NSE6_FAC-6.1 Online Practice Questions and Answers

Which two statements about the EAP-TTLS authentication method are true? (Choose two)

A. Uses mutualauthentication

B. Uses digital certificates only on the server side

C. Requires an EAP server certificate

D. Support a port access control (wired) solution only

You are the administrator of a large network that includes a large local user datadabase on the current Fortiauthenticatior. You want to import all the local users into a new Fortiauthenticator device.

Which method should you use to migrate the local users?

A. Import users using RADIUS accounting updates.

B. Import the current directory structure.

C. Import users fromRADUIS.

D. Import users using a CSV file.

Which of the following is an QATH-based standart to generate event-based, one-time password tokens?

A. OLTP

B. SOTP

C. HOTP

D. TOTP

You are a FortiAuthenticator administrator for a large organization. Users who are configured to use FortiToken 200 for two-factor authentication can no longer authenticate. You have verified that only the users with two-factor authentication are experiencing the issue.

What can couse this issue?

A. On of the FortiAuthenticator devices in the active-active cluster has failed

B. FortiAuthenticator has lose contact with the FortiToken Cloud servers

C. FortiToken 200 licence has expired

D. Time drift between FortiAuthenticator and hardware tokens

You want to monitor FortiAuthenticator system information and receive FortiAuthenticator traps through SNMP.

Which two configurations must be performed after enabling SNMP access on the FortiAuthenticator interface? (Choose two)

A. Enable logging services

B. Set the tresholds to trigger SNMP traps

C. Upload management information base (MIB) files to SNMP server

D. Associate an ASN, 1 mapping rule to the receiving host

Which two features of FortiAuthenticator are used for EAP deployment? (Choose two)

A. Certificate authority

B. LDAP server

C. MAC authentication bypass

D. RADIUS server

Which two capabilities does FortiAuthenticator offer when acting as a self-signed or local CA? (Choose two)

A. Validating other CA CRLs using OSCP

B. Importing other CA certificates and CRLs

C. Merging local and remote CRLs using SCEP

D. Creating, signing, and revoking of X.509 certificates

Which two are supported captive or guest portal authentication methods? (Choose two)

A. Linkedln

B. Apple ID

C. Instagram

D. Email

Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion?

A. Service provider contacts idendity provider, idendity provider validates principal for service provider, service provider establishes communication with principal

B. Principal contacts idendity provider and is redirected to serviceprovider, principal establishes connection with service provider, service provider validates authentication with identify provider

C. Principal contacts service provider, service provider redirects principal to idendity provider, after succesfull authentication identify provider redirects principal to service provider

D. Principal contacts idendity provider and authenticates, identity provider relays principal to service provider after valid authentication

Which statement about the guest portal policies is true?

A. Guest portal policies apply only to authentication requests coming from unknown RADIUS clients

B. Guest portal policies can be used only for BYODs

C. Conditions in the policy apply only to guest wireless users

D. All conditions in the policy must match before a user is presented with the guest portal