Fortinet NSE6_FAC-6.4 Practice Test - Questions Answers, Page 2

PEAP is known as the outer authentication method because it establishes a secure tunnel between the client and the server using TLS. The inner authentication method, such as EAP-GTC, EAP-TLS, or MSCHAPV2, is then used to authenticate the client within the tunnel.

Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administrationguide/ 906179/wireless-802-1x-authentication#peap

To monitor FortiAuthenticator system information and receive FortiAuthenticator traps through SNMP, two configurations must be performed after enabling SNMP access on the FortiAuthenticator interface:

Set the thresholds to trigger SNMP traps for various system events, such as CPU usage, disk usage, memory usage, or temperature.

Upload management information base (MIB) files to SNMP server to enable the server to interpret the SNMP traps sent by FortiAuthenticator.

Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administrationguide/ 906179/system-settings#snmp

Two features of FortiAuthenticator that are used for EAP deployment are certificate authority and

RADIUS server. Certificate authority allows FortiAuthenticator to issue and manage digital certificates for EAP methods that require certificate-based authentication, such as EAP-TLS or PEAP-EAP-TLS.

RADIUS server allows FortiAuthenticator to act as an authentication server for EAP methods that use RADIUS as a transport protocol, such as EAP-GTC or PEAP-MSCHAPV2.

Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administrationguide/ 906179/wireless-802-1x-authentication

A SAML metadata file can be used to import the required IDP configuration for SAML service provider mode. A SAML metadata file is an XML file that contains information about the identity provider (IDP) and the service provider (SP), such as their entity IDs, endpoints, certificates, and attributes. By importing a SAML metadata file from the IDP, FortiAuthenticator can automatically configure the necessary settings for SAML service provider mode.

Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administrationguide/ 906179/saml-service-provider#saml-metadata

REST API is a feature that allows FortiAuthenticator to integrate with an existing identity management system with the goal of authenticating and deauthenticating users into FSSO. REST API stands for Representational State Transfer Application Programming Interface, which is a method of exchanging data between different systems using HTTP requests and responses. FortiAuthenticator provides a REST API that can be used by external systems to perform various actions, such as creating, updating, deleting, or querying users and groups, or sending FSSO logon or logoff events.

Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administrationguide/ 906179/rest-api

Captive portal policies are used to define the conditions and settings for presenting a captive portal to users who need to authenticate before accessing the network. A captive portal policy consists of a set of conditions and a set of actions. The conditions can be based on various attributes, such as source IP address, MAC address, user group, device type, or RADIUS client. The actions can include redirecting the user to a specific portal, applying a specific authentication method, or assigning a specific VLAN or firewall policy. A single policy can have multiple conditions, and all conditions in the policy must match before a user is presented with the captive portal.

Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administrationguide/ 906179/portal-services#captive-portal-policies

HTTP/HTTPS are the interface services that must be enabled for the SCEP client to connect to FortiAuthenticator. SCEP stands for Simple Certificate Enrollment Protocol, which is a method of requesting and issuing digital certificates over HTTP or HTTPS. FortiAuthenticator supports SCEP as a certificate authority (CA) and can process SCEP requests from SCEP clients. To enable SCEP on FortiAuthenticator, the HTTP or HTTPS service must be enabled on the interface that receives the SCEP requests.

Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administrationguide/ 906179/certificate-management#scep

Both sponsor and administrator account permissions are assigned using admin profiles. An admin profile is a set of permissions that defines what actions an administrator or a sponsor can perform on

FortiAuthenticator. An admin profile can be assigned to an admin group or an individual admin user.

A sponsor is a special type of admin user who can create and manage guest accounts on behalf of other users.

Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administrationguide/ 906179/administrators#admin-profiles

HTTPS and SSH are the default management access protocols for administrative access for FortiAuthenticator. HTTPS allows administrators to access the web-based GUI of FortiAuthenticator using a web browser and a secure connection. SSH allows administrators to access the CLI of FortiAuthenticator using an SSH client and an encrypted connection. Both protocols require the administrator to enter a valid username and password to log in.

Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/system-settings#management-access