New Year Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_LED-7.0
  5. Fortinet NSE 7 - LAN Edge 7.0 Questions and Answers

Pass the Fortinet NSE 7 Network Security Architect NSE7_LED-7.0 Questions and answers with CertsForce

 Fortinet Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions
Questions # 1:

Refer to the exhibit.

Question # 1

An administrator wants to telnet into the S224EPTF19005867 switch over the FortiGate FortiLink interface.

Which configuration change should the administrator make?

Options:
A.

Enable telnet access on the FortiLink interface.

B.

On the default local-access profile, add telnet to the list of allowed protocols for mgmt-allowaccess.

C.

On the default local-access profile, add telnet to the list of allowed protocols for internal-allowaccess.

D.

Factory reset the switch to enable telnet access.

Expert Solution
Questions # 2:

Which two statements about the MAC-based 802 1X security mode available on FortiSwitch are true? (Choose two.)

Options:
A.

FortiSwitch authenticates a single device and opens the port to other devices connected to the port

B.

FortiSwitch authenticates each device connected to the port

C.

It cannot be used in conjunction with MAC authentication bypass

D.

FortiSwitch can grant different access levels to each device connected to the port

Expert Solution
Questions # 3:

Which two statements about the use of digital certificates are true? (Choose two.)

Options:
A.

A chain of trust may include one or more intermediate CAs.

B.

In a chain of trust, the root CA is signed by another certificate.

C.

To validate the signature on a certificate, an endpoint does not need to know the CA of that certificate.

D.

An intermediate CA can sign other certificates.

Expert Solution
Questions # 4:

You are setting up an SSID (VAP) to perform RADlUS-authenticated dynamic VLAN allocation

Which three RADIUS attributes must be supplied by the RADIUS server to enable successful VLAN allocation'' (Choose three.)

Options:
A.

Tunnel-Private-Group-ID

B.

Tunnel-Pvt-Group-ID

C.

Tunnel-Preference

D.

Tunnel-Type

E.

Tunnel-Medium-Type

Expert Solution
Questions # 5:

Which three protocols are used for controlling FortiSwitch devices on FortiGate? (Choose three.)

Options:
A.

HTTPS

B.

CAPWAP

C.

IGMP

D.

FTP

E.

FortiLink

Expert Solution
Questions # 6:

Refer to the exhibit.

Question # 6

Examine the FortiGate configuration FortiAnalyzer logs and FortiGate widget shown in the exhibit

An administrator is testing the Security Fabric quarantine automation The administrator added FortiAnalyzer to the Security Fabric and configured an automation stitch to automatically quarantine compromised devices The test device (::.:.:.!) s connected to a managed Fort Switch dev :e

After trying to access a malicious website from the test device, the administrator verifies that FortiAnalyzer has a log (or the test connection However the device is not getting quarantined by FortiGate as shown in the quarantine widget

Which two scenarios are likely to cause this issue? (Choose two)

Options:
A.

The web filtering rating service is not working

B.

FortiAnalyzer does not have a valid threat detection services license

C.

The device does not have FortiClient installed

D.

FortiAnalyzer does not consider the malicious website an indicator of compromise (IOC)

Expert Solution
Questions # 7:

Refer to the exhibits.

Question # 7

An administrator has configured FortiGate with an SSID (Corp) with dynamic VLAN assignment, and also configured a RADIUS server to send IETF 64, IETF 65, and IETF 81 VSAs.

The administrator has verified that the RADIUS server is sending all the required information to FortiGate. However, FortiGate is not assigning correct VLANs to the wireless clients.

What is causing the problem?

Options:
A.

Wireless clients must be assigned an IP address from the 10.0.3.0/24 subnet.

B.

The RADIUS server must send the framed-ip attribute to assign wireless clients an IP address.

C.

The administrator must define the corresponding VLANs that are sent by the RADIUS server.

D.

The administrator must configure a firewall policy to allow wireless clients to communicate with the RADIUS server.

Expert Solution
Questions # 8:

Which CLI command should an administrator use on FortiGate to view the RSSO authentication process in real time?

Options:
A.

diagnose debug application fnbamd -1

B.

diagnose debug application authd -1

C.

diagnose debug application radiusd -1

D.

diagnose debug application foauthd -1

Expert Solution
Questions # 9:

Which two statements about FortiSwitch trunks are true? (Choose two.)

Options:
A.

A trunk is a link aggregation group interface.

B.

By default, when connecting two FortiSwitch devices to each other, a trunk is automatically created between the switches.

C.

Trunks do not support tagged Ethernet frames.

D.

LACP is not supported.

Expert Solution
Questions # 10:

Where can FortiGate learn the FortiManager IP address or FQDN for zero-touch provisioning'?

Options:
A.

From an LDAP server using a simple bind operation

B.

From a TFTP server

C.

From a DHCP server using options 240 and 241

D.

From a DNS server using A or AAAA records

Expert Solution
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions