[2024年更新]NSE7_LED-7.0試験問題集でテストエンジン練習テスト問題 [Q20-Q43]

Share

[2024年更新]NSE7_LED-7.0試験問題集でテストエンジン練習テスト問題

合格できるNSE7_LED-7.0試験[2024年11月02日]最新38問題


Fortinet NSE7_LED-7.0試験は、FortinetのLANエッジソリューションの展開と管理において専門的な知識を証明したいネットワークセキュリティ専門家にとって有用な認定試験です。この認定は、世界的に認められ、IT業界の雇用主に高く評価されています。認定は、LANインフラストラクチャをセキュリティで保護し、Secure SD-WANを構成し、FortinetのLANエッジソリューションを管理する候補者の知識とスキルを検証します。Fortinet NSE7_LED-7.0試験に合格した候補者は、ネットワークセキュリティにおける専門的な能力と熟練度を証明するFortinet NSE 7認定を受けます。

 

質問 # 20
Refer to the exhibit. Examine the FortiManager configuration and FortiGate CLI output shown in the exhibit.
An administrator is testing the NAC feature. The test device is connected to a managed FortiSwitch device (S224EPTF19005867) on port2.
After applying the NAC policy on port2 and generating traffic on the test device, the test device is not matching the NAC policy; therefore, the test device remains in the onboarding VLAN.
Based on the information shown in the exhibit, which two scenarios are likely to cause this issue?
(Choose two.)

  • A. Device detection is not enabled on VLAN 4089
  • B. The MAC address configured on the NAC policy is incorrect
  • C. The device operating system detected by FortiGate is not Linux
  • D. Management communication between FortiGate and FortiSwitch is down

正解:B、C

解説:
https://docs.fortinet.com/document/fortiswitch/7.4.2/fortilink-guide/173271/fortiswitch-network- access-control


質問 # 21
A wireless network in a school provides guest access using a captive portal to allow unregistered users to self-register and access the network The administrator is requested to update the existing configuration to provide captive portal authentication through a secure connection (HTTPS) Which two changes must the administrator make to enforce HTTPS authentication"? (Choose two >

  • A. Create a new SSID with the HTTPS captive portal URL
  • B. Disable HTTP administrative access on the guest SSID to enforce HTTPS connection
  • C. Update the captive portal URL to use HTTPS on FortiGate and FortiAuthenticator
  • D. Enable HTTP redirect in the user authentication settings

正解:C、D

解説:
Explanation
According to the FortiGate Administration Guide, "To enable HTTPS authentication, you must enable HTTP redirect in the user authentication settings. This redirects HTTP requests to HTTPS. You must also update the captive portal URL to use HTTPS on both FortiGate and FortiAuthenticator." Therefore, options B and D are true because they describe the changes that the administrator must make to enforce HTTPS authentication for the captive portal. Option A is false because creating a new SSID with the HTTPS captive portal URL is not required, as the existing SSID can be updated with the new URL. Option C is false because disabling HTTP administrative access on the guest SSID will not enforce HTTPS connection, but rather block HTTP connection.


質問 # 22
You are configuring a FortiGate wireless network to support automated wireless client quarantine using IOC. Which two configurations must you put in place for a wireless client to be quarantined successfully? (Choose two)

  • A. Configure the FortiGate device in the Security Fabric with a FortiAnalyzer device
  • B. Configure a firewall policy to allow communication
  • C. Configure the wireless network to be in tunnel mode
  • D. Configure the wireless network to be in bridge mode

正解:A、C

解説:
To enable automated wireless client quarantine using IOC, you must configure the following settings: Configure your wireless network to be in tunnel mode. This allows FortiGate to inspect all wireless traffic and apply security policies. Configure your FortiGate device in the Security Fabric with a FortiAnalyzer device. This allows FortiAnalyzer to detect indicators of compromise (IOC) from wireless traffic and send quarantine commands to FortiGate.


