● NSE 7 - LAN Edge 7.0 Exam Materials
Please note that the exam NSE 7 - LAN Edge 7.0 Exam" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 6 - OT Security 7.6 Architect"
The new exam version is available on Brave-Dumps and can be purchased.
It has been replaced by the exam "NSE 6 - OT Security 7.6 Architect"
The new exam version is available on Brave-Dumps and can be purchased.
Question #21
Question #22
An administrator has deployed multiple dual-band wireless APs in a wireless network. APs are installed at measured distances to ensure fast roaming for the clients. Multiple 2.4 GHz-only wireless clients are connecting to the network, and subsequent monitoring shows that individual AP 2.4 GHz interfaces are being overloaded with wireless connections.
Which configuration change would best resolve the overloading issue?
(Choose one answer)
- A. Configure load balancing AP handoff on both AP interfaces on all APs.
- B. Configure a client limit on all AP 2.4 GHz interfaces.
- C. Configure load balancing AP handoff on only the 2.4 GHz interfaces of all APs.
- D. Configure load balancing frequency handoff on both AP interfaces.
Question #23
Refer to the exhibits.
In the WTP profile configuration shown in the exhibit, the AP profile is assigned to two FAP-320 APs that are installed in an open plan office.
The first AP has 32 clients associated with the 5 GHz radios and 22 clients associated with the 2.4 GHz radio. The second AP has 12 clients associated with the 5 GHz radios and 20 clients associated with the 2.4 GHz radio.
A dual-band-capable client enters the office near the first AP and the first AP measures the new client at -33 dBm signal strength. The second AP measures the new client at -43 dBm signal strength.
If the new client attempts to connect to the corporate wireless network, with which AP radio will the client be associated?
(Choose one answer)
- A. The first AP 2.4 GHz interface.
- B. The second AP 2.4 GHz interface.
- C. The second AP 5 GHz interface.
- D. The first AP 5 GHz interface.
Question #24
Refer to the exhibits
Examine the LDAP server configuration and output shown in the exhibits. Note that the Distinguished Name and Username settings on the LDAP server configuration have been expanded to display their full contents.
An LDAP user named student cannot authenticate. While testing the student account, the administrator gets the CLI output shown in the exhibit.
According to the output, which FortiGate LDAP server settings must the administrator check?
(Choose one answer)
- A. Common Name Identifier
- B. Bind Type
- C. Distinguished Name
- D. Username
Question #25
Refer to the exhibit.
Examine the sections of the configuration shown in the output.
What action will FortiGate take when verifying the student certificate through OCSP?
(Choose one answer)
- A. Reject the student certificate if the OCSP server replies that the student certificate status is unknown
- B. Not verify the OCSP server certificate
- C. Use the OCSP URL included in the student certificate to verify the student certificate
- D. Consider the student certificate status as valid if the OCSP server is unreachable
Question #26
You are investigating a report of poor wireless performance in a network that you manage. The issue is related to an AP interface in the 5 GHz range. You are monitoring the channel utilization over time.
What is the recommended maximum utilization value that an interface should not exceed?
(Choose one answer)
- A. 85%
- B. 95%
- C. 75%
- D. 65%
Question #27
Refer to the exhibit.
Examine the FortiGate user group configuration and the Windows AD LDAP group membership information shown in the exhibit.
FortiGate is configured to authenticate SSL VPN users against Windows AD using LDAP. The administrator configured the SSL VPN user group for SSL VPN users. However, the administrator noticed that both the t and student and jsmith users can connect to SSL VPN.
Which change can the administrator make on FortiGate to restrict the SSL VPN service to the student user only?
(Choose one answer)
- A. In the SSL VPN user group configuration, set Group Name to CN=SSLVPN,CN=Users,DC=trainingAD,DC=training,DC=lab.
- B. In the SSL VPN user group configuration, change Name to CN=SSLVPN,CN=Users,DC=trainingAD,DC=training,DC=lab.
- C. In the SSL VPN user group configuration, set Group Name to CN=Domain Users,CN=Users,DC=trainingAD,DC=training,DC=lab.
- D. In the SSL VPN user group configuration, change Type to Fortinet Single Sign-On (FSSO).
Question #28
Refer to the exhibit.
Examine the RADIUS server configuration shown in the exhibit.
An administrator has configured a RADIUS server on FortiGate that points to FortiAuthenticator. FortiAuthenticator is acting as an authentication proxy and is configured to relay all authentication requests to a remote Windows AD server using LDAP.
While testing the configuration, the administrator noticed that the diagnose test authserver command worked with PAP; however, authentication requests failed when using MSCHAP2.
Which two solutions can the administrator implement to get MSCHAP2 authentication to work?
(Choose two answers)
- A. On FortiAuthenticator, enable Windows Active Directory Domain Authentication to add FortiAuthenticator to the Windows domain.
- B. On FortiGate, configure the NAS IP setting on the RADIUS server.
- C. On FortiAuthenticator, change the back-end authentication server from LDAP to RADIUS.
- D. On FortiGate, update the Secret setting on the RADIUS server.
Question #29
Refer to the exhibits.
Examine the troubleshooting outputs shown in the exhibits.
Users have been reporting issues with the speed of their wireless connection in a particular part of the wireless network. The interface that is having issues is the 2.4 GHz interface that is currently configured on channel 6.
The administrator of the wireless network has investigated and surveyed the local RF environment using the tools available at the AP and FortiGate.
Which configuration would improve the wireless connection?
(Choose one answer)
- A. Change the AP 2.4 GHz channel to 11
- B. Change the AP 2.4 GHz channel to 1
- C. Change the AP 2.4 GHz channel to 9.
- D. Change the AP 2.4 GHz channel to 13.
Question #30
Refer to the exhibit.
Examine the debug output shown in the exhibit.
Which two statements about the RADIUS debug output are true?
(Choose two answers)
- A. The user student belongs to the SSLVPN group.
- B. User authentication failed.
- C. The RADIUS server sent a vendor-specific attribute in the RADIUS response.
- D. User authentication succeeded using MSCHAP.
Refer to the exhibit.
Examine the FortiSwitch security policy shown in the exhibit.
A device that does not support 802.1X authentication is connected to a port using the Port-Security security policy.
What action does the FortiSwitch take on the port? (Choose one answer)