Fortinet nse6-fac-6-1 practice test

Which two features of FortiAuthenticator are used for EAP deployment? (Choose two)

• A. Certificate authority
• B. LDAP server
• C. MAC authentication bypass
• D. RADIUS server

Which behaviors exist for certificate revocation lists (CRLs) on FortiAuthenticator? (Choose two)

• A. CRLs contain the serial number of the certificate that has been revoked
• B. Revoked certificates are automaticlly placed on the CRL
• C. CRLs can be exported only through the SCEP server
• D. All local CAs share the same CRLs

You are a FortiAuthenticator administrator for a large organization. Users who are configured to use
FortiToken 200 for two-factor authentication can no longer authenticate. You have verified that only
the users with two-factor authentication are experiencing the issue.
What can couse this issue?

• A. On of the FortiAuthenticator devices in the active-active cluster has failed
• B. FortiAuthenticator has lose contact with the FortiToken Cloud servers
• C. FortiToken 200 licence has expired
• D. Time drift between FortiAuthenticator and hardware tokens

Which two statements about the EAP-TTLS authentication method are true? (Choose two)

• A. Uses mutual authentication
• B. Uses digital certificates only on the server side
• C. Requires an EAP server certificate
• D. Support a port access control (wired) solution only

When you are setting up two FortiAuthenticator devices in active-passive HA, which HA role must
you select on the master FortiAuthenticator?

• A. Active-passive master
• B. Standalone master
• C. Cluster member
• D. Load balancing master

Which EAP method is known as the outer authentication method?

• A. PEAP
• B. EAP-GTC
• C. EAP-TLS
• D. MSCHAPV2

Refer to the exhibit.
Examine the screenshot shown in the exhibit.

Which two statements regarding the configuration are true? (Choose two)

• A. All guest accounts created using the account registration feature will be placed under the Guest_Portal_Users group
• B. All accounts registered through the guest portal must be validated through email
• C. Guest users must fill in all the fields on the registration form
• D. Guest user account will expire after eight hours

Which statement about the guest portal policies is true?

• A. Guest portal policies apply only to authentication requests coming from unknown RADIUS clients
• B. Guest portal policies can be used only for BYODs
• C. Conditions in the policy apply only to guest wireless users
• D. All conditions in the policy must match before a user is presented with the guest portal

Which two capabilities does FortiAuthenticator offer when acting as a self-signed or local CA?
(Choose two)

• A. Validating other CA CRLs using OSCP
• B. Importing other CA certificates and CRLs
• C. Merging local and remote CRLs using SCEP
• D. Creating, signing, and revoking of X.509 certificates

Which three of the following can be used as SSO sources? (Choose three)

• A. FortiClient SSO Mobility Agent
• B. SSH Sessions
• C. FortiAuthenticator in SAML SP role
• D. Fortigate
• E. RADIUS accounting

You are the administrator of a large network that includes a large local user datadabase on the
current Fortiauthenticatior. You want to import all the local users into a new Fortiauthenticator
device.
Which method should you use to migrate the local users?

• A. Import users using RADIUS accounting updates.
• B. Import the current directory structure.
• C. Import users from RADUIS.
• D. Import users using a CSV file.

Which two types of digital certificates can you create in Fortiauthenticator? (Choose two)

• A. User certificate
• B. Organization validation certificate
• C. Third-party root certificate
• D. Local service certificate

What happens when a certificate is revoked? (Choose two)

• A. Revoked certificates cannot be reinstated for any reason
• B. All certificates signed by a revoked CA certificate are automatically revoked
• C. Revoked certificates are automatically added to the CRL
• D. External CAs will priodically query Fortiauthenticator and automatically download revoked certificates

Which two SAML roles can Fortiauthenticator be configured as? (Choose two)

• A. Idendity provider
• B. Principal
• C. Assertion server
• D. Service provider

A device or user identity cannot be established transparently, such as with non-domain BYOD
devices, and allow users to create their own credentialis.
In this case, which user idendity discovery method can Fortiauthenticator use?

• A. Syslog messaging or SAML IDP
• B. Kerberos-base authentication
• C. Radius accounting
• D. Portal authentication