質問 # 23
Which two statements about MAC address quarantine by redirect mode are true? (Choose two)

  • A. The device MAC address is added to the Quarantined Devices firewall address group
  • B. The quarantined device is kept in the current VLAN
  • C. It is the default mode for MAC address quarantine
  • D. The quarantined device is moved to the quarantine VLAN

正解:A、B

解説:
MAC address quarantine by redirect mode allows you to quarantine devices by adding their MAC addresses to a firewall address group called Quarantined Devices. The quarantined devices are kept in their current VLANs, but their traffic is redirected to a quarantine portal.


質問 # 24

Wireless guest users are unable to authenticate because they are getting a certificate error while loading the captive portal login page.This URL string is the HTTPS POST URL guest wireless users see when attempting to access the network using the web browser

Which two settings are the likely causes of the issue? (Choose two.)

  • A. The FortiGate authentication interface address is using HTTPS
  • B. The wireless user's browser is missing a CA certificate
  • C. The external server FQDN is incorrect
  • D. The user address is not in DDNS form

正解:B、C

解説:
Explanation
According to the exhibit, the wireless guest users are getting a certificate error while loading the captive portal login page. This means that the browser cannot verify the identity of the server that is hosting the login page.
Therefore, option A is true because the external server FQDN is incorrect, which means that it does not match the common name or subject alternative name of the server certificate. Option B is also true because the wireless user's browser is missing a CA certificate, which means that it does not have the root or intermediate certificate that issued the server certificate. Option C is false because the FortiGate authentication interface address is using HTTPS, which is a secure protocol that encrypts the communication between the browser and the server. Option D is false because the user address is not in DDNS form, which is not related to the certificate error.


質問 # 25
Refer to the exhibit

A device connected to port2 on FortiSwitch cannot access the network The port is assigned a security policy to enforce 802 1X authentication While troubleshooting the issue, the administrator obtains the debug output shown in the exhibit Which two scenarios are likely to cause this issue? (Choose two.)

  • A. The device has been quarantined for 3600 seconds.
  • B. The device is not configured for 802 IX authentication.
  • C. The device does not support 802 1X authentication
  • D. The device has been assigned the guest VLAN

正解:B、C

解説:
Explanation
According to the exhibit, the debug output shows that the device connected to port2 on FortiSwitch is sending an EAPOL-Start message, which is the first step of the 802.1X authentication process. However, the output also shows that the device is not sending any EAP-Response messages, which are required to complete the authentication process. Therefore, option A is true because the device is not configured for 802.1X authentication, which means that it does not have the correct credentials or settings to authenticate with the RADIUS server. Option D is also true because the device does not support 802.1X authentication, which means that it does not have the capability or software to perform 802.1X authentication. Option B is false because the device has not been quarantined for 3600 seconds, but rather has a session timeout of 3600 seconds, which is the default value for 802.1X sessions. Option C is false because the device has not been assigned the guest VLAN, but rather has been assigned the default VLAN, which is VLAN 1.


質問 # 26
Refer to the exhibit. Examine the FortiGate user group configuration and the Windows AD LDAP group membership information shown in the exhibit.
FortiGate is configured to authenticate SSL VPN users against Windows AD using LDAP. The administrator configured the SSL VPN user group for SSL VPN users. However the administrator noticed that both the student and j.smith users can connect to SSL VPN.
Which change can the administrator make on FortiGate to restrict the SSL VPN service to the student user only?

  • A. In the SSL VPN user group configuration, set Group Name to
    CN=SSLVPN,CN=Users,DC=trainingAD,DC=training,DC=lab.
  • B. In the SSL VPN user group configuration, change Name to
    CN=SSLVPN,CN=Users,DC=trainingAD,DC=training,DC=lab.
  • C. In the SSL VPN user group configuration, change Type to Fortinet Single Sign-On (FSSO).
  • D. In the SSL VPN user group configuration, set Group Name to CN=Domain Users,CN=Users,DC=trainingAD,DC=training,DC=lab.

正解:A

解説:
The Group Name is the name of the LDAP group that you want to use for authentication. The name must match exactly the name of the LDAP group on the LDAP server.


