NSE6_FAC-6.1 Online Practice Questions and Answers

What happens when a certificate is revoked? (Choose two)

A. Revoked certificates cannot be reinstated for any reason

B. All certificates signed by a revoked CA certificate are automatically revoked

C. Revoked certificates are automatically added to the CRL

D. External CAs will priodically query Fortiauthenticator and automatically download revoked certificates

What are three key features of FortiAuthenticator? (Choose three)

A. Identity management device

B. Log server

C. Certificate authority

D. Portal services

E. RSSO Server

Which behaviors exist for certificate revocation lists (CRLs) on FortiAuthenticator? (Choose two)

A. CRLs contain the serial number of the certificate that has been revoked

B. Revoked certificates are automaticlly placed on the CRL

C. CRLs can beexported only through the SCEP server

D. All local CAs share the same CRLs

How can a SAML metada file be used?

A. To defined a list of trusted user names

B. To import the required IDP configuration

C. To correlate the IDP address to its hostname

D. To resolve the IDP realm for authentication

Which two statements about the self-service portal are true? (Choose two)

A. Self-registration information can be sent to the user through email or SMS

B. Realms can be used to configure which seld-registeredusers or groups can authenticate on the network

C. Administrator approval is required for all self-registration

D. Authenticating users must specify domain name along with username

A device or useridentity cannot be established transparently, such as with non-domain BYOD devices, and allow users to create their own credentialis.

In this case, which user idendity discovery method can Fortiauthenticator use?

A. Syslog messaging or SAML IDP

B. Kerberos-base authentication

C. Radius accounting

D. Portal authentication

Which two are supported captive or guest portal authentication methods? (Choose two)

A. Linkedln

B. Apple ID

C. Instagram

D. Email

Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion?

A. Service provider contacts idendity provider, idendity provider validates principal for service provider, service provider establishes communication with principal

B. Principal contacts idendity provider and is redirected to serviceprovider, principal establishes connection with service provider, service provider validates authentication with identify provider

C. Principal contacts service provider, service provider redirects principal to idendity provider, after succesfull authentication identify provider redirects principal to service provider

D. Principal contacts idendity provider and authenticates, identity provider relays principal to service provider after valid authentication

Refer to the exhibit.

Examine the screenshot shown in the exhibit.

Which two statements regarding the configuration are true? (Choose two)

A. All guest accounts created using the account registration feature will be placed under the Guest_Portal_Users group

B. All accounts registered through the guest portal must be validated through email

C. Guest users must fill in all the fields on the registration form

D. Guest user account will expire after eight hours

Which two statement about the RADIUS service on FortiAuthenticator are true? (Choose two)

A. Two-factor authentication cannot be enforced when using RADIUS authentication

B. RADIUS users can migrated to LDAP users

C. Only local users can be authenticated through RADIUS

D. FortiAuthenticator answers only to RADIUS client that are registered with FortiAuthenticator