Fortinet NSE7_LED-7 0 Sample Questions Certspots

Prévia do material em texto

https://www.certspots.com/exam/nse7_led-7-0/
NSE7_LED-7.0 
Real Dumps
Fortinet NSE7_LED-7.0 Real Dumps
1. Which two statements about FortiSwitch manager are true? (Choose two)
A.Per-device management is the default management mode on 
FortiManager
B.FortiManager obtains the FortiSwitch status information by querying the 
FortiGate REST API every three minutes
C.If the administrator makes any changes on FortiSwitch manager they must 
also install those changes on FortiGate so that those changes are applied on 
the managed switches
D.Any switch discovered or authorized on FortiGate must be added manually 
on FortiSwitch manager
Answer: B, C
Fortinet NSE7_LED-7.0 Real Dumps
2. You are configuring a FortiGate wireless network to support automated 
wireless client quarantine using IOC Which two configurations must you 
put in place for a wireless client to be quarantined successfully? (Choose 
two)
A.Configure the wireless network to be in tunnel mode
B.Configure the FortiGate device in the Security Fabric with a FortiAnalyzer 
device
C.Configure a firewall policy to allow communication
D.Configure the wireless network to be in bridge mode
Answer: A, B
Fortinet NSE7_LED-7.0 Real Dumps
3. An administrator is testing the connectivity for a new VLAN The devices in the 
VLAN are connected to a FortiSwitch device that is managed by FortiGate 
Quarantine is disabled on FortiGate.
While testing the administrator noticed that devices can ping FortiGate and 
FortiGate can ping the devices The administrator also noticed that inter-VLAN 
communication works However intra-VLAN communication does not work.
Which scenario is likely to cause this issue?
A.Access VLAN is enabled on the VLAN
B.The native VLAN configured on the ports is incorrect
C.The FortiSwitch MAC address table is missing entries
D.The FortiGate ARP table is missing entries
Answer: C
Fortinet NSE7_LED-7.0 Real Dumps
4. Which two statements about the MAC-based 802 1X security 
mode available on FortiSwitch are true? (Choose two.)
A.FortiSwitch authenticates a single device and opens the port to 
other devices connected to the port
B.FortiSwitch authenticates each device connected to the port
C.It cannot be used in conjunction with MAC authentication bypass
D.FortiSwitch can grant different access levels to each device 
connected to the port
Answer: B, D
Fortinet NSE7_LED-7.0 Real Dumps
5. Which two statements about MAC address quarantine by 
redirect mode are true? (Choose two)
A.The quarantined device is moved to the quarantine VLAN
B.The device MACaddress is added to the Quarantined Devices 
firewall address group
C.It is the default mode for MAC address quarantine
D.The quarantined device is kept in the current VLAN
Answer: B, D
Fortinet NSE7_LED-7.0 Real Dumps
6. A wireless network in a school provides guest access using a captive portal to 
allow unregistered users to self-register and access the network The administrator is 
requested to update the existing configuration to provide captive portal 
authentication through a secure connection (HTTPS).
Which two changes must the administrator make to enforce HTTPS authentication? 
(Choose two )
A.Create a new SSID with the HTTPS captive portal URL
B.Enable HTTP redirect in the user authentication settings
C.Disable HTTP administrative access on the guest SSID to enforce HTTPS connection
D.Update the captive portal URL to use HTTPS on FortiGate and FortiAuthenticator
Answer: B, D
Fortinet NSE7_LED-7.0 Real Dumps
7. Which FortiSwitch VLANs are automatically created on FortGate 
when the first FortiSwitch device is discovered?
A.default quarantine, rspan voice video onboarding and 
nac_segment
B.access, quarantine, rspan. voice, video, and onboarding
C.default quarantine rspan voice video and nac_segment
D.fortilink. quarantine erspan voice video and onboarding
Answer: D
Fortinet NSE7_LED-7.0 Real Dumps
8. Examine the network diagram and packet capture shown in the exhibit.
The packet capture was taken between FortiGate and FortiAuthenticator and shows 
a RADIUS Access-Request packet sent by FortiSwitch to FortiAuthenticator through 
FortiGate.
Why does the User-Name attribute in the RADIUS Access-Request packet contain 
the client MAC address?
A.The client is performing AD machine authentication
B.FortiSwitch is authenticating the client using MAC authentication bypass
C.The client is performing user authentication
D.FortiSwitch is sending a RADIUS accounting message to FortiAuthenticator
Answer: B
Fortinet NSE7_LED-7.0 Real Dumps
9. Examine the FortiSwitch security policy shown in the exhibit.
If the security profile shown in the exhibit is assigned to all ports on a 
FortiSwitch device for 802 1X authentication which statement about the 
switch is correct?
A.FortiSwitch cannot authenticate multiple devices connected to the same 
port
B.FortiSwitch will try to authenticate non-802 1X devices using the device 
MAC address as the username and password
C.FortiSwitch will assign non-802 1X devices to the onboarding VLAN
D.All EAP messages will be terminated on FortiSwitch
Answer: C
Fortinet NSE7_LED-7.0 Real Dumps
10. Which two statements about the guest portal on FortiAuthenticator are 
true? (Choose two.)
A. The guest portal provides pre and post-log in services
B. Each remote user on FortiAuthenticator can sponsor up to 10 guest 
accounts
C. Administrators can use one or more incoming parameters to configure 
a mapping rule for the guest portal
D. Administrators must approve all guest accounts before they can be 
used
Answer: A,C