Which two statement about the RADIUS service on FortiAuthenticator are true? (Choose two)
A. Two-factor authentication cannot be enforced when using RADIUS authentication
B. RADIUS users can migrated to LDAP users
C. Only local users can be authenticated through RADIUS
D. FortiAuthenticator answers only to RADIUS client that are registered with FortiAuthenticator
Answer:
B, D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 2
At a minimum, which two configurations are required to enable guest portal services on FortiAuthenticator? (Choose two)
A. Configuring a portal policy
B. Configuring at least on post-login service
C. Configuring a RADIUS client
D. Configuring an external authentication portal
Answer:
A, B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 3
You want to monitor FortiAuthenticator system information and receive FortiAuthenticator traps through SNMP. Which two configurations must be performed after enabling SNMP access on the FortiAuthenticator interface? (Choose two)
A. Enable logging services
B. Set the tresholds to trigger SNMP traps
C. Upload management information base (MIB) files to SNMP server
D. Associate an ASN, 1 mapping rule to the receiving host
Answer:
B, C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 4
Which method is the most secure way of delivering FortiToken data once the token has been seeded?
A. Online activation of the tokens through the FortiGuard network
B. Shipment of the seed files on a CD using a tamper-evident envelope
C. Using the in-house token provisioning tool
D. Automatic token generation using FortiAuthenticator
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 5
Which two protocols are the default management access protocols for administrative access for FortiAuthenticator? (Choose two)
A. Telnet
B. HTTPS
C. SSH
D. SNMP
Answer:
B, C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 6
What are three key features of FortiAuthenticator? (Choose three)
A. Identity management device
B. Log server
C. Certificate authority
D. Portal services
E. RSSO Server
Answer:
A, C, D
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 7
Which network configuration is required when deploying FortiAuthenticator for portal services?
A. FortiAuthenticator must have the REST API access enable on port1
B. One of the DNS servers must be a FortiGuard DNS server
C. Fortigate must be setup as default gateway for FortiAuthenticator
D. Policies must have specific ports open between FortiAuthenticator and the authentication clients
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 8
You are a Wi-Fi provider and host multiple domains. How do you delegate user accounts, user groups and permissions per domain when they are authenticating on a single FortiAuthenticator device?
A. Automatically import hosts from each domain as they authenticate
B. Create multiple directory trees on FortiAuthenticator
C. Create realms
D. Create user groups
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 9
Which of the following is an QATH-based standart to generate event-based, one-time password tokens?
A. OLTP
B. SOTP
C. HOTP
D. TOTP
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 10
Which two statements about the self-service portal are true? (Choose two)
A. Self-registration information can be sent to the user through email or SMS
B. Realms can be used to configure which seld-registered users or groups can authenticate on the network
C. Administrator approval is required for all self-registration
D. Authenticating users must specify domain name along with username
Answer:
A, B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 11
Which two features of FortiAuthenticator are used for EAP deployment? (Choose two)
A. Certificate authority
B. LDAP server
C. MAC authentication bypass
D. RADIUS server
Answer:
A, D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 12
Which behaviors exist for certificate revocation lists (CRLs) on FortiAuthenticator? (Choose two)
A. CRLs contain the serial number of the certificate that has been revoked
B. Revoked certificates are automaticlly placed on the CRL
C. CRLs can be exported only through the SCEP server
D. All local CAs share the same CRLs
Answer:
A, B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 13
You are a FortiAuthenticator administrator for a large organization. Users who are configured to use FortiToken 200 for two-factor authentication can no longer authenticate. You have verified that only the users with two-factor authentication are experiencing the issue. What can couse this issue?
A. On of the FortiAuthenticator devices in the active-active cluster has failed
B. FortiAuthenticator has lose contact with the FortiToken Cloud servers
C. FortiToken 200 licence has expired
D. Time drift between FortiAuthenticator and hardware tokens
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 14
Which two statements about the EAP-TTLS authentication method are true? (Choose two)
A. Uses mutual authentication
B. Uses digital certificates only on the server side
C. Requires an EAP server certificate
D. Support a port access control (wired) solution only
Answer:
B, C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 15
When you are setting up two FortiAuthenticator devices in active-passive HA, which HA role must you select on the master FortiAuthenticator?