Fortinet NSE6_FAC-6.4 Practice Test - Questions Answers, Page 3

To allow members of only specific AD groups to participate in FSSO with their corporate FortiGate firewalls, the administrator can configure SSO groups and assign them to FortiGate groups. SSO groups are groups of users or devices that are defined on FortiAuthenticator based on various criteria, such as user group membership, source IP address, MAC address, or device type. FortiGate groups are groups of users or devices that are defined on FortiGate based on various criteria, such as user group membership, firewall policy, or authentication method. By mapping SSO groups to FortiGate groups, the administrator can control which users or devices can access the network resources protected by FortiGate.

Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administrationguide/ 906179/single-sign-on#sso-groups

FortiClient SSO Mobility Agent is a FSSO discovery method that transparently detects logged off users without having to rely on external features such as WMI polling. FortiClient SSO Mobility Agent is a software agent that runs on Windows devices and communicates with FortiAuthenticator to provide FSSO information. The agent can detect user logon and logoff events without using WMI polling, which can reduce network traffic and improve performance.

Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administrationguide/ 906179/single-sign-on#forticlient-sso-mobility-agent

TOTP stands for Time-based One-time Password, which is a type of OTP that is generated based on two pieces of information: time and seed. The time is the current timestamp that is synchronized between the client and the server. The seed is a secret key that is shared between the client and the server. The TOTP algorithm combines the time and the seed to generate a unique and short-lived OTP that can be used for two-factor authentication.

Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administrationguide/ 906179/two-factor-authentication#totp

Reference: https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortitoken.pdf HOTP stands for HMAC-based One-time Password, which is an OATH-based standard to generate event-based OTP tokens. HOTP uses a cryptographic hash function called HMAC (Hash-based Message Authentication Code) to generate OTPs based on two pieces of information: a secret key and a counter. The counter is incremented by one after each OTP generation, creating an eventbased sequence of OTPs.

Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administrationguide/ 906179/two-factor-authentication#hotp

To configure syslog SSO, three actions must be taken, in addition to enabling the syslog SSO method:

Define a syslog source, which is a device that sends syslog messages to FortiAuthenticator containing user logon or logoff information.

Select a syslog rule for message parsing, which is a predefined or custom rule that defines how to extract the user name, IP address, and logon or logoff action from the syslog message.

Set the syslog UDP port on FortiAuthenticator, which is the port number that FortiAuthenticator listens on for incoming syslog messages.

Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administrationguide/ 906179/single-sign-on#syslog-sso

The inbound proxy setting provides the ability for FortiAuthenticator to determine the origin source

IP address after traffic passes through a proxy for system access. The inbound proxy setting allows FortiAuthenticator to use the X-Forwarded-For header in the HTTP request to identify the original client IP address. This can help FortiAuthenticator apply the correct authentication policy or portal policy based on the source IP address.

Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administrationguide/ 906179/system-settings#inbound-proxy