Page: 1
/ 2
Total 30 questions
Examine the screenshot shown in the exhibit.
Which two statements regarding the configuration are true? (Choose two.)
- A. Guest users must fill in all the fields on the registration form.
- B. All accounts registered through the guest portal must be validated through email.
- C. All guest accounts created using the account registration feature will be placed under the Guest_Portal_Users group.
- D. Guest user account will expire after eight hours.
Answer : BC
An administrator is integrating FortiAuthenticator with an existing RADIUS server with the intent of eventually replacing the RADIUS server with FortiAuthenticator.
How can FortiAuthenticator help facilitate this process?
- A. By configuring the RADIUS accounting proxy
- B. By enabling automatic REST API calls from the RADIUS server
- C. By enabling learning mode in the RADIUS server configuration
- D. By importing the RADIUS user records
Answer : A
You are an administrator for a large enterprise and you want to delegate the creation and management of guest users to a group of sponsors.
How would you associate the guest accounts with individual sponsors?
- A. As an administrator, you can assign guest groups to individual sponsors.
- B. Guest accounts are associated with the sponsor that creates the guest account.
- C. You can automatically add guest accounts to groups associated with specific sponsors.
- D. Select the sponsor on the guest portal, during registration.
Answer : B
You are a Wi-Fi provider and host multiple domains.
How do you delegate user accounts, user groups and permissions per domain when they are authenticating on a single FortiAuthenticator device?
- A. Create realms.
- B. Create user groups.
- C. Create multiple directory trees on FortiAuthenticator.
- D. Automatically import hosts from each domain as they authenticate.
Answer : C
You have implemented two-factor authentication to enhance security to sensitive enterprise systems.
How could you bypass the need for two-factor authentication for users accessing form specific secured networks?
- A. Create an admin realm in the authentication policy.
- B. Specify the appropriate RADIUS clients in the authentication policy.
- C. Enable Adaptive Authentication in the portal policy.
- D. Enable the Resolve user geolocation from their IP address option in the authentication policy.
Answer : B
Which network configuration is required when depioying FortiAuthenticator for portal services?
- A. One of the DNS servers must be a FortiGuard DNS server
- B. Policies must have specific ports open between FortiAuthenticator and the authentication clients
- C. FortiGate must be set up as the default gateway for FortiAuthenticator
- D. FortiAuthenticator must have the REST API access enabled on port 1
Answer : B
You are a FortiAuthenticator administrator for a large organization. Users who are configured to use FortiToken 200 for two-factor authentication can no longer authenticate. You have verified that only the users with two-factor authentication are experiencing the issue.
What can cause this issue?
- A. FortiToken 200 license has expired.
- B. One of the FortiAuthenticator devices in the active-active cluster has failed.
- C. Time drift between FortiAuthenticator and hardware tokens.
- D. FortiAuthenticator has lost contact with the FortiToken Cloud servers.
Answer : C
Why would you configure an OCSP responder URL in an end-entity certificate?
- A. To designate the SCEP server to use for CRL updates for that certificate
- B. To identify the end point that a certificate has been assigned to
- C. To designate a server for certificate status checking
- D. To provide the CRL location for the certificate
Answer : C
An administrator wants to keep local CA cryptographic keys stored in a central location.
Which FortiAuthenticator feature would provide this functionality?
- A. SCEP support
- B. REST API
- C. Network HSM
- D. SFTP server
Answer : C
Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion?
- A. Principal contacts service provider, service provider redirects principal to identity provider, after successful authentication identity provider redirects principal to service provider.
- B. Principal contacts identity provider and is redirected to service provider, principal establishes connection with service provider, service provider validates authentication with identity provider.
- C. Principal contacts identity provider and authenticates, identity provider relays principal to service provider after valid authentication.
- D. Service provider contacts identity provider, identity provider validates principal for service provider, service provider establishes communication with principal.
Answer : C
Which two types of digital certificates can you create in FortiAuthenticator? (Choose two.)
- A. Third-party root certificate
- B. User certificate
- C. Organization validation certificate
- D. Local services certificate
Answer : AC
Which EAP method is known as the outer authentication method?
- A. MSCHAPv2
- B. PEAP
- C. EAP-GTC
- D. EAP-TLS
Answer : D
You want to monitor FortiAuthenticator system information and receive FortiAuthenticator traps through SNMP.
Which two configurations must be performed after enabling SNMP access on the FortiAuthenticator interface? (Choose two.)
- A. Enable logging services.
- B. Upload management information base (MIB) files to SNMP server.
- C. Set the thresholds to trigger SNMP traps.
- D. Associate an ASN.1 mapping rule to the receiving host.
Answer : BC
Which two features of FortiAuthenticator are used for EAP deployment? (Choose two.)
- A. Certificate authority
- B. LDAP server
- C. RADIUS server
- D. MAC authentication bypass
Answer : AC
30 days access 