NSE6_FAC-6.4 exam

You have implemented two-factor authentication to enhance security to sensitive enterprise systems. How could you bypass the need for two-factor authentication for users accessing form specific secured networks?A . Create an admin realm in the authentication policy B. Specify the appropriate RADIUS clients in the authentication policy C. Enable Adaptive...

Which EAP method is known as the outer authentication method?A . PEAP B. EAP-GTC C. EAP-TLS D. MSCHAPV2View AnswerAnswer: A Explanation: PEAP is known as the outer authentication method because it establishes a secure tunnel between the client and the server using TLS. The inner authentication method, such as EAP-GTC,...

Which network configuration is required when deploying FortiAuthenticator for portal services?A . FortiAuthenticator must have the REST API access enable on port1 B. One of the DNS servers must be a FortiGuard DNS server C. Fortigate must be setup as default gateway for FortiAuthenticator D. Policies must have specific ports...

Which two types of digital certificates can you create in Fortiauthenticator? (Choose two)A . User certificate B. Organization validation certificate C. Third-party root certificate D. Local service certificateView AnswerAnswer: A, D Explanation: FortiAuthenticator can create two types of digital certificates: user certificates and local service certificates. User certificates are issued...

Why would you configure an OCSP responder URL in an end-entity certificate?A . To designate the SCEP server to use for CRL updates for that certificate B. To identify the end point that a certificate has been assigned to C. To designate a server for certificate status checking D. To...

How can a SAML metada file be used?A . To defined a list of trusted user names B. To import the required IDP configuration C. To correlate the IDP address to its hostname D. To resolve the IDP realm for authenticationView AnswerAnswer: B Explanation: A SAML metadata file can be...

Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion?A . Service provider contacts idendity provider, idendity provider validates principal for service provider, service provider establishes communication with principal B. Principal contacts idendity provider and is redirected to service provider, principal establishes connection...

Examine the screenshot shown in the exhibit. Which two statements regarding the configuration are true? (Choose two.)A . All guest accounts created using the account registration feature will be placed under the Guest_Portal_Users group B. All accounts registered through the guest portal must be validated through email C. Guest users...

An administrator is integrating FortiAuthenticator with an existing RADIUS server with the intent of eventually replacing the RADIUS server with FortiAuthenticator. How can FortiAuthenticator help facilitate this process?A . By configuring the RADIUS accounting proxy B. By enabling automatic REST API calls from the RADIUS server C. By enabling learning...

You are an administrator for a large enterprise and you want to delegate the creation and management of guest users to a group of sponsors. How would you associate the guest accounts with individual sponsors?A . As an administrator, you can assign guest groups to individual sponsors. B. Guest accounts...