Fortinet NSE7_LED-7.0 - Fortinet NSE 7 - LAN Edge 7.0 Exam
Page: 2 / 11
Total 51 questions
Question #6 (Topic: Exam A)
Refer to the exhibit.
Examine the IPsec VPN phase 1 configuration shown in the exhibit.
An administrator wants to use certificate-based authentication for an IPsec VPN user.
Which three configuration changes must you make on FortiGate to perform certificate-based authentication for the IPsec VPN user? (Choose three.)
Examine the IPsec VPN phase 1 configuration shown in the exhibit.
An administrator wants to use certificate-based authentication for an IPsec VPN user.
Which three configuration changes must you make on FortiGate to perform certificate-based authentication for the IPsec VPN user? (Choose three.)
A. Create a PKI user for the IPsec VPN user, and then configure the IPsec VPN tunnel to accept the PKI user as peer certificate.
B. In the Authentication section of the IPsec VPN tunnel, in the Method drop-down list, select Signature, and then select the certificate that FortiGate will use for IPsec VPN.
C. In the IKE section of the IPsec VPN tunnel, in the Mode field, select Main (ID protection).
D. Import the CA that signed the user certificate.
E. Enable XAUTH on the IPsec VPN tunnel.
Answer: ABD
Question #7 (Topic: Exam A)
You are investigating a report of poor wireless performance in a network that you manage. The issue is related to an AP interface in the 5 GHz range. You are monitoring the channel utilization over time.
What is the recommended maximum utilization value that an interface should not exceed?
What is the recommended maximum utilization value that an interface should not exceed?
A. 85%
B. 95%
C. 75%
D. 65%
Answer: C
Question #8 (Topic: Exam A)
Which CLI command should an administrator use to view the certificate verification process in real time?
A. diagnose debug application foauthd -1
B. diagnose debug application radiusd -1
C. diagnose debug application authd -1
D. diagnose debug application fnbamd -1
Answer: D
Question #9 (Topic: Exam A)
Which two statements about the guest portal on FortiAuthenticator are true? (Choose two.)
A. Each remote user on FortiAuthenticator can sponsor up to 10 guest accounts.
B. Administrators must approve all guest accounts before they can be used.
C. The guest portal provides pre and post-log in services.
D. Administrators can use one or more incoming parameters to configure a mapping rule for the guest portal.
Answer: CD
Question #10 (Topic: Exam A)
Refer to the exhibits.
In the wireless configuration shown in the exhibits, an AP is deployed in a remote site and has a wireless network (VAP) called Corporate deployed to it.
The network is a tunnelled network; however, clients connecting to a wireless network require access to a local printer. Clients are trying to print to a printer on the remote site, but are unable to do so.
Which configuration change is required to allow clients connected to the Corporate SSID to print locally?
In the wireless configuration shown in the exhibits, an AP is deployed in a remote site and has a wireless network (VAP) called Corporate deployed to it.
The network is a tunnelled network; however, clients connecting to a wireless network require access to a local printer. Clients are trying to print to a printer on the remote site, but are unable to do so.
Which configuration change is required to allow clients connected to the Corporate SSID to print locally?
A. Configure split-tunneling in the vap configuration.
B. Configure split-tunneling in the wtp-profile configuration.
C. Disable the Block Intra-SSID Traffic (Intra-vap-privacy) setting on the SSID (VAP) profile.
D. Configure the printer as a wireless client on the Corporate wireless network.
Answer: A
