Which two features of FortiAuthenticator are used for EAP deployment? (Choose two)
- A . Certificate authority
- B . LDAP server
- C . MAC authentication bypass
- D . RADIUS server
Which EAP method is known as the outer authentication method?
- A . MSCHAPv2
- B . PEAP
- C . EAP-GTC
- D . EAP-TLS
You are a FortiAuthenticator administrator for a large organization. Users who are configured to use FortiToken 200 for two-factor authentication can no longer authenticate.
You have verified that only the users with two-factor authentication are experiencing the issue.
What can cause this issue?
- A . FortiToken 200 license has expired.
- B . One of the FortiAuthenticator devices in the active-active cluster has failed.
- C . Time drift between FortiAuthenticator and hardware tokens.
- D . FortiAuthenticator has lost contact with the FortiToken Cloud servers.
What is the function of RADIUS profiles and realms in authentication?
- A . They provide secure encryption for user data
- B . They enable remote access to user files
- C . They authenticate users based on their IP addresses
- D . They manage authentication settings and methods for RADIUS users
Which protocol is commonly used for RADIUS single sign-on (RSSO) to integrate third-party logon events with Fortinet Single Sign-On (FSSO)?
- A . HTTP
- B . SNMP
- C . RADIUS
- D . DNS
A device that is 802.1X non-compliant must be connected to the network.
Which authentication method can you use to authenticate the device with FortiAuthenticator?
- A . EAP-TTLS
- B . EAP-TLS
- C . MAC-based authentication
- D . Machine-based authentication
You are the administrator of a large network and you want to track your users by leveraging the FortiClient SSO Mobility Agent. As part of the deployment you want to make sure that a bad actor will not be allowed to authenticate with an unauthorized AD server and appear as a legitimate user when reported by the agent.
Which option can prevent such an attack?
- A . Add only the trusted AD servers to a valid servers group.
- B . Change the Secret key in the Enable authentication option for the FortiClient Mobility Agent Service.
- C . Enable the Enable RADIUS accounting SSO clients method.
- D . Enable the Enable NTLM option in the FortiClient Mobility Agent Service.
Which of the following services can be configured for remote authentication in FortiAuthenticator?
- A . Online shopping
- B . Social media integration
- C . Remote desktop access
- D . Virtual reality gaming
In a PKI infrastructure, what is the purpose of the root certificate?
- A . It is used for encrypting sensitive user data
- B . It is a backup certificate for emergency situations
- C . It is the certificate of the end user in a communication
- D . It is the highest-level certificate that signs other certificates
Which of the following is a recommended practice when configuring FortiAuthenticator for deployment?
- A . Disabling all authentication methods except one
- B . Using the default factory settings for quicker deployment
- C . Enabling all available authentication methods for flexibility
- D . Disabling all user roles to simplify access control
What is the benefit of integrating FortiAuthenticator with Active Directory for single sign-on?
- A . It prevents any user logon events from being recorded
- B . It allows users to authenticate using only their email addresses
- C . It centralizes user management and reduces password fatigue
- D . It requires users to use different credentials for different resources
In the context of FortiAuthenticator, what is the purpose of active authentication?
- A . Enforcing access controls based on user identity
- B . Encrypting network traffic
- C . Managing firewall rules
- D . Detecting hardware failures
Which of the following statements is true regarding RADIUS authentication?
- A . It only supports local user accounts
- B . It’s a protocol used exclusively for email authentication
- C . It’s commonly used for wireless network authentication
- D . It’s a type of biometric authentication
A system administrator wants to integrate FortiAuthenticator with an existing identity management system with the goal of authenticating and deauthenticating users into FSSO.
- A . The ability to import and export users from CSV files
- B . RADIUS learning mode for migrating users
- C . REST API
- D . SNMP monitoring and traps
FortiAuthenticator has several roles that involve digital certificates.
Which role allows FortiAuthenticator to receive the signed certificate signing requests (CSRs) and send certificate revocation lists (CRLs)?
- A . Remote LDAP server
- B . EAP server
- C . SCEP server
- D . OCSP server
Which statement about captive portal policies is true, assuming a single policy has been defined?
- A . Portal policies apply only to authentication requests coming from unknown RADIUS clients
- B . All conditions in the policy must match before a user is presented with the captive portal.
- C . Conditions in the policy apply only to wireless users.
- D . Portal policies can be used only for BYODs.
How can tags be used to generate Fortinet Single Sign-On (FSSO) events?
- A . By attaching physical tags to users’ devices
- B . By automatically categorizing logon events using predefined labels
- C . By sending notifications to users about authentication events
- D . By creating custom login screens
Which two types of digital certificates can you create in FortiAuthenticator? (Choose two.)
- A . Third-party root certificate
- B . User certificate
- C . Organization validation certificate
- D . Local services certificate
Which of the following is a benefit of using role-based access control (RBAC) in FortiAuthenticator?
- A . It eliminates the need for authentication
- B . It assigns the same permissions to all users
- C . It provides granular control over user access based on their roles
- D . It automatically generates strong passwords for users
What are tokens commonly used for in authentication systems?
- A . Sending text messages
- B . Displaying the current time
- C . Generating random security codes
- D . Storing biometric data
What is the purpose of configuring and managing user accounts in FortiAuthenticator?
- A . To create a separate network for users
- B . To generate secure passwords for users
- C . To control user access to resources based on their identity
- D . To monitor user’s internet usage patterns
You are an administrator for a large enterprise and you want to delegate the creation and management of guest users to a group of sponsors.
How would you associate the guest accounts with individual sponsors?
- A . As an administrator, you can assign guest groups to individual sponsors.
- B . Guest accounts are associated with the sponsor that creates the guest account.
- C . You can automatically add guest accounts to groups associated with specific sponsors.
- D . Select the sponsor on the guest portal, during registration.
What is the primary purpose of FortiAuthenticator portal services?
- A . To create custom web portals for online shopping
- B . To manage network firewalls
- C . To authenticate and provide access to local and remote users
- D . To host gaming servers for multiplayer online games
You have implemented two-factor authentication to enhance security to sensitive enterprise systems.
How could you bypass the need for two-factor authentication for users accessing form specific secured networks?
- A . Create an admin realm in the authentication policy.
- B . Specify the appropriate RADIUS clients in the authentication policy.
- C . Enable Adaptive Authentication in the portal policy.
- D . Enable the Resolve user geolocation from their IP address option in the authentication policy.
Which three of the following can be used as SSO sources? (Choose three)
- A . FortiClient SSO Mobility Agent
- B . SSH Sessions
- C . FortiAuthenticator in SAML SP role
- D . Fortigate
- E . RADIUS accounting