ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE7_LED-7.0 All Questions

View all questions & answers for the NSE7_LED-7.0 exam
Go to Exam

Exam NSE7_LED-7.0 topic 1 question 12 discussion

Actual exam question from Fortinet's NSE7_LED-7.0
Question #: 12
Topic #: 1
[All NSE7_LED-7.0 Questions]

Refer to the exhibit.

Examine the FortiManager configuration and FortiGate CLI output shown in the exhibit.
An administrator is testing the NAC feature. The test device is connected to a managed FortiSwitch device (S224EPTF19005867) on port2.
After applying the NAC policy on port2 and generating traffic on the test device, the test device is not matching the NAC policy; therefore, the test device remains in the onboarding VLAN.
Based on the information shown in the exhibit, which two scenarios are likely to cause this issue? (Choose two.)

  • A. Management communication between FortiGate and FortiSwitch is down.
  • B. The MAC address configured on the NAC policy is incorrect.
  • C. The device operating system detected by FortiGate is not Linux.
  • D. Device detection is not enabled on VLAN 4089.
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️
by Wallsee at Feb. 14, 2024, 8:49 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
_zero
4 months ago
Selected Answer: CD
Correct answer are C & D. A it's not correct because if the communication is down the FortiGate can't retrieve the switch information, and B it's not correct to, because both exhibit have the same mac-address.
upvoted 1 times
...
Artbrut
7 months, 2 weeks ago
Selected Answer: CD
unsure, but we don´t know if device detection is enabled on switch-controller and which OS the device is. https://docs.fortinet.com/document/fortiswitch/7.0.8/devices-managed-by-fortios/801195/enabling-network-assisted-device-detection
upvoted 2 times
Artbrut
7 months, 1 week ago
Study guide p. 229 - enable device detection
upvoted 1 times
Artbrut
7 months, 1 week ago
https://docs.fortinet.com/document/fortiswitch/7.4.2/fortilink-guide/173271/fortiswitch-network-access-control To show known NAC devices with a known location that match a NAC policy: diagnose switch-controller mac-device nac known To show pending NAC devices with an unknown location that match a NAC policy: diagnose switch-controller mac-device nac onboarding --> so I think it is B and C as the cli output shows, that the MAC address is known as a NAC device
upvoted 1 times
...
...
...
kinge2
8 months, 2 weeks ago
Selected Answer: BC
A incorrect because user wont be able to connect to port2 and generate traffic unless it is an unmanaged switch.
upvoted 1 times
...
Wallsee
8 months, 3 weeks ago
Selected Answer: AB
Option A is also true because the FortiSwitch device status is shown as down, which means that the management communication between FortiGate and FortiSwitch is not working properly. This could prevent the NAC policy from being applied correctly. Option C is false because the device operating system detected by FortiGate is Linux, which matches the NAC policy.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago