Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Fortinet Exam NSE7_LED-7.0 Topic 3 Question 26 Discussion

Actual exam question for Fortinet's NSE7_LED-7.0 exam
Question #: 26
Topic #: 3
[All NSE7_LED-7.0 Questions]

Refer to the exhibit.

Examine the RADIUS server configuration shown in the exhibit

An administrator has configured a RADIUS server on FortiGate that points to FortiAuthenticator FortiAuthenticator is acting as an authentication proxy and is configured to relay all authentication requests to a remote Windows AD server using LDAP

While testing the configuration the administrator noticed that the diagnose test authserver command worked with PAP, however authentication requests failed when using MSCHAP2

Which two solutions can the administrator implement to get MSCHAP2 authentication to work'' (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: A, B

According to the exhibit, the wireless guest users are getting a certificate error while loading the captive portal login page. This means that the browser cannot verify the identity of the server that is hosting the login page. Therefore, option A is true because the external server FQDN is incorrect, which means that it does not match the common name or subject alternative name of the server certificate. Option B is also true because the wireless user's browser is missing a CA certificate, which means that it does not have the root or intermediate certificate that issued the server certificate. Option C is false because the FortiGate authentication interface address is using HTTPS, which is a secure protocol that encrypts the communication between the browser and the server. Option D is false because the user address is not in DDNS form, which is not related to the certificate error.


by Anjelica at Aug 04, 2024, 07:34 PM

Limited Time Offer

25%

Off

Get Premium NSE7_LED-7.0 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Gayla
1 months ago
Hey, at least it's not a DHCP question, am I right? Those always make me feel like I'm stuck in a labyrinth of IP addresses and subnet masks.
upvoted 0 times
Verdell
12 days ago
A) On FortiAuthenticator enable Windows Active Directory Domain Authentication to add FortiAuthenticator to the Windows domain
upvoted 0 times
...
...
Naomi
1 months ago
Ah, the good old 'update the Secret setting' trick. Classic FortiGate move. I bet that's the way to go. Gotta love those little networking quirks, am I right?
upvoted 0 times
...
Sena
2 months ago
Hold up, option C seems a bit out there. Changing the back-end server from LDAP to RADIUS? That's like trying to fit a square peg in a round hole. I'd steer clear of that one.
upvoted 0 times
Corinne
2 days ago
User1: Definitely, let's stick to those two options and see if they help with the authentication issue.
upvoted 0 times
...
Ramonita
5 days ago
User2: Yeah, I think we should focus on options A and D instead. They seem like safer choices.
upvoted 0 times
...
Annice
24 days ago
User1: I agree, option C does seem a bit risky. It might cause more issues than it solves.
upvoted 0 times
...
...
Fausto
2 months ago
Hmm, my money's on option B. That NAS IP setting must be the key to getting that MSCHAP2 authentication working. Sounds like a classic networking issue to me.
upvoted 0 times
Maybelle
5 hours ago
Dannette: Good point. Let's try both options B and D to see if that solves the authentication problem.
upvoted 0 times
...
Eun
5 days ago
User 3: Maybe we should also consider updating the Secret setting on the RADIUS server.
upvoted 0 times
...
Dannette
22 days ago
User 2: Yeah, I agree. It sounds like a networking issue that needs to be addressed.
upvoted 0 times
...
Marleen
1 months ago
User 1: I think option B is the way to go. That NAS IP setting might be the problem.
upvoted 0 times
...
...
Jina
2 months ago
Well, this looks like a tricky one. If I had to guess, I'd say the solution is either A or D. Gotta love those RADIUS server configurations, am I right?
upvoted 0 times
...
Ramonita
2 months ago
I'm not sure about that. I think changing the back-end authentication server from LDAP to RADIUS could also solve the problem.
upvoted 0 times
...
Rebbeca
2 months ago
I agree with you, Herminia. Enabling Windows Active Directory Domain Authentication and updating the Secret setting should fix the issue.
upvoted 0 times
...
Herminia
2 months ago
I think the answer is A) and D)
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77