Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

NSE7_LED-7.0Free trial

By fortinet

Verified

25Q per page

Question 1

Refer to the exhibit.

Examine the FortiGate user group configuration and the Windows AD LDAP group membership information shown in the exhibit.
FortiGate is configured to authenticate SSL VPN users against Windows AD using LDAP. The administrator configured the SSL VPN user group for SSL VPN users. However, the administrator noticed that both the t and student and jsmith users can connect to SSL VPN.
Which change can the administrator make on FortiGate to restrict the SSL VPN service to the student user only?

A: In the SSL VPN user group configuration, set Group Name to CN=SSLVPN,CN=Users,DC=trainingAD,DC=training,DC=lab.
B: In the SSL VPN user group configuration, change Name to CN=SSLVPN,CN=Users,DC=trainingAD,DC=training,DC=lab.
C: In the SSL VPN user group configuration, set Group Name to CN=Domain Users,CN=Users,DC=trainingAD,DC=training,DC=lab.
D: In the SSL VPN user group configuration, change Type to Fortinet Single Sign-On (FSSO).

—

Question 2

Refer to the exhibits.

In the wireless configuration shown in the exhibits, an AP is deployed in a remote site and has a wireless network (VAP) called Corporate deployed to it.
The network is a tunnelled network; however, clients connecting to a wireless network require access to a local printer. Clients are trying to print to a printer on the remote site, but are unable to do so.
Which configuration change is required to allow clients connected to the Corporate SSID to print locally?

A: Configure split-tunneling in the vap configuration.
B: Configure split-tunneling in the wtp-profile configuration.
C: Disable the Block Intra-SSID Traffic (Intra-vap-privacy) setting on the SSID (VAP) profile.
D: Configure the printer as a wireless client on the Corporate wireless network.

—

Question 3

Which EAP method requires the use of a digital certificate on both the server end and the client end?

A: EAP-TTLS
B: PEAP
C: EAP-GTC
D: EAP-TLS

—

Question 4

Refer to the exhibit.

Examine the FortiManager configuration and FortiGate CLI output shown in the exhibit.
An administrator is testing the NAC feature. The test device is connected to a managed FortiSwitch device (S224EPTF19005867) on port2.
After applying the NAC policy on port2 and generating traffic on the test device, the test device is not matching the NAC policy; therefore, the test device remains in the onboarding VLAN.
Based on the information shown in the exhibit, which two scenarios are likely to cause this issue? (Choose two.)

A: Management communication between FortiGate and FortiSwitch is down.
B: The MAC address configured on the NAC policy is incorrect.
C: The device operating system detected by FortiGate is not Linux.
D: Device detection is not enabled on VLAN 4089.

—

Question 5

Which two pieces of information can the diagnose test authserver ldap command provide? (Choose two.)

A: It displays whether the admin bind user credentials are correct.
B: It displays whether the user credentials are correct.
C: It displays the LDAP codes returned by the LDAP server.
D: It displays the LDAP groups found for the user.

—

Question 6

You are setting up an SSID (VAP) to perform RADIUS-authenticated dynamic VLAN allocation.
Which three RADIUS attributes must be supplied by the RADIUS server to enable successful VLAN allocation? (Choose three.)

A: Tunnel-Private-Group-ID
B: Tunnel-Pvt-Group-ID
C: Tunnel-Preference
D: Tunnel-Type
E: Tunnel-Medium-Type

—

Question 7

Refer to the exhibit.

Examine the FortiManager information shown in the exhibit.
Which two statements about the FortiManager status are true? (Choose two.)

A: FortiSwitch manager is working in per-device management mode.
B: FortiSwitch is not authorized.
C: FortiSwitch manager is working in central management mode.
D: FortiSwitch is authorized and offline.

—

Question 8

An administrator is testing the connectivity for a new VLAN. The devices in the VLAN are connected to a FortiSwitch device that is managed by FortiGate. Quarantine is disabled on FortiGate.
While testing, the administrator noticed that devices can ping FortiGate and FortiGate can ping the devices. The administrator also noticed that inter-VLAN communication works. However, intra-VLAN communication does not work.
Which scenario is likely to cause this issue?

A: The native VLAN configured on the ports is incorrect.
B: The FortiSwitch MAC address table is missing entries.
C: The FortiGate ARP table is missing entries.
D: Access VLAN is enabled on the VLAN.

—

Question 9

Refer to the exhibit.

By default, FortiOS creates the following DHCP server scope for the FortiLink interface as shown in the exhibit.
What is the objective of the vci-string setting?

A: To ignore DHCP requests coming from FortiSwitch and FortiExtender devices
B: To reserve IP addresses for FortiSwitch and FortiExtender devices
C: To restrict the IP address assignment to FortiSwitch and FortiExtender devices
D: To restrict the IP address assignment to devices that have FortiSwitch or FortiExtender as their hostname

—

Question 10

An administrator has configured an SSID in bridge mode for corporate employees. All APs are online and provisioned using default AP profiles. Employees are unable to locate the SSID to connect.
Which two configurations can the administrator verify? (Choose two.)

A: Verify that the broadcast SSID option is enabled in the SSID configuration.
B: Verify that the Block Intra-SSID Traffic (Intra-vap-privacy) option in the SSID configuration is disabled.
C: Verify that the SSID to an AP group that should be broadcasting the SSID is applied.
D: Verify that the SSID is manually applied on AP profiles for both 2.4 GHz and 5 GHz radios.

—

Question 11

What is the purpose of enabling Windows Active Directory Domain Authentication on FortiAuthenticator?

A: It enables FortiAuthenticator to use Windows administrator credentials to perform an LDAP lookup for a user search.
B: It enables FortiAuthenticator to use a Windows CA certificate when authenticating RADIUS users.
C: It enables FortiAuthenticator to import users from Windows AD.
D: It enables FortiAuthenticator to register itself as a Windows trusted device to proxy authentication using Kerberos.

—

That’s the end of your free questions

You’ve reached the preview limit for NSE7_LED-7.0

Consider upgrading to gain full access!

Page 1 of 3 • Questions 1-25 of 51

1 2 3

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!