NSE7-LED-7-0 Free Sample Questions

A hospital is deploying a secure wired network using FortiSwitch and FortiAuthenticator. The requirements are to authenticate medical devices using MAC Authentication Bypass (MAB) and doctors' laptops using 802.1X EAP-TLS. Both device types connect to the same switch ports. The network administrator has configured the port security mode to `802.1X-mac-based`. However, only the 802.1X authentications are succeeding; the MAB devices fail to connect. What is a potential cause for this issue on the FortiSwitch port configuration?

An administrator is setting up RADIUS Single Sign-On (RSSO) with FortiAuthenticator to gather user group information from a Cisco Wireless LAN Controller (WLC). The WLC is configured to send RADIUS accounting messages to FortiAuthenticator. Despite correct configuration, no user logon events are appearing in the FortiAuthenticator logs. Which two settings are critical to verify for RSSO to function correctly in this scenario? (Select TWO)

An engineer is deploying a large campus network with FortiAPs managed by a FortiGate wireless controller. To improve roaming performance and reduce the impact of broadcast traffic, the engineer wants to convert broadcast traffic to unicast for known clients. Which FortiAP profile setting achieves this?

True or False: When configuring Zero-Touch Provisioning (ZTP) for a FortiSwitch using DHCP option 43, the FortiGate's IP address and the FortiLink interface name must be encoded in the option string.

A financial services company is implementing automatic quarantine for wired clients using the Fortinet Security Fabric. A requirement is that if a client PC is compromised and starts communicating with a known command-and-control server, it must be immediately moved to a remediation VLAN. Which component is responsible for triggering the quarantine action on the FortiSwitch?

An administrator is configuring an LDAP server profile on a FortiGate to authenticate users against a Microsoft Active Directory server. The administrator needs to ensure that only users who are members of the 'VPN_Users' group can authenticate successfully. What is the correct value to use in the `Group Filter` field?

A university is deploying a guest wireless network. They want to allow guests to self-register for access, but the access should automatically expire after 8 hours. Additionally, all guest traffic must be tunneled back to the FortiGate for inspection and NAT. Which two configurations are required to meet these requirements? (Select TWO)

An administrator manages a network where FortiSwitches are connected to a FortiGate via FortiLink. When viewing the `Managed FortiSwitches` page on the FortiGate, one of the switches is showing a status of `Pre-authorized`. What does this status indicate?

A network security engineer needs to configure two-factor authentication for SSL VPN access. The primary authentication will be Active Directory credentials via LDAP, and the secondary factor will be a client certificate issued by an internal Certificate Authority (CA). Which type of user group must be created on the FortiGate to enforce this specific authentication sequence?

During a wireless network deployment, an administrator needs to provide network access for a set of legacy IoT devices that do not support 802.1X authentication. The security policy requires these devices to be placed in a specific IoT VLAN. Which security mode should be configured on the SSID to achieve this with the highest level of security possible for these devices?