NSE6_FAC-6.1 Online Practice Questions and Answers

You want to monitor FortiAuthenticator system information and receive FortiAuthenticator traps through SNMP.

Which two configurations must be performed after enabling SNMP access on the FortiAuthenticator interface? (Choose two)

A. Enable logging services

B. Set the tresholds to trigger SNMP traps

C. Upload management information base (MIB) files to SNMP server

D. Associate an ASN, 1 mapping rule to the receiving host

Which three of the following can be used as SSO sources? (Choose three)

A. FortiClient SSO Mobility Agent

B. SSH Sessions

C. FortiAuthenticator in SAML SP role

D. Fortigate

E. RADIUS accounting

Which two statements about the self-service portal are true? (Choose two)

A. Self-registration information can be sent to the user through email or SMS

B. Realms can be used to configure which seld-registeredusers or groups can authenticate on the network

C. Administrator approval is required for all self-registration

D. Authenticating users must specify domain name along with username

When you are setting up two FortiAuthenticator devices in active-passive HA, which HA role must you select on the masterFortiAuthenticator?

A. Active-passive master

B. Standalone master

C. Cluster member

D. Load balancing master

Which two capabilities does FortiAuthenticator offer when acting as a self-signed or local CA? (Choose two)

A. Validating other CA CRLs using OSCP

B. Importing other CA certificates and CRLs

C. Merging local and remote CRLs using SCEP

D. Creating, signing, and revoking of X.509 certificates

A device or useridentity cannot be established transparently, such as with non-domain BYOD devices, and allow users to create their own credentialis.

In this case, which user idendity discovery method can Fortiauthenticator use?

A. Syslog messaging or SAML IDP

B. Kerberos-base authentication

C. Radius accounting

D. Portal authentication

Which method is the most secure way of delivering FortiToken data once the token has been seeded?

A. Online activation of the tokens through the FortiGuard network

B. Shipment of the seed files on a CD using a tamper-evident envelope

C. Using the in-house token provisioning tool

D. Automatic token generation using FortiAuthenticator

Which two protocols are the default management access protocols for administrative access for FortiAuthenticator? (Choose two)

A. Telnet

B. HTTPS

C. SSH

D. SNMP

Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion?

A. Service provider contacts idendity provider, idendity provider validates principal for service provider, service provider establishes communication with principal

B. Principal contacts idendity provider and is redirected to serviceprovider, principal establishes connection with service provider, service provider validates authentication with identify provider

C. Principal contacts service provider, service provider redirects principal to idendity provider, after succesfull authentication identify provider redirects principal to service provider

D. Principal contacts idendity provider and authenticates, identity provider relays principal to service provider after valid authentication

You are a Wi-Fi provider and host multiple domains. How do you delegate user accounts, user groups and permissions per domain when theyare authenticating on a single FortiAuthenticator device?

A. Automatically import hosts from each domain as they authenticate

B. Create multiple directory trees on FortiAuthenticator

C. Create realms

D. Create user groups