Fortinet NSE6_FAC-6.4 Exam Practice Test Instant Access

Question 1

What are three key features of FortiAuthenticator? (Choose three)

AIdentity management device

BLog server

CCertificate authority

DPortal services

ERSSO Server

Answer : A, C, D

FortiAuthenticator is a user and identity management solution that provides strong authentication, wireless 802.1X authentication, certificate management, RADIUS AAA (authentication, authorization, and accounting), and Fortinet Single Sign-On (FSSO). It also offers portal services for guest management, self-service password reset, and device registration. It is not a log server or an RSSO server. Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4/release-notes

Question 2

When you are setting up two FortiAuthenticator devices in active-passive HA, which HA role must you select on the master FortiAuthenticator?

AActive-passive master

BStandalone master

CCluster member

DLoad balancing master

Answer : A

When you are setting up two FortiAuthenticator devices in active-passive HA, you need to select the active-passive master role on the master FortiAuthenticator device. This role means that the device will handle all requests and synchronize data with the slave device until a failover occurs. The slave device must be configured as an active-passive slave role. The other roles are used for different HA modes, such as standalone (no HA), cluster (active-active), or load balancing (active-active with load balancing). Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372411/high-availability

Question 3

You are a Wi-Fi provider and host multiple domains.

How do you delegate user accounts, user groups and permissions per domain when they are authenticating on a single FortiAuthenticator device?

ACreate realms.

BCreate user groups

CCreate multiple directory trees on FortiAuthenticator

DAutomatically import hosts from each domain as they authenticate.

Answer : A

Realms are a way to delegate user accounts, user groups and permissions per domain when they are authenticating on a single FortiAuthenticator device. A realm is a logical grouping of users and groups based on a common attribute, such as a domain name or an IP address range. Realms allow administrators to apply different authentication policies and settings to different groups of users based on their realm membership.

Question 4

When configuring syslog SSO, which three actions must you take, in addition to enabling the syslog SSO method? (Choose three.)

AEnable syslog on the FortiAuthenticator interface.

BDefine a syslog source.

CSelect a syslog rule for message parsing.

DSet the same password on both the FortiAuthenticator and the syslog server.

ESet the syslog UDP port on FortiAuthenticator.

Answer : B, C, E

To configure syslog SSO, three actions must be taken, in addition to enabling the syslog SSO method:

Define a syslog source, which is a device that sends syslog messages to FortiAuthenticator containing user logon or logoff information.

Select a syslog rule for message parsing, which is a predefined or custom rule that defines how to extract the user name, IP address, and logon or logoff action from the syslog message.

Set the syslog UDP port on FortiAuthenticator, which is the port number that FortiAuthenticator listens on for incoming syslog messages.

Question 5

Which FSSO discovery method transparently detects logged off users without having to rely on external features such as WMI polling?

AWindows AD polling

BFortiClient SSO Mobility Agent

CRadius Accounting

DDC Polling

Answer : B

FortiClient SSO Mobility Agent is a FSSO discovery method that transparently detects logged off users without having to rely on external features such as WMI polling. FortiClient SSO Mobility Agent is a software agent that runs on Windows devices and communicates with FortiAuthenticator to provide FSSO information. The agent can detect user logon and logoff events without using WMI polling, which can reduce network traffic and improve performance.

Question 6

Which EAP method is known as the outer authentication method?

APEAP

BEAP-GTC

CEAP-TLS

DMSCHAPV2

Answer : A

PEAP is known as the outer authentication method because it establishes a secure tunnel between the client and the server using TLS. The inner authentication method, such as EAP-GTC, EAP-TLS, or MSCHAPV2, is then used to authenticate the client within the tunnel.

Question 7

A device or user identity cannot be established transparently, such as with non-domain BYOD devices, and allow users to create their own credentialis.

In this case, which user idendity discovery method can Fortiauthenticator use?

ASyslog messaging or SAML IDP

BKerberos-base authentication

CRadius accounting

DPortal authentication

Answer : D

Portal authentication is a user identity discovery method that can be used when a device or user identity cannot be established transparently, such as with non-domain BYOD devices, and allow users to create their own credentials. Portal authentication requires users to enter their credentials on a web page before accessing network resources. The other methods are used for transparent identification of domain devices or users. Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372406/user-identity-discovery

Fortinet NSE6_FAC-6.4 Fortinet NSE 6 - FortiAuthenticator 6.4 Exam Practice Test