[Dec 01, 2023] Valid NSE6_FAC-6.4 Test Answers & Fortinet NSE6_FAC-6.4 Exam PDF [Q15-Q35]

NEW QUESTION 15
How can a SAML metada file be used?

To defined a list of trusted user names

To import the required IDP configuration

To correlate the IDP address to its hostname

To resolve the IDP realm for authentication

NEW QUESTION 16
An administrator has an active directory (AD) server integrated with FortiAuthenticator. They want members of only specific AD groups to participate in FSSO with their corporate FortiGate firewalls.
How does the administrator accomplish this goal?

Configure a FortiGate filter on FortiAuthenticatoc

Configure a domain groupings list to identify the desired AD groups.

Configure fine-grained controls on FortiAuthenticator to designate AD groups.

Configure SSO groups and assign them to FortiGate groups.

NEW QUESTION 17
You are a FortiAuthenticator administrator for a large organization. Users who are configured to use FortiToken 200 for two-factor authentication can no longer authenticate. You have verified that only the users with two-factor authentication are experiencing the issue.
What can cause this issue?

FortiToken 200 license has expired

One of the FortiAuthenticator devices in the active-active cluster has failed

Time drift between FortiAuthenticator and hardware tokens

FortiAuthenticator has lost contact with the FortiToken Cloud servers

NEW QUESTION 18
Which statement about the assignment of permissions for sponsor and administrator accounts is true?

Only administrator accounts permissions are assigned using admin profiles.

Sponsor permissions are assigned using group settings.

Administrator capabilities are assigned by applying permission sets to admin groups.

Both sponsor and administrator account permissions are assigned using admin profiles.

NEW QUESTION 19
Which two capabilities does FortiAuthenticator offer when acting as a self-signed or local CA? (Choose two)

Validating other CA CRLs using OSCP

Importing other CA certificates and CRLs

Merging local and remote CRLs using SCEP

Creating, signing, and revoking of X.509 certificates

NEW QUESTION 20
A system administrator wants to integrate FortiAuthenticator with an existing identity management system with the goal of authenticating and deauthenticating users into FSSO.
What feature does FortiAuthenticator offer for this type of integration?

The ability to import and export users from CSV files

RADIUS learning mode for migrating users

REST API

SNMP monitoring and traps

NEW QUESTION 21
What happens when a certificate is revoked? (Choose two)

Revoked certificates cannot be reinstated for any reason

All certificates signed by a revoked CA certificate are automatically revoked

Revoked certificates are automatically added to the CRL

External CAs will priodically query Fortiauthenticator and automatically download revoked certificates

NEW QUESTION 22
At a minimum, which two configurations are required to enable guest portal services on FortiAuthenticator? (Choose two)

Configuring a portal policy

Configuring at least on post-login service

Configuring a RADIUS client

Configuring an external authentication portal

NEW QUESTION 23
Which two features of FortiAuthenticator are used for EAP deployment? (Choose two)

Certificate authority

LDAP server

MAC authentication bypass

RADIUS server

NEW QUESTION 24
Which two statement about the RADIUS service on FortiAuthenticator are true? (Choose two)

Two-factor authentication cannot be enforced when using RADIUS authentication

RADIUS users can migrated to LDAP users

Only local users can be authenticated through RADIUS

FortiAuthenticator answers only to RADIUS client that are registered with FortiAuthenticator

NEW QUESTION 25
You want to monitor FortiAuthenticator system information and receive FortiAuthenticator traps through SNMP.
Which two configurations must be performed after enabling SNMP access on the FortiAuthenticator interface? (Choose two)

Enable logging services

Set the tresholds to trigger SNMP traps

Upload management information base (MIB) files to SNMP server

Associate an ASN, 1 mapping rule to the receiving host

NEW QUESTION 26
Which FSSO discovery method transparently detects logged off users without having to rely on external features such as WMI polling?

Windows AD polling

FortiClient SSO Mobility Agent

Radius Accounting

DC Polling

NEW QUESTION 27
Which of the following is an OATH-based standard to generate event-based, one-time password tokens?

HOTP

SOTP

TOTP

OLTP

NEW QUESTION 28
When configuring syslog SSO, which three actions must you take, in addition to enabling the syslog SSO method? (Choose three.)

Enable syslog on the FortiAuthenticator interface.

Define a syslog source.

Select a syslog rule for message parsing.

Set the same password on both the FortiAuthenticator and the syslog server.

Set the syslog UDP port on FortiAuthenticator.

NEW QUESTION 29
Which network configuration is required when deploying FortiAuthenticator for portal services?

FortiAuthenticator must have the REST API access enable on port1

One of the DNS servers must be a FortiGuard DNS server

Fortigate must be setup as default gateway for FortiAuthenticator

Policies must have specific ports open between FortiAuthenticator and the authentication clients

NEW QUESTION 30
Which two types of digital certificates can you create in Fortiauthenticator? (Choose two)

User certificate

Organization validation certificate

Third-party root certificate

Local service certificate

NEW QUESTION 31
A digital certificate, also known as an X.509 certificate, contains which two pieces of information? (Choose two.)

Issuer

Shared secret

Public key

Private key

NEW QUESTION 32
When generating a TOTP for two-factor authentication, what two pieces of information are used by the algorithm to generate the TOTP?

UUID and time

Time and FortiAuthenticator serial number

Time and seed

Time and mobile location

NEW QUESTION 33
You are the administrator of a global enterprise with three FortiAuthenticator devices. You would like to deploy them to provide active-passive HA at headquarters, with geographically distributed load balancing.
What would the role settings be?

One standalone and two load balancers

One standalone primary, one cluster member, and one load balancer

Two cluster members and one backup

Two cluster members and one load balancer