Fortinet FCP_FAC_AD-6.5 Exam Practice Test Instant Access

Question 1

When performing a remote LDAP server integration with FortiAuthenticator, how do server type templates assist with the integration?

AThey autopopulate the simple and regular bind settings.

BThey automatically set the LDAP user auto provisioning settings.

CThey populate the query element fields with defined attribute and class values.

DThey define the connection security and domain authentication settings for each LDAP server you integrate with.

Answer : C

Server type templates in FortiAuthenticator assist LDAP integration by prepopulating the query element fields with the correct attribute and class values for the selected LDAP server type, simplifying configuration and ensuring accurate directory queries.

Question 2

At a minimum, which two configurations are required to enable captive portal services on FortiAuthenticator? (Choose two.)

AConfiguring at least one pre-login service

BConfiguring a portal policy

CConfiguring an external authentication portal

DConfiguring a RADIUS client

Answer : A, B

A pre-login service must be configured to define how users can access the portal before authentication.

A portal policy is required to determine authentication rules and behavior for captive portal access.

Question 3

Which FSSO discovery method transparently detects logged off users without having to rely on external features such as WMI polling?

ARADIUS accounting

BFortiClient SSO mobility agent

CDC polling

DWindows AD polling

Answer : B

The FortiClient SSO Mobility Agent runs on the endpoint and communicates login and logoff events directly to FortiAuthenticator, allowing transparent detection of logged-off users without relying on external mechanisms like WMI polling.

Question 4

When implementing FIDO2, which information, at a minimum, is stored with the service provider?

APassword and FIDO2 key name

BUsername and FIDO2 authenticator public key

CUsername and user-selected biometric authentication options

DThe last challenge signed by the FIDO2 private key

Answer : B

With FIDO2, the service provider stores at minimum the username and the FIDO2 authenticator's public key, which is used to verify authentication responses without storing sensitive private keys.

Question 5

An administrator has just learned that an intermediate CA certificate signed by a FortiAuthenticator device acting as the Root CA has been compromised.

Which two steps should the administrator take to resolve the security issue? (Choose two.)

ARevoke the Intermediate certificate so it is added to the CRL of the Root CA.

BRevoke all end-system and end-user certificates that this compromised intermediate CA has signed.

CCreate a new intermediate certificate with the same private key.

DUpdate the OCSP responder URLs for the certificate.

Answer : A, B

Revoking the compromised intermediate CA certificate adds it to the Root CA's CRL, preventing its further use.

All end-entity certificates issued by the compromised intermediate must be revoked, as their trust is no longer valid.

Question 6

Which two statements about asymmetric cryptography are true? (Choose two.)

APrivate keys are distributed in the server's digital certificates

BIt distributes key pairs to both the client and the server

CThe public key can be openly distributed

DIt uses a mathematically linked public and private key pair

Answer : C, D

In asymmetric cryptography, the public key can be openly shared without compromising security.

It relies on a mathematically linked public and private key pair, where one key encrypts and the other decrypts.

Question 7

You have implemented two-factor authentication to enhance security to sensitive enterprise systems.

How could you bypass the need for two-factor authentication for users accessing form specific secured networks?

AEnable Adaptive Authentication in the portal policy.

BSpecify the appropriate RADIUS clients in the authentication policy.

CCreate an admin realm in the authentication policy.

DEnable the Resolve user geolocation from their IP address option in the authentication policy

Answer : A

Enabling Adaptive Authentication in the portal policy allows FortiAuthenticator to apply contextual rules, such as bypassing two-factor authentication when users connect from specific secured networks.

Fortinet FCP - FortiAuthenticator 6.5 Administrator FCP_FAC_AD-6.5 Exam Practice Test