Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam NSE7_LED-7.0 Topic 1 Question 14 Discussion

Actual exam question for Fortinet's NSE7_LED-7.0 exam
Question #: 14
Topic #: 1
[All NSE7_LED-7.0 Questions]

Refer to the exhibit.

Examine the FortiSwitch security policy shown in the exhibit

If the security profile shown in the exhibit is assigned to all ports on a FortiSwitch device for 802 1X authentication which statement about the switch is correct?

Show Suggested Answer Hide Answer
Suggested Answer: A, B

According to the exhibit, the wireless guest users are getting a certificate error while loading the captive portal login page. This means that the browser cannot verify the identity of the server that is hosting the login page. Therefore, option A is true because the external server FQDN is incorrect, which means that it does not match the common name or subject alternative name of the server certificate. Option B is also true because the wireless user's browser is missing a CA certificate, which means that it does not have the root or intermediate certificate that issued the server certificate. Option C is false because the FortiGate authentication interface address is using HTTPS, which is a secure protocol that encrypts the communication between the browser and the server. Option D is false because the user address is not in DDNS form, which is not related to the certificate error.


by Jesusa at Mar 07, 2024, 05:33 AM

Limited Time Offer

25%

Off

Get Premium NSE7_LED-7.0 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Salena
2 months ago
I'm going with C. Assigning non-802.1X devices to the onboarding VLAN seems like the most logical and secure approach here.
upvoted 0 times
Avery
16 days ago
User1: Definitely, it's a good practice to keep different types of devices separated.
upvoted 0 times
...
Stephaine
1 months ago
User2: Agreed, it helps to segregate devices for better network security.
upvoted 0 times
...
Cassandra
1 months ago
User1: I think C is the correct answer too. It makes sense to assign non-802.1X devices to a separate VLAN.
upvoted 0 times
...
...
Dianne
2 months ago
Haha, option A is like saying the FortiSwitch can't handle more than one device per port. That's like saying my grandma can't use a smartphone because she's 'too old'.
upvoted 0 times
Tamesha
Louis: That could be a good way to handle devices that don't support 802 1X authentication.
upvoted 0 times
...
Mariann
8 days ago
User 3: I think option C makes more sense, assigning non-802 1X devices to the onboarding VLAN.
upvoted 0 times
...
Louis
15 days ago
User 2: Yeah, it's kind of like underestimating the capabilities of the FortiSwitch.
upvoted 0 times
...
Wynell
22 days ago
User 1: Haha, option A is funny. It's like saying the FortiSwitch can't handle more than one device per port.
upvoted 0 times
...
...
Vernell
2 months ago
Option D is tempting, but I think the correct answer is C. Terminating all EAP messages on the FortiSwitch would be a bit overkill, don't you think?
upvoted 0 times
...
Keena
2 months ago
I'm not sure about option B. Trying to authenticate non-802.1X devices using their MAC address as the username and password sounds a bit sketchy to me.
upvoted 0 times
William
1 months ago
User2: Yeah, it doesn't seem like a secure method of authentication.
upvoted 0 times
...
Devorah
2 months ago
User1: I agree, option B does sound sketchy.
upvoted 0 times
...
...
Mertie
2 months ago
Why do you think that?
upvoted 0 times
...
Bronwyn
2 months ago
Option C seems correct. The policy mentions that non-802.1X devices will be assigned to the onboarding VLAN, which makes sense for the switch to handle authentication properly.
upvoted 0 times
...
Laurena
2 months ago
I disagree, I believe the correct answer is D.
upvoted 0 times
...
Mertie
3 months ago
I think the answer is C.
upvoted 0 times
...

Save Cancel