Free NSE6_FAC-6.4 Exam Dumps

Question 11

Which two SAML roles can Fortiauthenticator be configured as? (Choose two)

A. Idendity provider
B. Principal
C. Assertion server
D. Service provider

Correct Answer:AD
FortiAuthenticator can be configured as a SAML identity provider (IdP) or a SAML service provider (SP). As an IdP, FortiAuthenticator authenticates users and issues SAML assertions to SPs. As an SP, FortiAuthenticator receives SAML assertions from IdPs and grants access to users based on the attributes in the assertions. Principal and assertion server are not valid SAML roles. References: https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372407/saml

Question 12

At a minimum, which two configurations are required to enable guest portal services on FortiAuthenticator? (Choose two)

A. Configuring a portal policy
B. Configuring at least on post-login service
C. Configuring a RADIUS client
D. Configuring an external authentication portal

Correct Answer:AB
To enable guest portal services on FortiAuthenticator, you need to configure a portal policy that defines the conditions for presenting the guest portal to users and the authentication methods to use. You also need to configure at least one post-login service that defines what actions to take after a user logs in successfully, such as sending an email confirmation, assigning a VLAN, or creating a user account. Configuring a RADIUS client or an external authentication portal are optional steps that depend on your network setup and requirements. References:
https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372404/guest-management

Question 13

Which two statements about the EAP-TTLS authentication method are true? (Choose two)

A. Uses mutual authentication
B. Uses digital certificates only on the server side
C. Requires an EAP server certificate
D. Support a port access control (wired) solution only

Correct Answer:BC
EAP-TTLS is an authentication method that uses digital certificates only on the server side to establish a secure tunnel between the server and the client. The client does not need a certificate but can use any inner authentication method supported by the server, such as PAP, CHAP, MS-CHAP, or EAP-MD5. EAP-TTLS requires an EAP server certificate that is issued by a trusted CA and installed on the FortiAuthenticator device acting as the EAP server. EAP-TTLS supports both wireless and wired solutions for port access control. References: https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372412/eap-ttls

Question 14

What are three key features of FortiAuthenticator? (Choose three)

A. Identity management device
B. Log server
C. Certificate authority
D. Portal services
E. RSSO Server

Correct Answer:ACD
FortiAuthenticator is a user and identity management solution that provides strong authentication, wireless 802.1X authentication, certificate management, RADIUS AAA (authentication, authorization, and accounting), and Fortinet Single Sign-On (FSSO). It also offers portal services for guest management,
self-service password reset, and device registration. It is not a log server or an RSSO server. References:
https://docs.fortinet.com/document/fortiauthenticator/6.4/release-notes