Fortinet NSE7_LED-7.0 Exam Questions Instant Access

Question 1

Refer to the exhibits.

An administrator has configured FortiGate with an SSID (Corp) with dynamic VLAN assignment, and also configured a RADIUS server to send IETF 64, IETF 65, and IETF 81 VSAs.

The administrator has verified that the RADIUS server is sending all the required information to FortiGate. However, FortiGate is not assigning correct VLANs to the wireless clients.

What is causing the problem?

AWireless clients must be assigned an IP address from the 10.0.3.0/24 subnet.

BThe RADIUS server must send the framed-ip attribute to assign wireless clients an IP address.

CThe administrator must define the corresponding VLANs that are sent by the RADIUS server.

DThe administrator must configure a firewall policy to allow wireless clients to communicate with the RADIUS server.

Answer : B

Question 2

Refer to the exhibit.

Examine the partial debug output shown in the exhibit.

Which two statements about the debug output are true? (Choose1 two.)

AThe LDAP DN search did not match any LDAP user.

BThe credentials provided for student are correct.

CThe Training-Lab LDAP server is configured to use regular bind.

DThe connection to the Training-Lab LDAP server timed out.

Answer : B, C

Question 3

To troubleshoot configuration push issues on a managed FortiSwitch, which FortiGate process should an administrator enable debug for?

Ahttpsd

Bcu_acd

Cfortilinkd

Dflcfgd

Answer : D

Question 4

You are investigating a report of poor wireless performance in a network that you manage. The issue is related to an AP interface in the 5 GHz range You are monitoring the channel utilization over time.

What is the recommended maximum utilization value that an interface should not exceed?

A85%

B95%

C75%

D65%

Answer : C

Question 5

Refer to the exhibit

Examine the sections of the configuration shown in the output

What action will FortiGate take when verifying the student certificate through OCSP?

AReject the student certificate if the OCSP server replies that the student certificate status is unknown

BNot verify the OCSP server certificate

CUse the OCSP URL included in the student certificate to verify the student certificate

DConsider the student certificate status as valid if the OCSP server is unreachable

Answer : A

Question 6

Which CLI command should an administrator use on FortiGate to view the RSSO authentication process in real time?

Adiagnose debug application fnbamd -1

Bdiagnose debug application authd -1

Cdiagnose debug application radiusd -1

Ddiagnose debug application foauthd -1

Answer : A

Question 7

Which CLI command should an administrator use to view the certificate verification process in real time?

Adiagnose debug application foauthd -1

Bdiagnose debug application radiusd -1

Cdiagnose debug application authd -1

Ddiagnose debug application fnbamd -1

Answer : C

According to the FortiOS CLI Reference Guide, ''The diagnose debug application foauthd command enables debugging of certificate verification process in real time.'' Therefore, option A is true because it describes the CLI command that an administrator should use to view the certificate verification process in real time. Option B is false because diagnose debug application radiusd -1 enables debugging of RADIUS authentication process, not certificate verification process. Option C is false because diagnose debug application authd -1 enables debugging of authentication daemon process, not certificate verification process. Option D is false because diagnose debug application fnbamd -1 enables debugging of FSSO daemon process, not certificate verification process.

Fortinet NSE 7 - LAN Edge 7.0 NSE7_LED-7.0 Exam Questions