Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam NSE7_LED-7.0 Topic 3 Question 26 Discussion

Actual exam question for Fortinet's NSE7_LED-7.0 exam
Question #: 26
Topic #: 3
[All NSE7_LED-7.0 Questions]

Refer to the exhibit.

Examine the RADIUS server configuration shown in the exhibit

An administrator has configured a RADIUS server on FortiGate that points to FortiAuthenticator FortiAuthenticator is acting as an authentication proxy and is configured to relay all authentication requests to a remote Windows AD server using LDAP

While testing the configuration the administrator noticed that the diagnose test authserver command worked with PAP, however authentication requests failed when using MSCHAP2

Which two solutions can the administrator implement to get MSCHAP2 authentication to work'' (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: A, B

According to the exhibit, the wireless guest users are getting a certificate error while loading the captive portal login page. This means that the browser cannot verify the identity of the server that is hosting the login page. Therefore, option A is true because the external server FQDN is incorrect, which means that it does not match the common name or subject alternative name of the server certificate. Option B is also true because the wireless user's browser is missing a CA certificate, which means that it does not have the root or intermediate certificate that issued the server certificate. Option C is false because the FortiGate authentication interface address is using HTTPS, which is a secure protocol that encrypts the communication between the browser and the server. Option D is false because the user address is not in DDNS form, which is not related to the certificate error.


by Anjelica at Aug 04, 2024, 07:34 PM

Limited Time Offer

25%

Off

Get Premium NSE7_LED-7.0 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Gayla
21 days ago
Hey, at least it's not a DHCP question, am I right? Those always make me feel like I'm stuck in a labyrinth of IP addresses and subnet masks.
upvoted 0 times
...
Naomi
29 days ago
Ah, the good old 'update the Secret setting' trick. Classic FortiGate move. I bet that's the way to go. Gotta love those little networking quirks, am I right?
upvoted 0 times
...
Sena
1 months ago
Hold up, option C seems a bit out there. Changing the back-end server from LDAP to RADIUS? That's like trying to fit a square peg in a round hole. I'd steer clear of that one.
upvoted 0 times
Annice
11 days ago
User1: I agree, option C does seem a bit risky. It might cause more issues than it solves.
upvoted 0 times
...
...
Fausto
1 months ago
Hmm, my money's on option B. That NAS IP setting must be the key to getting that MSCHAP2 authentication working. Sounds like a classic networking issue to me.
upvoted 0 times
Dannette
9 days ago
User 2: Yeah, I agree. It sounds like a networking issue that needs to be addressed.
upvoted 0 times
...
Marleen
18 days ago
User 1: I think option B is the way to go. That NAS IP setting might be the problem.
upvoted 0 times
...
...
Jina
2 months ago
Well, this looks like a tricky one. If I had to guess, I'd say the solution is either A or D. Gotta love those RADIUS server configurations, am I right?
upvoted 0 times
...
Ramonita
2 months ago
I'm not sure about that. I think changing the back-end authentication server from LDAP to RADIUS could also solve the problem.
upvoted 0 times
...
Rebbeca
2 months ago
I agree with you, Herminia. Enabling Windows Active Directory Domain Authentication and updating the Secret setting should fix the issue.
upvoted 0 times
...
Herminia
2 months ago
I think the answer is A) and D)
upvoted 0 times
...

Save Cancel