Fortinet Exam NSE7_LED-7.0 Topic 3 Question 27 Discussion

Actual exam question for Fortinet's NSE7_LED-7.0 exam

Question #: 27
Topic #: 3

Refer to the exhibit.

Examine the IPsec VPN phase 1 configuration shown in the exhibit

An administrator wants to use certificate-based authentication for an IPsec VPN user

Which three configuration changes must you make on FortiGate to perform certificate-based authentication for the IPsec VPN user? (Choose three)

ACreate a PKI user for the IPsec VPN user, and then configure the IPsec VPN tunnel to accept the PKI user as peer certificate.

BIn the IKE section of the IPsec VPN tunnel, in the Mode field, select Main (ID protection).

CImport the CA that signed the user certificate.

DEnable XAUTH on the IPsec VPN tunnel.

EIn the Authentication section of the IPsec VPN tunnel, in the Method drop-down list, select Signature, and then select the certificate that FortiGate will use for IPsec VPN.

Show Suggested Answer

Suggested Answer: C, D

According to the FortiManager Administration Guide, ''Central management mode allows you to manage all FortiSwitch devices from a single interface on the FortiManager device.'' Therefore, option C is true because the exhibit shows that the FortiSwitch manager is enabled and the FortiSwitch device is managed by the FortiManager device. Option D is also true because the exhibit shows that the FortiSwitch device status is offline, which means that it is not reachable by the FortiManager device, but it is authorized, which means that it has been added to the FortiManager device. Option A is false because per-device management mode allows you to manage each FortiSwitch device individually from its own web-based manager or CLI, which is not the case in the exhibit. Option B is false because the FortiSwitch device is authorized, as explained above.

by Terrilyn at Aug 22, 2024, 07:33 AM

Limited Time Offer

25%

Off

Get Premium NSE7_LED-7.0 Questions as Interactive Web-Based Practice Test or PDF