Fortinet nse6-fac-6-1 practice test

Fortinet NSE 6 - FortiAuthenticator 6.1 Exam

Last exam update: Dec 15 ,2024
Page 1 out of 2. Viewing questions 1-15 out of 30

Question 1

Which two statement about the RADIUS service on FortiAuthenticator are true? (Choose two)

  • A. Two-factor authentication cannot be enforced when using RADIUS authentication
  • B. RADIUS users can migrated to LDAP users
  • C. Only local users can be authenticated through RADIUS
  • D. FortiAuthenticator answers only to RADIUS client that are registered with FortiAuthenticator
Mark Question:
Answer:

B, D


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

At a minimum, which two configurations are required to enable guest portal services on
FortiAuthenticator? (Choose two)

  • A. Configuring a portal policy
  • B. Configuring at least on post-login service
  • C. Configuring a RADIUS client
  • D. Configuring an external authentication portal
Mark Question:
Answer:

A, B


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

You want to monitor FortiAuthenticator system information and receive FortiAuthenticator traps
through SNMP.
Which two configurations must be performed after enabling SNMP access on the FortiAuthenticator
interface? (Choose two)

  • A. Enable logging services
  • B. Set the tresholds to trigger SNMP traps
  • C. Upload management information base (MIB) files to SNMP server
  • D. Associate an ASN, 1 mapping rule to the receiving host
Mark Question:
Answer:

B, C


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Which method is the most secure way of delivering FortiToken data once the token has been seeded?

  • A. Online activation of the tokens through the FortiGuard network
  • B. Shipment of the seed files on a CD using a tamper-evident envelope
  • C. Using the in-house token provisioning tool
  • D. Automatic token generation using FortiAuthenticator
Mark Question:
Answer:

B


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Which two protocols are the default management access protocols for administrative access for
FortiAuthenticator? (Choose two)

  • A. Telnet
  • B. HTTPS
  • C. SSH
  • D. SNMP
Mark Question:
Answer:

B, C


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

What are three key features of FortiAuthenticator? (Choose three)

  • A. Identity management device
  • B. Log server
  • C. Certificate authority
  • D. Portal services
  • E. RSSO Server
Mark Question:
Answer:

A, C, D


User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 7

Which network configuration is required when deploying FortiAuthenticator for portal services?

  • A. FortiAuthenticator must have the REST API access enable on port1
  • B. One of the DNS servers must be a FortiGuard DNS server
  • C. Fortigate must be setup as default gateway for FortiAuthenticator
  • D. Policies must have specific ports open between FortiAuthenticator and the authentication clients
Mark Question:
Answer:

D


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

You are a Wi-Fi provider and host multiple domains. How do you delegate user accounts, user groups
and permissions per domain when they are authenticating on a single FortiAuthenticator device?

  • A. Automatically import hosts from each domain as they authenticate
  • B. Create multiple directory trees on FortiAuthenticator
  • C. Create realms
  • D. Create user groups
Mark Question:
Answer:

C


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Which of the following is an QATH-based standart to generate event-based, one-time password
tokens?

  • A. OLTP
  • B. SOTP
  • C. HOTP
  • D. TOTP
Mark Question:
Answer:

C


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Which two statements about the self-service portal are true? (Choose two)

  • A. Self-registration information can be sent to the user through email or SMS
  • B. Realms can be used to configure which seld-registered users or groups can authenticate on the network
  • C. Administrator approval is required for all self-registration
  • D. Authenticating users must specify domain name along with username
Mark Question:
Answer:

A, B


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Which two features of FortiAuthenticator are used for EAP deployment? (Choose two)

  • A. Certificate authority
  • B. LDAP server
  • C. MAC authentication bypass
  • D. RADIUS server
Mark Question:
Answer:

A, D


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

Which behaviors exist for certificate revocation lists (CRLs) on FortiAuthenticator? (Choose two)

  • A. CRLs contain the serial number of the certificate that has been revoked
  • B. Revoked certificates are automaticlly placed on the CRL
  • C. CRLs can be exported only through the SCEP server
  • D. All local CAs share the same CRLs
Mark Question:
Answer:

A, B


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

You are a FortiAuthenticator administrator for a large organization. Users who are configured to use
FortiToken 200 for two-factor authentication can no longer authenticate. You have verified that only
the users with two-factor authentication are experiencing the issue.
What can couse this issue?

  • A. On of the FortiAuthenticator devices in the active-active cluster has failed
  • B. FortiAuthenticator has lose contact with the FortiToken Cloud servers
  • C. FortiToken 200 licence has expired
  • D. Time drift between FortiAuthenticator and hardware tokens
Mark Question:
Answer:

D


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

Which two statements about the EAP-TTLS authentication method are true? (Choose two)

  • A. Uses mutual authentication
  • B. Uses digital certificates only on the server side
  • C. Requires an EAP server certificate
  • D. Support a port access control (wired) solution only
Mark Question:
Answer:

B, C


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

When you are setting up two FortiAuthenticator devices in active-passive HA, which HA role must
you select on the master FortiAuthenticator?

  • A. Active-passive master
  • B. Standalone master
  • C. Cluster member
  • D. Load balancing master
Mark Question:
Answer:

C


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2