NSE6_FAC-6.1 Online Practice Questions and Answers

What happens when a certificate is revoked? (Choose two)

A. Revoked certificates cannot be reinstated for any reason

B. All certificates signed by a revoked CA certificate are automatically revoked

C. Revoked certificates are automatically added to the CRL

D. External CAs will priodically query Fortiauthenticator and automatically download revoked certificates

Which two types of digital certificates can you create in Fortiauthenticator? (Choose two)

A. Usercertificate

B. Organization validation certificate

C. Third-party root certificate

D. Local service certificate

Which network configuration is required when deploying FortiAuthenticator for portal services?

A. FortiAuthenticator must have the REST API access enable on port1

B. One of the DNS servers must be a FortiGuard DNS server

C. Fortigate must be setup as default gateway for FortiAuthenticator

D. Policies must have specific ports open between FortiAuthenticator and the authentication clients

Which three of the following can be used as SSO sources? (Choose three)

A. FortiClient SSO Mobility Agent

B. SSH Sessions

C. FortiAuthenticator in SAML SP role

D. Fortigate

E. RADIUS accounting

How can a SAML metada file be used?

A. To defined a list of trusted user names

B. To import the required IDP configuration

C. To correlate the IDP address to its hostname

D. To resolve the IDP realm for authentication

Which two statements about the self-service portal are true? (Choose two)

A. Self-registration information can be sent to the user through email or SMS

B. Realms can be used to configure which seld-registeredusers or groups can authenticate on the network

C. Administrator approval is required for all self-registration

D. Authenticating users must specify domain name along with username

Which two features of FortiAuthenticator are used for EAP deployment? (Choose two)

A. Certificate authority

B. LDAP server

C. MAC authentication bypass

D. RADIUS server

Which two capabilities does FortiAuthenticator offer when acting as a self-signed or local CA? (Choose two)

A. Validating other CA CRLs using OSCP

B. Importing other CA certificates and CRLs

C. Merging local and remote CRLs using SCEP

D. Creating, signing, and revoking of X.509 certificates

You are a Wi-Fi provider and host multiple domains. How do you delegate user accounts, user groups and permissions per domain when theyare authenticating on a single FortiAuthenticator device?

A. Automatically import hosts from each domain as they authenticate

B. Create multiple directory trees on FortiAuthenticator

C. Create realms

D. Create user groups

Which two statement about the RADIUS service on FortiAuthenticator are true? (Choose two)

A. Two-factor authentication cannot be enforced when using RADIUS authentication

B. RADIUS users can migrated to LDAP users

C. Only local users can be authenticated through RADIUS

D. FortiAuthenticator answers only to RADIUS client that are registered with FortiAuthenticator