Home Vendors New Files TQB Simulator Upload Files
Cisco Microsoft VMware Oracle Checkpoint IBM Exin RedHat ECCouncil PMI

Download Fortinet.NSE7_LED-7.0.VCEplus.2023-09-20.21q.tqb

Vendor: Fortinet
Exam Code: NSE7_LED-7.0
Exam Name: Fortinet NSE 7 -LAN Edge 7-0
Date: Sep 20, 2023
File Size: 3 MB
Download Exam
Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator

Demo Questions

Question 1
Which two pieces of information can the diagnose test authserver ldap command provide? (Choose two.)
  1. It displays whether the admin bind user credentials are correct
  2. It displays whether the user credentials are correct
  3. It displays the LDAP codes returned by the LDAP server
  4. It displays the LDAP groups found for the user
Correct answer: BC
Explanation:
According to the FortiGate CLI Reference Guide, ''The diagnose test authserver ldap command tests LDAP authentication with a specific LDAP server. The command displays whether the user credentials are correct and whether the user belongs to any groups that match a firewall policy. The command also displays the LDAP codes returned by the LDAP server.'' Therefore, options B and C are true because they describe the information that the diagnose test authserver ldap command can provide. Option A is false because the command does not display whether the admin bind user credentials are correct, but rather whether the user credentials are correct. Option D is false because the command does not display the LDAP groups found for the user, but rather whether the user belongs to any groups that match a firewall policy.
According to the FortiGate CLI Reference Guide, ''The diagnose test authserver ldap command tests LDAP authentication with a specific LDAP server. The command displays whether the user credentials are correct and whether the user belongs to any groups that match a firewall policy. The command also displays the LDAP codes returned by the LDAP server.'' Therefore, options B and C are true because they describe the information that the diagnose test authserver ldap command can provide. Option A is false because the command does not display whether the admin bind user credentials are correct, but rather whether the user credentials are correct. Option D is false because the command does not display the LDAP groups found for the user, but rather whether the user belongs to any groups that match a firewall policy.
Question 2
You are setting up an SSID (VAP) to perform RADlUS-authenticated dynamic VLAN allocation 
Which three RADIUS attributes must be supplied by the RADIUS server to enable successful VLAN allocation'' (Choose three.)
  1. Tunnel-Private-Group-ID
  2. Tunnel-Pvt-Group-ID
  3. Tunnel-Preference
  4. Tunnel-Type
  5. Tunnel-Medium-Type
Correct answer: ADE
Explanation:
According to the FortiAP Configuration Guide, 'To perform RADIUS-authenticated dynamic VLAN allocation, the RADIUS server must supply the following RADIUS attributes: Tunnel-Private-Group-ID, which specifies the VLAN ID to assign to the user. Tunnel-Type, which specifies the tunneling protocol used for the VLAN. The value must be 13 (VLAN). Tunnel-Medium-Type, which specifies the transport medium used for the VLAN. The value must be 6 (802). Therefore, options A, D, and E are true because they describe the RADIUS attributes that must be supplied by the RADIUS server to enable successful VLAN allocation. Option B is false because Tunnel-Pvt-Group-ID is not a valid RADIUS attribute name, but rather a typo for Tunnel-Private-Group-ID. Option C is false because Tunnel-Preference is not a required RADIUS attribute for dynamic VLAN allocation, but rather an optional attribute that specifies the priority of the VLAN.
According to the FortiAP Configuration Guide, 'To perform RADIUS-authenticated dynamic VLAN allocation, the RADIUS server must supply the following RADIUS attributes: Tunnel-Private-Group-ID, which specifies the VLAN ID to assign to the user. Tunnel-Type, which specifies the tunneling protocol used for the VLAN. The value must be 13 (VLAN). Tunnel-Medium-Type, which specifies the transport medium used for the VLAN. 
The value must be 6 (802). Therefore, options A, D, and E are true because they describe the RADIUS attributes that must be supplied by the RADIUS server to enable successful VLAN allocation. Option B is false because Tunnel-Pvt-Group-ID is not a valid RADIUS attribute name, but rather a typo for Tunnel-Private-Group-ID. Option C is false because Tunnel-Preference is not a required RADIUS attribute for dynamic VLAN allocation, but rather an optional attribute that specifies the priority of the VLAN.
Question 3
Refer to the exhibit. 
 
By default FortiOS creates the following DHCP server scope for the FortiLink interface as shown in the exhibit 
What is the objective of the vci-string setting?
  1. To ignore DHCP requests coming from FortiSwitch and FortiExtender devices
  2. To reserve IP addresses for FortiSwitch and FortiExtender devices
  3. To restrict the IP address assignment to FortiSwitch and FortiExtender devices
  4. To restrict the IP address assignment to devices that have FortiSwitch or FortiExtender as their hostname
Correct answer: C
Explanation:
According to the exhibit, the DHCP server scope for the FortiLink interface has a vci-string setting with the value ''Cisco AP c2700''. This setting is used to match the vendor class identifier (VCI) of the DHCP clients that request an IP address from the DHCP server. The VCI is a text string that uniquely identifies a type of vendor device. Therefore, option C is true because the vci-string setting restricts the IP address assignment to FortiSwitch and FortiExtender devices, which use the VCI ''Cisco AP c2700''. Option A is false because the vci-string setting does not ignore DHCP requests coming from FortiSwitch and FortiExtender devices, but rather accepts them. Option B is false because the vci-string setting does not reserve IP addresses for FortiSwitch and FortiExtender devices, but rather assigns them dynamically. Option D is false because the vci-string setting does not restrict the IP address assignment to devices that have FortiSwitch or FortiExtender as their hostname, but rather to devices that have ''Cisco AP c2700'' as their VCI.
According to the exhibit, the DHCP server scope for the FortiLink interface has a vci-string setting with the value ''Cisco AP c2700''. This setting is used to match the vendor class identifier (VCI) of the DHCP clients that request an IP address from the DHCP server. The VCI is a text string that uniquely identifies a type of vendor device. Therefore, option C is true because the vci-string setting restricts the IP address assignment to FortiSwitch and FortiExtender devices, which use the VCI ''Cisco AP c2700''. Option A is false because the vci-string setting does not ignore DHCP requests coming from FortiSwitch and FortiExtender devices, but rather accepts them. Option B is false because the vci-string setting does not reserve IP addresses for FortiSwitch and FortiExtender devices, but rather assigns them dynamically. Option D is false because the vci-string setting does not restrict the IP address assignment to devices that have FortiSwitch or FortiExtender as their hostname, but rather to devices that have ''Cisco AP c2700'' as their VCI.
CONNECT US
EXAM SIMULATOR

How to Open TQB Files?

Use Taurus Exam Simulator to open TQB files

Taurus Exam Simulator


Taurus Exam Simulator for Windows/macOS/Linus

Download

We does not sell or support this software
Taurus Exam Studio
Enjoy a 20% discount on Taurus Exam Studio!

You now have the chance to acquire Exam Studio at a discounted rate of 20%.

Get Now!
-->