Fortinet NSE 6 Network Security Specialist NSE6_FAC-6.1 Questions & Answers

• Question 1:

  Which statement about the guest portal policies is true?

  A. Guest portal policies apply only to authentication requests coming from unknown RADIUS clients

  B. Guest portal policies can be used only for BYODs

  C. Conditions in the policy apply only to guest wireless users

  D. All conditions in the policy must match before a user is presented with the guest portal

  Correct Answer: D

• Question 2:

  Refer to the exhibit.

  Examine the screenshot shown in the exhibit.

  

  Which two statements regarding the configuration are true? (Choose two)

  A. All guest accounts created using the account registration feature will be placed under the Guest_Portal_Users group

  B. All accounts registered through the guest portal must be validated through email

  C. Guest users must fill in all the fields on the registration form

  D. Guest user account will expire after eight hours

  Correct Answer: AB

• Question 3:

  You are a Wi-Fi provider and host multiple domains. How do you delegate user accounts, user groups and permissions per domain when theyare authenticating on a single FortiAuthenticator device?

  A. Automatically import hosts from each domain as they authenticate

  B. Create multiple directory trees on FortiAuthenticator

  C. Create realms

  D. Create user groups

  Correct Answer: C

• Question 4:

  Which two statement about the RADIUS service on FortiAuthenticator are true? (Choose two)

  A. Two-factor authentication cannot be enforced when using RADIUS authentication

  B. RADIUS users can migrated to LDAP users

  C. Only local users can be authenticated through RADIUS

  D. FortiAuthenticator answers only to RADIUS client that are registered with FortiAuthenticator

  Correct Answer: BD

• Question 5:

  Which two protocols are the default management access protocols for administrative access for FortiAuthenticator? (Choose two)

  A. Telnet

  B. HTTPS

  C. SSH

  D. SNMP

  Correct Answer: BC

• Question 6:

  Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion?

  A. Service provider contacts idendity provider, idendity provider validates principal for service provider, service provider establishes communication with principal

  B. Principal contacts idendity provider and is redirected to serviceprovider, principal establishes connection with service provider, service provider validates authentication with identify provider

  C. Principal contacts service provider, service provider redirects principal to idendity provider, after succesfull authentication identify provider redirects principal to service provider

  D. Principal contacts idendity provider and authenticates, identity provider relays principal to service provider after valid authentication

  Correct Answer: C

• Question 7:

  Which two are supported captive or guest portal authentication methods? (Choose two)

  A. Linkedln

  B. Apple ID

  C. Instagram

  D. Email

  Correct Answer: AD

• Question 8:

  Which method is the most secure way of delivering FortiToken data once the token has been seeded?

  A. Online activation of the tokens through the FortiGuard network

  B. Shipment of the seed files on a CD using a tamper-evident envelope

  C. Using the in-house token provisioning tool

  D. Automatic token generation using FortiAuthenticator

  Correct Answer: B

• Question 9:

  When you are setting up two FortiAuthenticator devices in active-passive HA, which HA role must you select on the masterFortiAuthenticator?

  A. Active-passive master

  B. Standalone master

  C. Cluster member

  D. Load balancing master

  Correct Answer: C

• Question 10:

  Which two features of FortiAuthenticator are used for EAP deployment? (Choose two)

  A. Certificate authority

  B. LDAP server

  C. MAC authentication bypass

  D. RADIUS server

  Correct Answer: AD