Refer to the exhibit.
Examine the RADIUS server configuration shown in the exhibit
An administrator has configured a RADIUS server on FortiGate that points to FortiAuthenticator FortiAuthenticator is acting as an authentication proxy and is configured to relay all authentication requests to a remote Windows AD server using LDAP While testing the configuration the administrator noticed that the diagnosetest authserver command worked with PAP, however authentication requests failed when using MSCHAP2 Which two solutions can the administrator implement to get MSCHAP2 authentication to work'' (Choose two.)
A. On FortiAuthenticator change the back-end authentication server from LDAP to RADIUS
B. On FortiGate configure the NAS IP setting on the RADIUS
server
C. On FortiAuthenticator enable Windows Active Directory Domain Authentication to add FortiAuthenticator to the Windows domain
D. On FortiGate update the Secret setting on the RADIUS server
正解:A,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
Which FortiSwitch VLANs are automatically created on FortGate when the first FortiSwitch device is discovered1?
A. access, quarantine, rspan. voice, video, and onboarding
B. default quarantine rspan voice video and nac_segment
C. fortilink. quarantine erspan voice video and onboarding
D. default quarantine, rspan voice video onboarding and nac_segment
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Refer to the exhibit.
Examine the network diagram and packet capture shown in the exhibit
The packet capture was taken between FortiGate and FortiAuthenticator and shows a RADIUS Access-Request packet sent by FortiSwitch to FortiAuthenticator through FortiGate Why does the User-Name attribute in the RADIUS Access-Request packet contain the client MAC address?
A. FortiSwitch is sending a RADIUS accounting message to FortiAuthenticator
B. The client is performing AD machine authentication
C. FortiSwitch is authenticating the client using MAC authentication bypass
D. The client is performing user authentication
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Refer to the exhibit.
Examine the FortiGate user group configuration and the Windows AD LDAP group membership information shown in the exhibit FortiGate is configured to authenticate SSL VPN users against Windows AD using LDAP The administrator configured the SSL VPN user group for SSL VPN users However the administrator noticed that both the student and j smith users can connect to SSL VPN Which change can the administrator make on FortiGate to restrict the SSL VPN service to the student user only?
A. In the SSL VPN user group configuration set Group Name to ::;=Domain users.CN-Users/DC=trainingAD, DC-training, DC=lab.
B. In the SSL VPN user group configuration, change Name to cn=sslvpn, CN=users, DC=trainingAD, Detraining, DC-lab.
C. In the SSL VPN user group configuration set Group Nam to CN-SSLVPN, CN="users, DC-trainingAD, DC-training, DC-lab
D. In the SSL VPN user group configuration change Type to Fortinet Single Sign-On (FSSO)
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
Takekawa -
とても詳細に記述されている解説はわかりやすいので
NSE7_LED-7.0に苦手意識があるかたでも読みやすいです。それのお陰で高得点です。就職上手くいけそう。