質問 # 27
An administrator is testing the connectivity for a new VLAN The devices in the VLAN are connected to a FortiSwitch device that is managed by FortiGate Quarantine is disabled on FortiGate While testing the administrator noticed that devices can ping FortiGate and FortiGate can ping the devices The administrator also noticed that inter-VLAN communication works However intra-VLAN communication does not work Which scenario is likely to cause this issue?

  • A. The FortiSwitch MAC address table is missing entries
  • B. The FortiGate ARP table is missing entries
  • C. Access VLAN is enabled on the VLAN
  • D. The native VLAN configured on the ports is incorrect

正解:A

解説:
Explanation
According to the scenario, the devices in the VLAN are connected to a FortiSwitch device that is managed by FortiGate. Quarantine is disabled on FortiGate, which means that the devices are not blocked by any security policy. The devices can ping FortiGate and FortiGate can ping the devices, which means that the IP connectivity is working. Inter-VLAN communication works, which means that the routing between VLANs is working. However, intra-VLAN communication does not work, which means that the switching within the VLAN is not working. Therefore, option C is true because the FortiSwitch MAC address table is missing entries, which means that the FortiSwitch does not know how to forward frames to the destination MAC addresses within the VLAN. Option A is false because access VLAN is enabled on the VLAN, which means that the VLAN ID is added to the frames on ingress and removed on egress. This does not affect intra-VLAN communication. Option B is false because the native VLAN configured on the ports is incorrect, which means that the frames on the native VLAN are not tagged with a VLAN ID. This does not affect intra-VLAN communication. Option D is false because the FortiGate ARP table is missing entries, which means that FortiGate does not know how to map IP addresses to MAC addresses. This does not affect intra-VLAN communication.


質問 # 28
Refer to the exhibit.

Examine the RADIUS server configuration shown in the exhibit
An administrator has configured a RADIUS server on FortiGate that points to FortiAuthenticator FortiAuthenticator is acting as an authentication proxy and is configured to relay all authentication requests to a remote Windows AD server using LDAP While testing the configuration the administrator noticed that the diagnosetest authserver command worked with PAP, however authentication requests failed when using MSCHAP2 Which two solutions can the administrator implement to get MSCHAP2 authentication to work'' (Choose two.)

  • A. On FortiGate configure the NAS IP setting on the RADIUS
    server
  • B. On FortiAuthenticator enable Windows Active Directory Domain Authentication to add FortiAuthenticator to the Windows domain
  • C. On FortiAuthenticator change the back-end authentication server from LDAP to RADIUS
  • D. On FortiGate update the Secret setting on the RADIUS server

正解:B、C

解説:
Explanation
According to the exhibit, the RADIUS server configuration on FortiGate points to FortiAuthenticator, which is acting as an authentication proxy and is configured to relay all authentication requests to a remote Windows AD server using LDAP. However, LDAP does not support MSCHAP2 authentication, which is required for RADIUS. Therefore, option A is true because on FortiAuthenticator, enabling Windows Active Directory Domain Authentication will add FortiAuthenticator to the Windows domain and allow it to use MSCHAP2 authentication with the AD server. Option C is also true because on FortiAuthenticator, changing the back-end authentication server from LDAP to RADIUS will allow it to use MSCHAP2 authentication with the AD server. Option B is false because on FortiGate, configuring the NAS IP setting on the RADIUS server will not affect the MSCHAP2 authentication, but rather the source IP address of the RADIUS packets. Option D is false because on FortiGate, updating the Secret setting on the RADIUS server will not affect the MSCHAP2 authentication, but rather the shared secret between FortiGate and FortiAuthenticator.


質問 # 29
Refer to the exhibit.

