Free NSE6_FAC-6.4 Exam Dumps

No Installation Required, Instantly Prepare for the NSE6_FAC-6.4 exam and please click the below link to start the NSE6_FAC-6.4 Exam Simulator with a real NSE6_FAC-6.4 practice exam questions.
Use directly our on-line NSE6_FAC-6.4 exam dumps materials and try our Testing Engine to pass the NSE6_FAC-6.4 which is always updated.

  • Exam Code: NSE6_FAC-6.4
  • Exam Title: Fortinet NSE 6 - FortiAuthenticator 6.4
  • Vendor: Fortinet
  • Exam Questions: 47
  • Last Updated: November 15th,2024

Question 1

Which statement about the guest portal policies is true?

Correct Answer:D
Guest portal policies are rules that determine when and how to present the guest portal to users who want to access the network. Each policy has a set of conditions that can be based on various factors, such as the source IP address, MAC address, RADIUS client, user agent, or SSID. All conditions in the policy must match before a user is presented with the guest portal. Guest portal policies can apply to any authentication request coming from any RADIUS client, not just unknown ones. They can also be used for any type of device, not just BYODs. They can also apply to wired or VPN users, not just wireless users. References:
https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372404/guest-management/37240

Question 2

What capability does the inbound proxy setting provide?

Correct Answer:A
The inbound proxy setting provides the ability for FortiAuthenticator to determine the origin source IP address after traffic passes through a proxy for system access. The inbound proxy setting allows FortiAuthenticator to use the X-Forwarded-For header in the HTTP request to identify the original client IP address. This can help FortiAuthenticator apply the correct authentication policy or portal policy based on the source IP address.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/system-settings#inboun

Question 3

A device or user identity cannot be established transparently, such as with non-domain BYOD devices, and allow users to create their own credentialis.
In this case, which user idendity discovery method can Fortiauthenticator use?

Correct Answer:D
Portal authentication is a user identity discovery method that can be used when a device or user identity cannot be established transparently, such as with non-domain BYOD devices, and allow users to create their own credentials. Portal authentication requires users to enter their credentials on a web page before accessing network resources. The other methods are used for transparent identification of domain devices or users. References:
https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372406/user-identity-discovery
Examine the screenshot shown in the exhibit.
NSE6_FAC-6.4 dumps exhibit

Question 4

Which network configuration is required when deploying FortiAuthenticator for portal services?

Correct Answer:D
When deploying FortiAuthenticator for portal services, such as guest portal, sponsor portal, user portal or FortiToken activation portal, the network configuration must allow specific ports to be open between FortiAuthenticator and the authentication clients. These ports are:
NSE6_FAC-6.4 dumps exhibit TCP 80 for HTTP access
NSE6_FAC-6.4 dumps exhibit TCP 443 for HTTPS access
NSE6_FAC-6.4 dumps exhibit TCP 389 for LDAP access
NSE6_FAC-6.4 dumps exhibit TCP 636 for LDAPS access
NSE6_FAC-6.4 dumps exhibit UDP 1812 for RADIUS authentication
NSE6_FAC-6.4 dumps exhibit UDP 1813 for RADIUS accounting
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/portal-services#networ

Question 5

Which behaviors exist for certificate revocation lists (CRLs) on FortiAuthenticator? (Choose two)

Correct Answer:AB
CRLs are lists of certificates that have been revoked by the issuing CA and should not be trusted by any entity. CRLs contain the serial number of the certificate that has been revoked, the date and time of revocation, and the reason for revocation. Revoked certificates are automatically placed on the CRL by the CA and the CRL is updated periodically. CRLs can be exported through various methods, such as HTTP, LDAP, or SCEP. Each local CA has its own CRL that is specific to its issued certificates. References:
https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372408/certificate-management/3