Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion?
Correct Answer:C
SP-initiated SSO SAML packet flow for a host without a SAML assertion is as follows: 
Principal contacts service provider, requesting access to a protected resource.
Service provider redirects principal to identity provider, sending a SAML authentication request. Principal authenticates with identity provider using their credentials. After successful authentication, identity provider redirects principal back to service provider, sending a SAML response with a SAML assertion containing the principal’s attributes. Service provider validates the SAML response and assertion, and grants access to the principal.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/saml-service-provider#
A system administrator wants to integrate FortiAuthenticator with an existing identity management system with the goal of authenticating and deauthenticating users into FSSO.
What feature does FortiAuthenticator offer for this type of integration?
Correct Answer:C
REST API is a feature that allows FortiAuthenticator to integrate with an existing identity management system with the goal of authenticating and deauthenticating users into FSSO. REST API stands for Representational State Transfer Application Programming Interface, which is a method of exchanging data between different systems using HTTP requests and responses. FortiAuthenticator provides a REST API that can be used by external systems to perform various actions, such as creating, updating, deleting, or querying users and groups, or sending FSSO logon or logoff events.
References: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/rest-api
A digital certificate, also known as an X.509 certificate, contains which two pieces of information? (Choose two.)
Correct Answer:AC
A digital certificate, also known as an X.509 certificate, contains two pieces of information: 
Issuer, which is the identity of the certificate authority (CA) that issued the certificate
Public key, which is the public part of the asymmetric key pair that is associated with the certificate subject
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/certificate-management
Why would you configure an OCSP responder URL in an end-entity certificate?
Correct Answer:C
An OCSP responder URL in an end-entity certificate is used to designate a server for certificate status checking. OCSP stands for Online Certificate Status Protocol, which is a method of verifying whether a certificate is valid or revoked in real time. An OCSP responder is a server that responds to OCSP requests from clients with the status of the certificate in question. The OCSP responder URL in an end-entity certificate points to the location of the OCSP responder that can provide the status of that certificate.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/certificate-management
Which two features of FortiAuthenticator are used for EAP deployment? (Choose two)
Correct Answer:AD
Two features of FortiAuthenticator that are used for EAP deployment are certificate authority and RADIUS server. Certificate authority allows FortiAuthenticator to issue and manage digital certificates for EAP methods that require certificate-based authentication, such as EAP-TLS or PEAP-EAP-TLS. RADIUS server allows FortiAuthenticator to act as an authentication server for EAP methods that use RADIUS as a transport protocol, such as EAP-GTC or PEAP-MSCHAPV2.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/wireless-802-1x-authen