Examine the debug output shown in the exhibit
Which two statements about the RADIUS debug output are true'' (Choose two)

  • A. User authentication succeeded using MSCHAP
  • B. The RADIUS server sent a vendor-specific attribute in the RADIUS response
  • C. User authentication failed
  • D. The user student belongs to the SSLVPN group

正解:A、D

解説:
Explanation
According to the exhibit, the debug output shows a RADIUS debug output from FortiGate. The output shows that FortiGate sent a RADIUS Access-Request packet to FortiAuthenticator with the username student and received a RADIUS Access-Accept packet from FortiAuthenticator with a Class attribute containing SSLVPN.
Therefore, option A is true because it indicates that the user student belongs to the SSLVPN group on FortiAuthenticator. The output also shows that FortiGate used MSCHAP as the authentication method and received a MS-MPPE-Send-Key and a MS-MPPE-Recv-Key from FortiAuthenticator. Therefore, option D is true because it indicates that user authentication succeeded using MSCHAP. Option B is false because user authentication did not fail, but rather succeeded. Option C is false because FortiAuthenticator did not send a vendor-specific attribute in the RADIUS response, but rather standard attributes defined by RFCs.


質問 # 30
You are investigating a report of poor wireless performance in a network that you manage. The issue is related to an AP interface in the 5 GHz range. You are monitoring the channel utilization over time.
What is the recommended maximum utilization value that an interface should not exceed?

  • A. 95%
  • B. 85%
  • C. 75%
  • D. 65%

正解:C

解説:


質問 # 31
Which two statements about the MAC-based 802.1X security mode available on FortiSwitch are true? (Choose two.)

  • A. FortiSwitch authenticates each device connected to the port
  • B. It cannot be used in conjunction with MAC authentication bypass
  • C. FortiSwitch authenticates a single device and opens the port to other devices connected to the port
  • D. FortiSwitch can grant different access levels to each device connected to the port

正解:A、D

解説:
MAC-based 802.1X security mode allows you to authenticate each device connected to a port using its MAC address as the username and password. Therefore, Option B is true because it describes the MAC-based 802.1X security mode available on FortiSwitch. Option D is also true because FortiSwitch can grant different access levels to each device connected to the port based on the user group and security policy assigned to them.


質問 # 32
Refer to the exhibit

Examine the sections of the configuration shown in the output
What action will FortiGate take when verifying the student certificate through OCSP?

  • A. Not verify the OCSP server certificate
  • B. Use the OCSP URL included in the student certificate to verify the student certificate
  • C. Consider the student certificate status as valid if the OCSP server is unreachable
  • D. Reject the student certificate if the OCSP server replies that the student certificate status is unknown

正解:B

解説:
Explanation
According to the exhibit, the FortiGate configuration has ocsp-status enabled and ocsp-option set to certificate.
This means that FortiGate will use OCSP to verify the revocation status of certificates presented by clients. According to the FortiGate Administration Guide2, "If you select certificate, FortiGate uses an OCSP URL included in a certificate to verify that certificate." Therefore, option C is true because it describes what action FortiGate will take when verifying the student certificate through OCSP. Option A is false because FortiGate will not reject the student certificate if the OCSP server replies that the student certificate status is unknown, but rather accept it as valid. Option B is false because FortiGate will verify the OCSPserver certificate by default, unless strict-ocsp-check is disabled. Option D is false because FortiGate will not consider the student certificate status as valid if the OCSP server is unreachable, but rather reject it as invalid.


質問 # 33
Refer to the exhibits. Examine the troubleshooting outputs shown in the exhibits.
Users have been reporting issues with the speed of their wireless connection in a particular part of the wireless network. The interface that is having issues is the 2.4 GHz interface that is currently configured on channel 6.
The administrator of the wireless network has investigated and surveyed the local RF environment using the tools available at the AP and FortiGate.
Which configuration would improve the wireless connection?

  • A. Change the AP 2.4 GHz channel to 13.
  • B. Change the AP 2.4 GHz channel to 1.
  • C. Change the AP 2.4 GHz channel to 11
  • D. Change the AP 2.4 GHz channel to 9.

正解:B

解説:
According to the exhibits, the AP 2.4 GHz interface is currently configured on channel 6, which is overlapping with other nearby APs on channels 4 and 8. This can cause interference and reduce the wireless performance. Therefore, changing the AP 2.4 GHz channel to 1 would improve the wireless connection, as it would avoid the overlapping channels and use a non-overlapping channel instead.


