Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam NSE7_LED-7.0 Topic 1 Question 22 Discussion

Actual exam question for Fortinet's NSE7_LED-7.0 exam
Question #: 22
Topic #: 1
[All NSE7_LED-7.0 Questions]

Refer to the exhibit.

Examine the FortiGate user group configuration and the Windows AD LDAP group membership information shown in the exhibit

FortiGate is configured to authenticate SSL VPN users against Windows AD using LDAP The administrator configured the SSL VPN user group for SSL VPN users However the administrator noticed that both the student and j smith users can connect to SSL VPN

Which change can the administrator make on FortiGate to restrict the SSL VPN service to the student user only?

Show Suggested Answer Hide Answer
Suggested Answer: A, B

According to the exhibit, the wireless guest users are getting a certificate error while loading the captive portal login page. This means that the browser cannot verify the identity of the server that is hosting the login page. Therefore, option A is true because the external server FQDN is incorrect, which means that it does not match the common name or subject alternative name of the server certificate. Option B is also true because the wireless user's browser is missing a CA certificate, which means that it does not have the root or intermediate certificate that issued the server certificate. Option C is false because the FortiGate authentication interface address is using HTTPS, which is a secure protocol that encrypts the communication between the browser and the server. Option D is false because the user address is not in DDNS form, which is not related to the certificate error.


Contribute your Thoughts:

Jill
2 days ago
The correct answer is A. The group name needs to match the LDAP group name exactly to restrict access to the student user only.
upvoted 0 times
...
Val
6 days ago
Hmm, that makes sense too. I guess we have different opinions on this question.
upvoted 0 times
...
Harrison
9 days ago
I disagree, I believe the correct answer is D, changing the Type to Fortinet Single Sign-On would be the best way to restrict access.
upvoted 0 times
...
Val
10 days ago
I think the answer is A, because it mentions setting the Group Name to restrict access to the SSL VPN service.
upvoted 0 times
...

Save Cancel