrator used dsquery. which returned the following output:

Question # 13

According to the output which FortiGate LDAP setting is configured incorrectly''

Options:

Common Name Identifier

Bind Type

Distinguished Name

Username

Answer

Questions # 14:

Refer to the exhibits showing AP monitoring information.

Question # 14

The exhibits show the status of an AP in a small office building. The building is located at the edge of a campus, and users are reporting issues with wireless network performance.

Question # 14

Which configuration change would best improve the wireless network performance?

Options:

Select an alternative channel for the 5 GHz interface.

Disable lower data rates on the 5 GHz interface.

Enable band steering on the AP.

Relocate the AP to be closer to the clients.

Answer

Questions # 15:

Refer to the exhibit.

Question # 15

Examine the FortiManager configuration and FortiGate CLI output shown in the exhibit

An administrator is testing the NAC feature The test device is connected to a managed FortiSwitch device {S224EPTF19"53€7)onport2

After applying the NAC policy on port2 and generating traffic on the test device the test device is not matching the NAC policy therefore the test device remains m the onboarding VLAN

Based on the information shown in the exhibit which two scenarios are likely to cause this issue? (Choose two.)

Options:

Management communication between FortiGate and FortiSwitch is down

The MAC address configured on the NAC policy is incorrect

The device operating system detected by FortiGate is not Linux

Device detection is not enabled on VLAN 4089

Answer

C, D

Explanation

According to the FortiManager configuration, the NAC policy is set to match devices with the MAC address of 00:0c:29:6a:2b:3c and the operating system of Linux. However, according to the FortiGate CLI output, the test device has a different MAC address of 00:0c:29:6a:2b:3d. Therefore, option B is true. Option A is also true because the FortiSwitch device status is shown as down, which means that the management communication betweenFortiGate and FortiSwitch is not working properly. This could prevent the NAC policy from being applied correctly. Option C is false because the device operating system detected by FortiGate is Linux, which matches the NAC policy. Option D is false because device detection is enabled on VLAN 4089, as shown by the command “config switch-controller vlan”.

Questions # 16:

Question # 16

Wireless guest users are unable to authenticate because they are getting a certificate error while loading the captive portal login page. This URL string is the HTTPS POST URL guest wireless users see when attempting to access the network using the web browser

Question # 16

Which two settings are the likely causes of the issue? (Choose two.)

Options:

The external server FQDN is incorrect

The wireless user's browser is missing a CA certificate

The FortiGate authentication interface address is using HTTPS

The user address is not in DDNS form

Answer

A, B

Explanation

According to the exhibit, the wireless guest users are getting a certificate error while loading the captive portal login page. This means that the browser cannot verify the identity of the server that is hosting the login page. Therefore, option A is true because the external server FQDN is incorrect, which means that it does not match the common name or subject alternative name of the server certificate. Option B is also true because the wireless user’s browser is missing a CA certificate, which means that it does not have the root or intermediate certificate that issued the server certificate. Option C is false because the FortiGate authentication interface address is using HTTPS, which is a secure protocol that encrypts the communication between the browser and the server. Option D is false because the user address is not in DDNS form, which is not related to the certificate error.

Questions # 17:

Which two statements about MAC address quarantine by redirect mode are true? (Choose two)