質問 # 34
Refer to the exhibit.

Examine the IPsec VPN phase 1 configuration shown in theexhibit
An administrator wants to use certificate-based authentication for an IPsec VPN user Which three configuration changes must you make on FortiGate to perform certificate-based authentication for the IPsec VPN user? (Choose three)

  • A. Create a PKI user for the IPsec VPN user, and then configure the IPsec VPN tunnel to accept the PKI user as peer certificate
  • B. Import the CA that signed the user certificate
  • C. In the IKE section of the IPsec VPN tunnel in the Mode field select Main (ID protection)
  • D. In the Authentication section of the IPsec VPN tunnel in the Method drop-down list select Signature and then select the certificate that FortiGate will use for IPsec VPN
  • E. Enable XAUTH on the IPsec VPN tunnel

正解:B、D、E

解説:
Explanation
According to the FortiGate Administration Guide, "To use certificate-based authentication, you must configure the following settings on both peers: Select Signature as the authentication method and select a certificate to use for authentication. Import the CA certificate that issued the peer's certificate. Enable XAUTH on the phase 1 configuration." Therefore, options B, D, and E are true because they describe the configuration changes that must be made on FortiGate to perform certificate-based authentication for the IPsec VPN user.
Option A is false because creating a PKI user for the IPsec VPN user is not required, as the user certificate can be verified by the CA certificate. Option C is false because changing the IKE mode to Main (ID protection) is not required, as the IKE mode can be either Main or Aggressive for certificate-based authentication.


質問 # 35
When you configure a FortiAP wireless interface for auto TX power control which statement describes how it configures its transmission power"?

  • A. Every 30 seconds FortiGate measures the signal strength of adjacent FortiAP interfaces It will adjust the adjacent AP power to be detectable at -70 dBm
  • B. Every 30 seconds FortiGate measures the signal strength of adjacent AP interfaces It will adjust its own AP power to match the adjacent AP signal strength
  • C. Every 30 seconds FortiGate measures the signal strength of the weakest associated client The AP will then configure its radio power to match the detected signal strength of the client
  • D. Every 30 seconds the AP will measure the signal strength of the AP using the client The AP will adjust its signal strength up or down until the AP signal is detected at -70 dBm

正解:D

解説:
Explanation
According to the FortiAP Configuration Guide1, "Auto TX power control allows the AP to adjust its transmit power based on the signal strength of the client. The AP will measure the signal strength of the client every 30 seconds and adjust its transmit power up or down until the client signal is detected at -70 dBm." Therefore, option A is true because it describes how the FortiAP wireless interface configures its transmission power when auto TX power control is enabled. Option B is false because FortiGate does not measure the signal strength of adjacent AP interfaces, but rather the FortiAP does. Option C is false because FortiGate does not adjust the adjacent AP power, but rather the FortiAP adjusts its own power. Option D is false becauseFortiGate does not measure the signal strength of the weakest associated client, but rather the FortiAP does.


質問 # 36
Refer to the exhibit.

By default FortiOS creates the following DHCP server scope for the FortiLink interface as shown in the exhibit What is the objective of the vci-string setting?

  • A. To restrict the IP address assignment to devices that have FortiSwitch or FortiExtender as their hostname
  • B. To restrict the IP address assignment to FortiSwitch and FortiExtender devices
  • C. To ignore DHCP requests coming from FortiSwitch and FortiExtender devices
  • D. To reserve IP addresses for FortiSwitch and FortiExtender devices

正解:B

解説:
Explanation
According to the exhibit, the DHCP server scope for the FortiLink interface has a vci-string setting with the value "Cisco AP c2700". This setting is used to match the vendor class identifier (VCI) of the DHCP clients that request an IP address from the DHCP server. The VCI is a text string that uniquely identifies a type of vendor device. Therefore, option C is true because the vci-string setting restricts the IP address assignment to FortiSwitch and FortiExtender devices, which use the VCI "Cisco AP c2700". Option A is false because the vci-string setting does not ignore DHCP requests coming from FortiSwitch and FortiExtender devices, but rather accepts them. Option B is false because the vci-string setting does not reserve IP addresses for FortiSwitch and FortiExtender devices, but rather assigns them dynamically. Option D is false because the vci-string setting does not restrict the IP address assignment to devices that have FortiSwitch or FortiExtender as their hostname, but rather to devices that have "Cisco AP c2700" as their VCI.


