Page: 1
/ 2
Total 33 questions
A device or user identity cannot be established transparently, such as with non-domain BYOD devices, and allow users to create their own credentials.
In this case, which user identity discovery method can FortiAuthenticator use?
- A. RADIUS accounting
- B. Kerberos-based authentication
- C. Portal authentication
- D. Syslog messaging or SAMI IdP
Answer : C
What are three key features of FortiAuthenticator? (Choose three.)
- A. RSSO server
- B. Log server
- C. Portal services
- D. Certificate authority
- E. Identity management device
Answer : ADE
Which two capabilities does FortiAuthenticator offer when acting as a self-signed or local CA? (Choose two.)
- A. Merging local and remote CRLs using SCEP
- B. Creating, signing, and revoking of X.509 certificates
- C. Validating other CA CRLs using OCSP
- D. Importing other CA certificates and CRLs
Answer : BD
Which two are supported captive or guest portal authentication methods? (Choose two.)
- A. LinkedIn
- B. Email
- C. Apple ID
- D. Instagram
Answer : AB
What happens when a certificate is revoked? (Choose two.)
- A. External CAs will periodically query FortiAuthenticator and automatically download revoked certificates
- B. Revoked certificates are automatically added to the CRL
- C. All certificates signed by a revoked CA certificate are automatically revoked
- D. Revoked certificates cannot be reinstated for any reason
Answer : AB
Refer to the exhibit.
Examine the screenshot shown in the exhibit.
Which two statements regarding the configuration are true? (Choose two.)
- A. Guest user account will expire after eight hours.
- B. All guest accounts created using the account registration feature will be placed under the Guest_Portal_Users group.
- C. Guest users must fill in all the fields on the registration form.
- D. All accounts registered through the guest portal must be validated through email.
Answer : BD
Which interface services must be enabled for the SCEP client to connect to FortiAuthenticator?
- A. OCSP
- B. HTTP/HTTPS
- C. SSH
- D. REST API
Answer : B
Which two statements about the EAP-TTLS authentication method are true? (Choose two.)
- A. Supports a port access control (wired) solution only
- B. Uses digital certificates only on the server side
- C. Uses mutual authentication
- D. Requires an EAP server certificate
Answer : BD
Which EAP method is known as the outer authentication method?
- A. EAP-TLS
- B. EAP-GTC
- C. PEAP
- D. MSCHAPv2
Answer : C
Which two SAMI roles can FortiAuthenticator be configured as? (Choose two.)
- A. Identity provider
- B. Assertion server
- C. Principal
- D. Service provider
Answer : AD
Which two types of digital certificates can you create in FortiAuthenticator? (Choose two.)
- A. Organization validation certificate
- B. User certificate
- C. Third-party root certificate
- D. Local services certificate
Answer : BD
You are a FortiAuthenticator administrator for a large organization. Users who are configured to use FortiToken 200 for two-factor authentication can no longer authenticate. You have verified that only the users with two-factor authentication are experiencing the issue.
What can cause this issue?
- A. FortiAuthenticator has lost contact with the FortiToken Cloud servers
- B. Time drift between FortiAuthenticator and hardware tokens
- C. One of the FortiAuthenticator devices in the active-active cluster has failed
- D. FortiToken 200 license has expired
Answer : B
How can a SAML metadata file be used?
- A. To define a list of trusted user names
- B. To import the required IDP configuration
- C. To correlate the IDP address to its hostname
- D. To resolve the IDP realm for authentication
Answer : B
Which of the following is an OATH-based standard to generate event-based, one-time password tokens?
- A. HOTP
- B. SOTP
- C. TOTP
- D. OLTP
Answer : C
You are a Wi-Fi provider and host multiple domains. How do you delegate user accounts, user groups and permissions per domain when they are authenticating on a single FortiAuthenticator device?
- A. Create realms
- B. Create multiple directory trees on FortiAuthenticator
- C. Automatically import hosts from each domain as they authenticate
- D. Create user groups
Answer : A
30 days access 