NSE6_FAC-6.4 Dumps By Pros - 1st Attempt Guaranteed Success [Q12-Q34]

Q12. Which three of the following can be used as SSO sources? (Choose three)

FortiClient SSO Mobility Agent

SSH Sessions

FortiAuthenticator in SAML SP role

Fortigate

RADIUS accounting

Q13. An administrator has an active directory (AD) server integrated with FortiAuthenticator. They want members of only specific AD groups to participate in FSSO with their corporate FortiGate firewalls.
How does the administrator accomplish this goal?

Configure a FortiGate filter on FortiAuthenticatoc

Configure a domain groupings list to identify the desired AD groups.

Configure fine-grained controls on FortiAuthenticator to designate AD groups.

Configure SSO groups and assign them to FortiGate groups.

Q14. Examine the screenshot shown in the exhibit.

Which two statements regarding the configuration are true? (Choose two.)

All guest accounts created using the account registration feature will be placed under the Guest_Portal_Users group

All accounts registered through the guest portal must be validated through email

Guest users must fill in all the fields on the registration form

Guest user account will expire after eight hours

Q15. Which statement about captive portal policies is true, assuming a single policy has been defined?

Portal policies apply only to authentication requests coming from unknown RADIUS clients

All conditions in the policy must match before a user is presented with the captive portal.

Conditions in the policy apply only to wireless users.

Portal policies can be used only for BYODs.

Q16. Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion?

Service provider contacts idendity provider, idendity provider validates principal for service provider, service provider establishes communication with principal

Principal contacts idendity provider and is redirected to service provider, principal establishes connection with service provider, service provider validates authentication with identify provider

Principal contacts service provider, service provider redirects principal to idendity provider, after succesfull authentication identify provider redirects principal to service provider

Principal contacts idendity provider and authenticates, identity provider relays principal to service provider after valid authentication

Q17. When generating a TOTP for two-factor authentication, what two pieces of information are used by the algorithm to generate the TOTP?

UUID and time

Time and seed

Time and mobile location

Time and FortiAuthenticator serial number

Q18. Which statement about the assignment of permissions for sponsor and administrator accounts is true?

Only administrator accounts permissions are assigned using admin profiles.

Sponsor permissions are assigned using group settings.

Administrator capabilities are assigned by applying permission sets to admin groups.

Both sponsor and administrator account permissions are assigned using admin profiles.

Q19. Which two capabilities does FortiAuthenticator offer when acting as a self-signed or local CA? (Choose two)

Validating other CA CRLs using OSCP

Importing other CA certificates and CRLs

Merging local and remote CRLs using SCEP

Creating, signing, and revoking of X.509 certificates

Q20. Which two protocols are the default management access protocols for administrative access for FortiAuthenticator? (Choose two)

Telnet

HTTPS

SSH

SNMP

Q21. When generating a TOTP for two-factor authentication, what two pieces of information are used by the algorithm to generate the TOTP?

UUID and time

Time and FortiAuthenticator serial number

Time and seed

Time and mobile location

Q22. Which network configuration is required when deploying FortiAuthenticator for portal services?

FortiAuthenticator must have the REST API access enable on port1

One of the DNS servers must be a FortiGuard DNS server

Fortigate must be setup as default gateway for FortiAuthenticator

Policies must have specific ports open between FortiAuthenticator and the authentication clients

Q23. At a minimum, which two configurations are required to enable guest portal services on FortiAuthenticator? (Choose two)

Configuring a portal policy

Configuring at least on post-login service

Configuring a RADIUS client

Configuring an external authentication portal

Q24. You have implemented two-factor authentication to enhance security to sensitive enterprise systems.
How could you bypass the need for two-factor authentication for users accessing form specific secured networks?

Create an admin realm in the authentication policy

Specify the appropriate RADIUS clients in the authentication policy

Enable Adaptive Authentication in the portal policy

Enable the Resolve user geolocation from their IP address option in the authentication policy.

Q25. An administrator wants to keep local CA cryptographic keys stored in a central location.
Which FortiAuthenticator feature would provide this functionality?

SCEP support

REST API

Network HSM

SFTP server

Q26. Which two features of FortiAuthenticator are used for EAP deployment? (Choose two)

Certificate authority

LDAP server

MAC authentication bypass

RADIUS server

Q27. A device or user identity cannot be established transparently, such as with non-domain BYOD devices, and allow users to create their own credentialis.
In this case, which user idendity discovery method can Fortiauthenticator use?

Syslog messaging or SAML IDP

Kerberos-base authentication

Radius accounting

Portal authentication

Q28. You want to monitor FortiAuthenticator system information and receive FortiAuthenticator traps through SNMP.
Which two configurations must be performed after enabling SNMP access on the FortiAuthenticator interface? (Choose two)

Enable logging services

Set the tresholds to trigger SNMP traps

Upload management information base (MIB) files to SNMP server

Associate an ASN, 1 mapping rule to the receiving host

Q29. A system administrator wants to integrate FortiAuthenticator with an existing identity management system with the goal of authenticating and deauthenticating users into FSSO.
What feature does FortiAuthenticator offer for this type of integration?

The ability to import and export users from CSV files

RADIUS learning mode for migrating users

REST API

SNMP monitoring and traps

Q30. When you are setting up two FortiAuthenticator devices in active-passive HA, which HA role must you select on the master FortiAuthenticator?

Active-passive master

Standalone master

Cluster member

Load balancing master

NSE6_FAC-6.4 Dumps By Pros – 1st Attempt Guaranteed Success [Q12-Q34]

Leave a Reply Cancel reply