質問 # 37
Refer to the exhibit. A device connected to port2 on FortiSwitch cannot access the network. The port is assigned a security policy to enforce 802.1X authentication. While troubleshooting the issue, the administrator obtains the debug output shown in the exhibit.
Which two scenarios are likely to cause this issue? (Choose two.)

  • A. The device has been quarantined for 3600 seconds.
  • B. The device has been assigned the guest VLAN.
  • C. The device does not support 802.1X authentication.
  • D. The device is not configured for 802.1X authentication.

正解:C、D

解説:
According to the exhibit, the debug output shows that the device connected to port2 on FortiSwitch is sending an EAPOL-Start message, which is the first step of the 802.1X authentication process. However, the output also shows that the device is not sending any EAP- Response messages, which are required to complete the authentication process. Therefore, option A is true because the device is not configured for 802.1X authentication, which means that it does not have the correct credentials or settings to authenticate with the RADIUS server.
Option D is also true because the device does not support 802.1X authentication, which means that it does not have the capability or software to perform 802.1X authentication.


質問 # 38
Refer to the exhibit.

Examine the LDAP server configuration shown in the exhibit Note that the Username setting has been expanded to display Its full content On the Windows AD server 10.0.1.10, the administrator used dsquery. which returned the following output:

According to the output which FortiGate LDAP setting is configured incorrectly''

  • A. Bind Type
  • B. Username
  • C. Distinguished Name
  • D. Common Name Identifier

正解:C

解説:
Explanation
According to the exhibits, the LDAP server configuration on FortiGate has the Distinguished Name set to
"dc=training,dc=lab". However, according to the output of the dsquery command on the Windows AD server, the Distinguished Name of the domain should be "dc=trainingAD,dc=training,dc=lab". Therefore, option C is true because the Distinguished Name on FortiGate is configured incorrectly and does not match the actual Distinguished Name of the domain. Option A is false because the Common Name Identifier on FortiGate is configured correctly as "cn". Option B is false because the Bind Type on FortiGate is configured correctly as
"Regular". Option D is false because the Username on FortiGate is configured correctly as
"cn=admin,cn=users,dc=trainingAD,dc=training,dc=lab".


質問 # 39
Refer to the exhibits.

Firewall Policy

Examine the firewall policy configuration and SSID settings
An administrator has configured a guest wireless network on FortiGate using the external captive portal The administrator has verified that the external captive portal URL is correct However wireless users are not able to see the captive portal login page Given the configuration shown in the exhibit and the SSID settings which configuration change should the administrator make to fix the problem?

  • A. Include the wireless client subnet range in the Exempt Source section
  • B. Enable the captivs-portal-exempt option in the firewall policy with the ID 11.
  • C. Disable the user group from the SSID configuration
  • D. Apply a guest.portal user group in the firewall policy with the ID 11.

正解:D

解説:
Explanation
According to the FortiGate Administration Guide, "To use an external captive portal, you must configure a user group that uses the external captive portal as the authentication method and apply it to a firewall policy." Therefore, option C is true because it will allow the wireless users to be redirected to the external captive portal URL when they try to access the Internet. Option A is false because disabling the user group from the SSID configuration will prevent the wireless users from being authenticated by the FortiGate device. Option B is false because enabling the captive-portal-exempt option in the firewall policy will bypass the captive portal authentication for the wireless users, which is not the desired outcome. Option D is false because including the wireless client subnet range in the Exempt Source section will also bypass the captive portal authentication for the wireless users, which is not the desired outcome.


