NSE 7 – LAN Edge 7.0 — Question 29

A wireless network in a school provides guest access using a captive portal to allow unregistered users to self-register and access the network. The administrator is requested to update the existing configuration to provide captive portal authentication through a secure connection (HTTPS).
Which two changes must the administrator make to enforce HTTPS authentication? (Choose two.)

Answer options

• A. Create a new SSID with the HTTPS captive portal URL.
• B. Enable HTTP redirect in the user authentication settings.
• C. Disable HTTP administrative access on the guest SSID to enforce HTTPS connection.
• D. Update the captive portal URL to use HTTPS on FortiGate and FortiAuthenticator.

Correct answer: B, D

Explanation

The correct answers are B and D because enabling HTTP redirect ensures that any HTTP requests are redirected to HTTPS, thus securing the authentication process. Updating the captive portal URL to use HTTPS on FortiGate and FortiAuthenticator is essential to ensure that all traffic to the portal is encrypted. The other options do not directly enforce HTTPS for user authentication.