● NSE 7 - LAN Edge 7.0 Exam Materials
Please note that the exam NSE 7 - LAN Edge 7.0 Exam" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 6 - OT Security 7.6 Architect"
The new exam version is available on Brave-Dumps and can be purchased.
It has been replaced by the exam "NSE 6 - OT Security 7.6 Architect"
The new exam version is available on Brave-Dumps and can be purchased.
Question #41
Question #42
Refer to the exhibit.
Examine the FortiGate RSSO configuration shown in the exhibit.
FortiGate is configured to receive RADIUS accounting messages on port3 to authenticate RSSO users. The users are located behind port3, and the internet link is connected to port1. FortiGate is processing incoming RADIUS accounting messages successfully, and RSSO users are getting associated with the RSSO Group user group. However, all the users are able to access the internet, and the administrator wants to restrict internet access to RSSO users only.
Which configuration change should the administrator make to fix the problem?
(Choose one answer)
- A. Change the RADIUS Attribute Value setting to match the name of the RADIUS attribute containing the group membership information of the RSSO users.
- B. Add RSSO Group to the firewall policy.
- C. Enable Security Fabric Connection on port3.
- D. Create a second firewall policy from port3 to port1, and select the target destination subnets.
Question #43
Refer to the exhibit.
A device connected to port2 on FortiSwitch cannot access the network. The port is assigned a security policy to enforce 802.1X authentication. While troubleshooting the issue, the administrator obtains the debug output shown in the exhibit.
Which two scenarios are likely to cause this issue?
(Choose two answers)
- A. The device is not configured for 802.1X authentication.
- B. The device has been quarantined for 3600 seconds.
- C. The device has been assigned the guest VLAN.
- D. The device does not support 802.1X authentication.
Question #44
Refer to the exhibits.
In the wireless configuration shown in the exhibits, an AP is deployed in a remote site and has a wireless network (VAP) called Corporate deployed to it.
The network is a tunnelled network; however, clients connecting to a wireless network require access to a local printer. Clients are trying to print to a printer on the remote site, but are unable to do so.
Which configuration change is required to allow clients connected to the Corporate SSID to print locally?
(Choose one answer)
- A. Configure split-tunneling in the vap configuration.
- B. Configure split-tunneling in the wtp-profile configuration.
- C. Disable the Block Intra-SSID Traffic (Intra-vap-privacy) setting on the SSID (VAP) profile.
- D. Configure the printer as a wireless client on the Corporate wireless network.
Question #45
You are setting up an SSID (VAP) to perform RADIUS-authenticated dynamic VLAN allocation.
Which three RADIUS attributes must be supplied by the RADIUS server to enable successful VLAN allocation?
(Choose three answers)
- A. Tunnel-Private-Group-ID
- B. Tunnel-Pvt-Group-ID
- C. Tunnel-Preference
- D. Tunnel-Type
- E. Tunnel-Medium-Type
Question #46
Where can FortiGate learn the FortiManager IP address or FQDN for zero-touch provisioning? (Choose one answer)
- A. From an LDAP server using a simple bind operation
- B. From a TFTP server
- C. From a DHCP server using options 240 and 241
- D. From a DNS server using A or AAAA records
Question #47
Which two statements about FortiSwitch trunks are true? (Choose two answers)
- A. Trunks do not support tagged Ethernet frames.
- B. By default, when connecting two FortiSwitch devices to each other, a trunk is automatically created between the switches.
- C. A trunk is a link aggregation group interface.
- D. LACP is not supported.
Question #48
Refer to the exhibit.
The exhibits show the wireless network (VAP) SSID profiles defined on FortiManager and an AP profile assigned to a group of APs that are supported by FortiGate.
None of the APs are broadcasting the SSIDs defined by the AP profile.
Which changes do you need to make to enable the SSIDs to broadcast?
(Choose one answer)
- A. In the SSIDs section, enable Tunnel.
- B. Enable one channel in the Channels section.
- C. Enable multiple channels in the Channels section and enable Radio Resource Provision.
- D. In the SSIDs section, enable Manual and assign the networks manually.
Question #49
Refer to the exhibit.
Examine the FortiManager configuration and FortiGate CLI output shown in the exhibit.
An administrator is testing the NAC feature. The test device is connected to a managed FortiSwitch device (S224EPTF19005867) on port2.
After applying the NAC policy on port2 and generating traffic on the test device, the test device is not matching the NAC policy; therefore, the test device remains in the onboarding VLAN.
Based on the information shown in the exhibit, which two scenarios are likely to cause this issue?
(Choose two answers)
- A. Management communication between FortiGate and FortiSwitch is down.
- B. The MAC address configured on the NAC policy is incorrect.
- C. The device operating system detected by FortiGate is not Linux.
- D. Device detection is not enabled on VLAN 4089.
Question #50
Refer to the exhibit
Examine the FortiGate RSSO configuration shown in the exhibit.
FortiGate is configured to receive RADIUS accounting messages on port3 to authenticate RSSO users. The incoming RADIUS accounting messages contain the username and group membership information in the User-Name and Class RADIUS attributes, respectively.
Which three settings must you configure on FortiGate to successfully authenticate RSSO users and match them to the existing RSSO user groups?
(Choose three answers)
- A. RSSO user groups should be assigned to all firewall policies.
- B. The RADIUS Attribute Value setting configured for an RSSO user group should match the Class RADIUS attribute value in the RADIUS accounting message.
- C. The rsso-endpoint-attribute CLI setting in the RSSO agent configuration should be set to User-Name.
- D. Device detection and Security Fabric Connection should be enabled on port3.
- E. The rsso-attribute CLI setting in the RSSO agent configuration should be set to Class.
Refer to the exhibit showing a network topology and SSID settings.
FortiGate is configured to use an external captive portal. However, wireless users are not able to see the captive portal login page.
Which configuration change should the administrator make to fix the problem? (Choose one answer)