質問 # 40
Refer to the exhibit.

Examine the FortiGate configuration FortiAnalyzer logs and FortiGate widget shown in the exhibit An administrator is testing the Security Fabric quarantine automation The administrator added FortiAnalyzer to the Security Fabric and configured an automation stitch to automatically quarantine compromised devices The test device (::.:.:.!) s connected to a managed Fort Switch dev :e After trying to access a malicious website from the test device, the administrator verifies that FortiAnalyzer has a log (or the test connection However the device is not getting quarantined by FortiGate as shown in the quarantine widget Which two scenarios are likely to cause this issue? (Choose two)

  • A. The device does not have FortiClient installed
  • B. FortiAnalyzer does not have a valid threat detection services license
  • C. The web filtering rating service is not working
  • D. FortiAnalyzer does not consider the malicious website an indicator of compromise (IOC)

正解:B、D

解説:
Explanation
According to the exhibits, the administrator has configured an automation stitch to automatically quarantine compromised devices based on FortiAnalyzer's threat detection services. However, according to the FortiAnalyzer logs, the test device is not detected as compromised by FortiAnalyzer, even though it tried to access a malicious website. Therefore, option B is true because FortiAnalyzer does not have a valid threat detection services license, which is required to enable the threat detection services feature. Option D is also true because FortiAnalyzer does not consider the malicious website an indicator of compromise (IOC), which is a criterion for identifying compromised devices. Option A is false because the web filtering rating service is working, as shown by the log entry that indicates that the test device accessed a URL with a category of
"Malicious Websites". Option C is false because the device does not need to have FortiClient installed to be quarantined by FortiGate, as long as it is connected to a managed FortiSwitch device.


質問 # 41
Refer to the exhibits

The exhibits show the wireless network (VAP) SSID profiles defined on FortiManager and an AP profile assigned to a group of APs that are supported by FortiGate None of the APs are broadcasting the SSlDs defined by the AP profile Which changes do you need to make to enable the SSIDs to broadcast?

  • A. Enable one channel in the Channels section
  • B. Enable multiple channels in the Channels section and enable Radio Resource Provision
  • C. In the SSIDs section enable Manual and assign the networks manually
  • D. In the SSIDs section enable Tunnel

正解:A

解説:
Explanation
According to the FortiManager Administration Guide1, "To enable the SSID, you must select at least one channel for the radio. If no channels are selected, the SSID will not be enabled." Therefore, enabling one channel in the Channels section will allow the SSIDs to broadcast.


質問 # 42
Refer to the exhibit. Examine the LDAP server configuration shown in the exhibit. Note that the Username setting has been expanded to display its full content.
On the Windows AD server 10.0.1.10, the administrator used dsquery, which returned the following output:
>dsquery user -samid student
"CN=student,CN=Users,DC=trainingAD,DC=training,DC=lab"
According to the output, which FortiGate LDAP setting is configured incorrectly?

  • A. Bind Type
  • B. Username
  • C. Distinguished Name
  • D. Common Name Identifier

正解:C

解説:
According to the exhibits, the LDAP server configuration on FortiGate has the Distinguished Name set to "dc=training,dc=lab". However, according to the output of the dsquery command on the Windows AD server, the Distinguished Name of the domain should be
"dc=trainingAD,dc=training,dc=lab".


質問 # 43
......


Fortinet NSE7_LED-7.0試験は、ネットワークセキュリティの分野でキャリアアップを目指すITプロフェッショナルにとって重要な認定です。この試験は、LANエッジセキュリティに関する包括的な理解を提供し、ITプロフェッショナルのLANエッジネットワークのセキュリティに関する知識とスキルを認定します。この認定を取得することで、ITプロフェッショナルは、安全なLANエッジネットワークを設計、実装、管理する専門知識を潜在的な雇用主に証明することができ、より良い求人機会と高い給与を得ることができます。

 

Fortinet NSE7_LED-7.0リアルな2024年最新の知能問題集模擬試験問題集:https://jp.fast2test.com/NSE7_LED-7.0-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어