● NSE 7 - LAN Edge 7.0 Exam Materials
Please note that the exam NSE 7 - LAN Edge 7.0 Exam" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 6 - OT Security 7.6 Architect"
The new exam version is available on Brave-Dumps and can be purchased.
It has been replaced by the exam "NSE 6 - OT Security 7.6 Architect"
The new exam version is available on Brave-Dumps and can be purchased.
Question #1
Question #2
Refer to the exhibit.
An administrator wants to telnet into the S224EPTF19005867 switch over the FortiGate FortiLink interface.
Which configuration change should the administrator make?
(Choose one answer)
- A. On the default local-access profile, add telnet to the list of allowed protocols for internal-allowaccess.
- B. On the default local-access profile, add telnet to the list of allowed protocols for mgmt-allowaccess.
- C. Factory reset the switch to enable telnet access.
- D. Enable telnet access on the FortiLink interface.
Question #3
Which statement correctly describes the guest portal behavior on FortiAuthenticator? (Choose one answer)
- A. All self-registered and sponsored accounts are listed on the local Users GUI page on FortiAuthenticator.
- B. FortiAuthenticator uses POST parameters and a RADIUS client configuration to map the request to a guest portal for authentication.
- C. Sponsored accounts cannot authenticate using guest portals.
- D. All guest accounts must be activated using SMS or email activation codes.
Question #4
Which EAP method requires the use of a digital certificate on both the server end and the client end? (Choose one answer)
- A. EAP-TTLS
- B. PEAP
- C. EAP-GTC
- D. EAP-TLS
Question #5
Refer to the exhibit.
Examine the network diagram and packet capture shown in the exhibit.
The packet capture was taken between FortiGate and FortiAuthenticator, and shows a RADIUS Access-Request packet sent by FortiSwitch to FortiAuthenticator through FortiGate.
Why does the User-Name attribute in the RADIUS Access-Request packet contain the client MAC address?
(Choose one answer)
- A. The client is performing AD machine authentication.
- B. FortiSwitch is authenticating the client using MAC authentication bypass.
- C. The client is performing user authentication.
- D. FortiSwitch is sending a RADIUS accounting message to FortiAuthenticator.
Question #6
Which two statements about FortiSwitch manager are true? (Choose two answers)
- A. Per-device management is the default management mode on FortiManager.
- B. FortiManager obtains the FortiSwitch status information by querying the FortiGate REST API every three minutes.
- C. If the administrator makes any changes on FortiSwitch manager, they must also install those changes on FortiGate so that those changes are applied on the managed switches.
- D. Any switch discovered or authorized on FortiGate must be added manually on FortiSwitch manager.
Question #7
Which two pieces of information can the diagnose test authserver ldap command provide? (Choose two answers)
- A. It displays whether the admin bind user credentials are correct.
- B. It displays whether the user credentials are correct.
- C. It displays the LDAP codes returned by the LDAP server.
- D. It displays the LDAP groups found for the user.
Question #8
Refer to the exhibit.
By default, FortiOS creates the following DHCP server scope for the FortiLink interface as shown in the exhibit.
What is the objective of the vci-string setting?
(Choose one answer)
- A. To ignore DHCP requests coming from FortiSwitch and FortiExtender devices
- B. To reserve IP addresses for FortiSwitch and FortiExtender devices
- C. To restrict the IP address assignment to FortiSwitch and FortiExtender devices
- D. To restrict the IP address assignment to devices that have FortiSwitch or FortiExtender as their hostname
Question #9
What is the purpose of enabling Windows Active Directory Domain Authentication on FortiAuthenticator? (Choose one answer)
- A. It enables FortiAuthenticator to use Windows administrator credentials to perform an LDAP lookup for a user search.
- B. It enables FortiAuthenticator to use a Windows CA certificate when authenticating RADIUS users.
- C. It enables FortiAuthenticator to import users from Windows AD.
- D. it enables FortiAuthenticator to register itself as a Windows trusted device to proxy authentication using Kerberos.
Question #10
A wireless network in a school provides guest access using a captive portal to allow unregistered users to self-register and access the network. The administrator is requested to update the existing configuration to provide captive portal authentication through a secure connection (HTTPS).
Which two changes must the administrator make to enforce HTTPS authentication?
(Choose two answers)
- A. Create a new SSID with the HTTPS captive portal URL.
- B. Enable HTTP redirect in the user authentication settings.
- C. Disable HTTP administrative access on the guest SSID to enforce HTTPS connection.
- D. Update the captive portal URL to use HTTPS on FortiGate and FortiAuthenticator.
Which two statements about MAC address quarantine (by VLAN mode) are true? (Choose two answers)