ExamGecko
Search Search Login
Home Home / Fortinet / NSE6_FAC-6.4

Fortinet NSE6_FAC-6.4 Practice Test - Questions Answers, Page 5

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which two protocols are the default management access protocols for administrative access for FortiAuthenticator? (Choose two)
What are three key features of FortiAuthenticator? (Choose three)
Which statement about the guest portal policies is true?
Which three of the following can be used as SSO sources? (Choose three)
What capability does the inbound proxy setting provide?
Which of the following is an OATH-based standard to generate event-based, one-time password tokens?
Which statement about the assignment of permissions for sponsor and administrator accounts is true?
Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion?
Why would you configure an OCSP responder URL in an end-entity certificate?
You have implemented two-factor authentication to enhance security to sensitive enterprise systems. How could you bypass the need for two-factor authentication for users accessing form specific secured networks?

Question 41

Report
Export
Collapse

Which statement about the guest portal policies is true?

A.
Guest portal policies apply only to authentication requests coming from unknown RADIUS clients
A.
Guest portal policies apply only to authentication requests coming from unknown RADIUS clients
Answers
B.
Guest portal policies can be used only for BYODs
B.
Guest portal policies can be used only for BYODs
Answers
C.
Conditions in the policy apply only to guest wireless users
C.
Conditions in the policy apply only to guest wireless users
Answers
D.
All conditions in the policy must match before a user is presented with the guest portal
D.
All conditions in the policy must match before a user is presented with the guest portal
Answers
Suggested answer: D

Explanation:

Guest portal policies are rules that determine when and how to present the guest portal to users who want to access the network. Each policy has a set of conditions that can be based on various factors, such as the source IP address, MAC address, RADIUS client, user agent, or SSID. All conditions in the policy must match before a user is presented with the guest portal. Guest portal policies can apply to any authentication request coming from any RADIUS client, not just unknown ones. They can also be used for any type of device, not just BYODs. They can also apply to wired or VPN users, not just wireless users. Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372404/guestmanagement/ 372406/portal-policies

Question 42

Report
Export
Collapse

When you are setting up two FortiAuthenticator devices in active-passive HA, which HA role must you select on the master FortiAuthenticator?

A.
Active-passive master
A.
Active-passive master
Answers
B.
Standalone master
B.
Standalone master
Answers
C.
Cluster member
C.
Cluster member
Answers
D.
Load balancing master
D.
Load balancing master
Answers
Suggested answer: A

Explanation:

When you are setting up two FortiAuthenticator devices in active-passive HA, you need to select the active-passive master role on the master FortiAuthenticator device. This role means that the device will handle all requests and synchronize data with the slave device until a failover occurs. The slave device must be configured as an active-passive slave role. The other roles are used for different HA modes, such as standalone (no HA), cluster (active-active), or load balancing (active-active with load balancing). Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4/administrationguide/ 372411/high-availability

Question 43

Report
Export
Collapse

Which two statements about the EAP-TTLS authentication method are true? (Choose two)

A.
Uses mutual authentication
A.
Uses mutual authentication
Answers
B.
Uses digital certificates only on the server side
B.
Uses digital certificates only on the server side
Answers
C.
Requires an EAP server certificate
C.
Requires an EAP server certificate
Answers
D.
Support a port access control (wired) solution only
D.
Support a port access control (wired) solution only
Answers
Suggested answer: B, C

Explanation:

EAP-TTLS is an authentication method that uses digital certificates only on the server side to establish a secure tunnel between the server and the client. The client does not need a certificate but can use any inner authentication method supported by the server, such as PAP, CHAP, MS-CHAP, or EAP-MD5. EAP-TTLS requires an EAP server certificate that is issued by a trusted CA and installed on the FortiAuthenticator device acting as the EAP server. EAP-TTLS supports both wireless and wired solutions for port access control. Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372412/eap-ttls

Question 44

Report
Export
Collapse

Which behaviors exist for certificate revocation lists (CRLs) on FortiAuthenticator? (Choose two)

A.
CRLs contain the serial number of the certificate that has been revoked
A.
CRLs contain the serial number of the certificate that has been revoked
Answers
B.
Revoked certificates are automaticlly placed on the CRL
B.
Revoked certificates are automaticlly placed on the CRL
Answers
C.
CRLs can be exported only through the SCEP server
C.
CRLs can be exported only through the SCEP server
Answers
D.
All local CAs share the same CRLs
D.
All local CAs share the same CRLs
Answers
Suggested answer: A, B

Explanation:

CRLs are lists of certificates that have been revoked by the issuing CA and should not be trusted by any entity. CRLs contain the serial number of the certificate that has been revoked, the date and time of revocation, and the reason for revocation. Revoked certificates are automatically placed on the CRL by the CA and the CRL is updated periodically. CRLs can be exported through various methods, such as HTTP, LDAP, or SCEP. Each local CA has its own CRL that is specific to its issued certificates.

Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4/administrationguide/ 372408/certificate-management/372413/certificate-revocation-lists

Question 45

Report
Export
Collapse

What are three key features of FortiAuthenticator? (Choose three)

A.
Identity management device
A.
Identity management device
Answers
B.
Log server
B.
Log server
Answers
C.
Certificate authority
C.
Certificate authority
Answers
D.
Portal services
D.
Portal services
Answers
E.
RSSO Server
E.
RSSO Server
Answers
Suggested answer: A, C, D

Explanation:

FortiAuthenticator is a user and identity management solution that provides strong authentication, wireless 802.1X authentication, certificate management, RADIUS AAA (authentication, authorization, and accounting), and Fortinet Single Sign-On (FSSO). It also offers portal services for guest management, self-service password reset, and device registration. It is not a log server or an RSSO server. Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4/release-notes

Question 46

Report
Export
Collapse

Which method is the most secure way of delivering FortiToken data once the token has been seeded?

A.
Online activation of the tokens through the FortiGuard network
A.
Online activation of the tokens through the FortiGuard network
Answers
B.
Shipment of the seed files on a CD using a tamper-evident envelope
B.
Shipment of the seed files on a CD using a tamper-evident envelope
Answers
C.
Using the in-house token provisioning tool
C.
Using the in-house token provisioning tool
Answers
D.
Automatic token generation using FortiAuthenticator
D.
Automatic token generation using FortiAuthenticator
Answers
Suggested answer: A

Explanation:

Online activation of the tokens through the FortiGuard network is the most secure way of delivering FortiToken data once the token has been seeded because it eliminates the risk of seed files being compromised during transit or storage. The other methods involve physical or manual delivery of seed files which can be intercepted, lost, or stolen. Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372403/fortitoken

Question 47

Report
Export
Collapse

At a minimum, which two configurations are required to enable guest portal services on FortiAuthenticator? (Choose two)

A.
Configuring a portal policy
A.
Configuring a portal policy
Answers
B.
Configuring at least on post-login service
B.
Configuring at least on post-login service
Answers
C.
Configuring a RADIUS client
C.
Configuring a RADIUS client
Answers
D.
Configuring an external authentication portal
D.
Configuring an external authentication portal
Answers
Suggested answer: A, B

Explanation:

enable guest portal services on FortiAuthenticator, you need to configure a portal policy that defines the conditions for presenting the guest portal to users and the authentication methods to use. You also need to configure at least one post-login service that defines what actions to take after a user logs in successfully, such as sending an email confirmation, assigning a VLAN, or creating a user account. Configuring a RADIUS client or an external authentication portal are optional steps that depend on your network setup and requirements. Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372404/guestmanagement


Total 47 questions
Go to page: of 5
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms