Fortinet NSE 6 NSE6_FAC-6 4 Exam Dumps

Text Material Preview

NSE6_FAC-6.4
Exam Name: Fortinet NSE 6 - FortiAuthenticator 6.4
Full version: 47 Q&As
Full version of NSE6_FAC-6.4 Dumps
Share some NSE6_FAC-6.4 exam dumps
below.
1. Examine the screenshot shown in the exhibit.
 1 / 6
https://www.certqueen.com/NSE6_FAC-6.4.html
Which two statements regarding the configuration are true? (Choose two.)
A. All guest accounts created using the account registration feature will be placed under the
Guest_Portal_Users group
B. All accounts registered through the guest portal must be validated through email
C. Guest users must fill in all the fields on the registration form
D. Guest user account will expire after eight hours
Answer: A, B
Explanation:
The screenshot shows that the account registration feature is enabled for the guest portal and
that the guest group is set to Guest_Portal_Users. This means that all guest accounts created
using this feature will be placed under that group1. The screenshot also shows that email
validation is enabled for the guest portal and that the email validation link expires after 24 hours.
This means that all accounts registered through the guest portal must be validated through
email within that time frame1.
Reference: 1 https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-
guide/906179/guest-management#account-registration
2. Which two capabilities does FortiAuthenticator offer when acting as a self-signed or local CA?
(Choose two)
A. Validating other CA CRLs using OSCP
B. Importing other CA certificates and CRLs
 2 / 6
C. Merging local and remote CRLs using SCEP
D. Creating, signing, and revoking of X.509 certificates
Answer: BD
Explanation:
FortiAuthenticator can act as a self-signed or local CA that can issue certificates to users,
devices, or other CAs. It can also import other CA certificates and CRLs to trust them and
validate their certificates. It can also create, sign, and revoke X.509 certificates for various
purposes, such as VPN authentication, web server encryption, or wireless security. It cannot
validate other CA CRLs using OCSP or merge local and remote CRLs using SCEP because
these are protocols that require communication with external CAs.
Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-
guide/372408/certificate-management
3. Which two protocols are the default management access protocols for administrative access
for FortiAuthenticator? (Choose two)
A. Telnet
B. HTTPS
C. SSH
D. SNMP
Answer: B, C
Explanation:
HTTPS and SSH are the default management access protocols for administrative access for
FortiAuthenticator. HTTPS allows administrators to access the web-based GUI of
FortiAuthenticator using a web browser and a secure connection. SSH allows administrators to
access the CLI of FortiAuthenticator using an SSH client and an encrypted connection. Both
protocols require the administrator to enter a valid username and password to log in.
Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-
guide/906179/system-settings#management-access
4. You are the administrator of a global enterprise with three FortiAuthenticator devices. You
would like to deploy them to provide active-passive HA at headquarters, with geographically
distributed load balancing.
What would the role settings be?
A. One standalone and two load balancers
B One standalone primary, one cluster member, and one load balancer
C. Two cluster members and one backup
 3 / 6
D. Two cluster members and one load balancer
Answer: B
Explanation:
To deploy three FortiAuthenticator devices to provide active-passive HA at headquarters, with
geographically distributed load balancing, the role settings would be:
One standalone primary, which acts as the master device for HA and load balancing One
cluster member, which acts as the backup device for HA and load balancing
One load balancer, which acts as a remote device that forwards authentication requests to the
primary or cluster member device
Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-
guide/906179/high-availability#ha-and-load-balancing
5. Which two statements about the self-service portal are true? (Choose two)
A. Self-registration information can be sent to the user through email or SMS
B. Realms can be used to configure which seld-registered users or groups can authenticate on
the network
C. Administrator approval is required for all self-registration
D. Authenticating users must specify domain name along with username
Answer: A, B
Explanation:
Two statements about the self-service portal are true:
Self-registration information can be sent to the user through email or SMS using the notification
templates feature. This feature allows administrators to customize the messages that are sent to
users when they register or perform other actions on the self-service portal.
Realms can be used to configure which self-registered users or groups can authenticate on the
network using the realm-based authentication feature. This feature allows administrators to
apply different authentication policies and settings to different groups of users based on their
realm membership.
Reference:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/user-
management#self-registration
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/user-
management#realms
6. Which interface services must be enabled for the SCEP client to connect to Authenticator?
A. OCSP
 4 / 6
B. REST API
C. SSH
D. HTTP/HTTPS
Answer: D
Explanation:
HTTP/HTTPS are the interface services that must be enabled for the SCEP client to connect to
FortiAuthenticator. SCEP stands for Simple Certificate Enrollment Protocol, which is a method
of requesting and issuing digital certificates over HTTP or HTTPS. FortiAuthenticator supports
SCEP as a certificate authority (CA) and can process SCEP requests from SCEP clients. To
enable SCEP on FortiAuthenticator, the HTTP or HTTPS service must be enabled on the
interface that receives the SCEP requests.
Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-
guide/906179/certificate-management#scep
7. You are an administrator for a large enterprise and you want to delegate the creation and
management of guest users to a group of sponsors.
How would you associate the guest accounts with individual sponsors?
A. As an administrator, you can assign guest groups to individual sponsors.
B. Guest accounts are associated with the sponsor that creates the guest account.
C. You can automatically add guest accounts to groups associated with specific sponsors.
D. Select the sponsor on the guest portal, during registration.
Answer: B
Explanation:
Guest accounts are associated with the sponsor that creates the guest account. A sponsor is a
user who has permission to create and manage guest accounts on behalf of other users3. A
sponsor can create guest accounts using the sponsor portal or the REST API3. The sponsor’s
username is recorded as a field in the guest account’s profile3.
Reference: 3 https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-
guide/906179/guest-management#sponsors
8. An administrator is integrating FortiAuthenticator with an existing RADIUS server with the
intent of eventually replacing the RADIUS server with FortiAuthenticator.
How can FortiAuthenticator help facilitate this process?
A. By configuring the RADIUS accounting proxy
B. By enabling automatic REST API calls from the RADIUS server
C. By enabling learning mode in the RADIUS server configuration
 5 / 6
D. By importing the RADIUS user records
Answer: C
Explanation:
FortiAuthenticator can help facilitate the process of replacingan existing RADIUS server by
enabling learning mode in the RADIUS server configuration. This allows FortiAuthenticator to
learn user credentials from the existing RADIUS server and store them locally for future
authentication requests2. This way, FortiAuthenticator can gradually take over the role of the
RADIUS server without disrupting the user experience.
Reference: 2 https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-
guide/906179/radius-service#learning-mode
 
More Hot Exams are available.
350-401 ENCOR Exam Dumps
350-801 CLCOR Exam Dumps
200-301 CCNA Exam Dumps
Powered by TCPDF (www.tcpdf.org)
 6 / 6
https://www.certqueen.com/promotion.asp
https://www.certqueen.com/350-401.html
https://www.certqueen.com/350-801.html
https://www.certqueen.com/200-301.html
http://www.tcpdf.org