Real Fortinet NSE6_FAC-6.4 Exam Questions Study Guide [Q24-Q44] : Free Exams Dumps Materials : http://exams.dumpsmaterials.com

This page was exported from Free Exams Dumps Materials [ http://exams.dumpsmaterials.com ]
Export date: Mon Dec 30 18:12:30 2024 / +0000 GMT

Real Fortinet NSE6_FAC-6.4 Exam Questions Study Guide [Q24-Q44]

Real Fortinet NSE6_FAC-6.4 Exam Questions Study Guide

Updated and Accurate NSE6_FAC-6.4 Questions for passing the exam Quickly

NEW QUESTION 24
Why would you configure an OCSP responder URL in an end-entity certificate?

To provide the CRL location for the certificate

To identify the end point that a certificate has been assigned to

To designate the SCEP server to use for CRL updates for that certificate

To designate a server for certificate status checking

NEW QUESTION 25
At a minimum, which two configurations are required to enable guest portal services on FortiAuthenticator? (Choose two)

Configuring a portal policy

Configuring at least on post-login service

Configuring a RADIUS client

Configuring an external authentication portal

NEW QUESTION 26
Which two statements about the self-service portal are true? (Choose two)

Self-registration information can be sent to the user through email or SMS

Realms can be used to configure which seld-registered users or groups can authenticate on the network

Administrator approval is required for all self-registration

Authenticating users must specify domain name along with username

NEW QUESTION 27
You have implemented two-factor authentication to enhance security to sensitive enterprise systems.
How could you bypass the need for two-factor authentication for users accessing form specific secured networks?

Create an admin realm in the authentication policy

Specify the appropriate RADIUS clients in the authentication policy

Enable Adaptive Authentication in the portal policy

Enable the Resolve user geolocation from their IP address option in the authentication policy.

NEW QUESTION 28
Which network configuration is required when deploying FortiAuthenticator for portal services?

FortiAuthenticator must have the REST API access enable on port1

One of the DNS servers must be a FortiGuard DNS server

Fortigate must be setup as default gateway for FortiAuthenticator

Policies must have specific ports open between FortiAuthenticator and the authentication clients

NEW QUESTION 29
You are a FortiAuthenticator administrator for a large organization. Users who are configured to use FortiToken 200 for two-factor authentication can no longer authenticate. You have verified that only the users with two-factor authentication are experiencing the issue.
What can cause this issue?

FortiToken 200 license has expired

One of the FortiAuthenticator devices in the active-active cluster has failed

Time drift between FortiAuthenticator and hardware tokens

FortiAuthenticator has lost contact with the FortiToken Cloud servers

NEW QUESTION 30
Which two types of digital certificates can you create in Fortiauthenticator? (Choose two)

User certificate

Organization validation certificate

Third-party root certificate

Local service certificate

NEW QUESTION 31
When generating a TOTP for two-factor authentication, what two pieces of information are used by the algorithm to generate the TOTP?

UUID and time

Time and seed

Time and mobile location

Time and FortiAuthenticator serial number

NEW QUESTION 32
Which statement about captive portal policies is true, assuming a single policy has been defined?

Portal policies apply only to authentication requests coming from unknown RADIUS clients

All conditions in the policy must match before a user is presented with the captive portal.

Conditions in the policy apply only to wireless users.

Portal policies can be used only for BYODs.

NEW QUESTION 33
A digital certificate, also known as an X.509 certificate, contains which two pieces of information? (Choose two.)

Issuer

Shared secret

Public key

Private key

NEW QUESTION 34
Which of the following is an OATH-based standard to generate event-based, one-time password tokens?

HOTP

SOTP

TOTP

OLTP

NEW QUESTION 35
Which two statements about the EAP-TTLS authentication method are true? (Choose two)

Uses mutual authentication

Uses digital certificates only on the server side

Requires an EAP server certificate

Support a port access control (wired) solution only

NEW QUESTION 36
An administrator is integrating FortiAuthenticator with an existing RADIUS server with the intent of eventually replacing the RADIUS server with FortiAuthenticator.
How can FortiAuthenticator help facilitate this process?

By configuring the RADIUS accounting proxy

By enabling automatic REST API calls from the RADIUS server

By enabling learning mode in the RADIUS server configuration

By importing the RADIUS user records

NEW QUESTION 37
A system administrator wants to integrate FortiAuthenticator with an existing identity management system with the goal of authenticating and deauthenticating users into FSSO.
What feature does FortiAuthenticator offer for this type of integration?

The ability to import and export users from CSV files

RADIUS learning mode for migrating users

REST API

SNMP monitoring and traps

NEW QUESTION 38
Which behaviors exist for certificate revocation lists (CRLs) on FortiAuthenticator? (Choose two)

CRLs contain the serial number of the certificate that has been revoked

Revoked certificates are automaticlly placed on the CRL

CRLs can be exported only through the SCEP server

All local CAs share the same CRLs

NEW QUESTION 39
When generating a TOTP for two-factor authentication, what two pieces of information are used by the algorithm to generate the TOTP?

UUID and time

Time and FortiAuthenticator serial number

Time and seed

Time and mobile location

NEW QUESTION 40
Which two features of FortiAuthenticator are used for EAP deployment? (Choose two)

Certificate authority

LDAP server

MAC authentication bypass

RADIUS server

NEW QUESTION 41
How can a SAML metada file be used?

To defined a list of trusted user names

To import the required IDP configuration

To correlate the IDP address to its hostname

To resolve the IDP realm for authentication

NEW QUESTION 42
When you are setting up two FortiAuthenticator devices in active-passive HA, which HA role must you select on the master FortiAuthenticator?

Active-passive master

Standalone master

Cluster member

Load balancing master

Prepare Important Exam with NSE6_FAC-6.4 Exam Dumps: https://www.dumpsmaterials.com/NSE6_FAC-6.4-real-torrent.html

Post date: 2023-10-25 11:04:39
Post date GMT: 2023-10-25 11:04:39
Post modified date: 2023-10-25 11:04:39
Post modified date GMT: 2023-10-25 11:04:39