PassLeader just published the NEWEST Fortinet NSE6_FAC-6.4 exam dumps! And, PassLeader offer two types of the NSE6_FAC-6.4 dumps — NSE6_FAC-6.4 VCE dumps and NSE6_FAC-6.4 PDF dumps, both VCE and PDF contain the NEWEST NSE6_FAC-6.4 exam questions, they will help you PASSING the Fortinet NSE6_FAC-6.4 exam easily! Now, get the NEWEST NSE6_FAC-6.4 dumps in VCE and PDF from PassLeader — https://www.passleader.com/nse6-fac-6-4.html (50 Q&As Dumps)
What’s more, part of that PassLeader NSE6_FAC-6.4 dumps now are free — https://drive.google.com/drive/folders/1LMtffMU3tl2XFjMokjUcb2qxPi4KsrZB
NEW QUESTION 1
Which network configuration is required when deploying FortiAuthenticator for portal services?
A. FortiAuthenticator must have the REST API access enable on port1.
B. One of the DNS servers must be a FortiGuard DNS server.
C. Fortigate must be setup as default gateway for FortiAuthenticator.
D. Policies must have specific ports open between FortiAuthenticator and the authentication clients.
Answer: D
Explanation:
When deploying FortiAuthenticator for portal services, such as guest portal, sponsor portal, user portal or FortiToken activation portal, the network configuration must allow specific ports to be open between FortiAuthenticator and the authentication clients. These ports are:
– TCP 80 for HTTP access
– TCP 443 for HTTPS access
– TCP 389 for LDAP access
– TCP 636 for LDAPS access
– UDP 1812 for RADIUS authentication
– UDP 1813 for RADIUS accounting
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/portal-services#network-configuration
NEW QUESTION 2
Why would you configure an OCSP responder URL in an end-entity certificate?
A. To designate the SCEP server to use for CRL updates for that certificate.
B. To identify the end point that a certificate has been assigned to.
C. To designate a server for certificate status checking.
D. To provide the CRL location for the certificate.
Answer: C
Explanation:
An OCSP responder URL in an end-entity certificate is used to designate a server for certificate status checking. OCSP stands for Online Certificate Status Protocol, which is a method of verifying whether a certificate is valid or revoked in real time. An OCSP responder is a server that responds to OCSP requests from clients with the status of the certificate in question. The OCSP responder URL in an end-entity certificate points to the location of the OCSP responder that can provide the status of that certificate.
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/certificate-management#ocsp-responder
NEW QUESTION 3
Which two types of digital certificates can you create in Fortiauthenticator? (Choose two.)
A. User certificate.
B. Organization validation certificate.
C. Third-party root certificate.
D. Local service certificate.
Answer: AD
Explanation:
FortiAuthenticator can create two types of digital certificates: user certificates and local service certificates. User certificates are issued to users or devices for authentication purposes, such as VPN, wireless, or web access. Local service certificates are issued to FortiAuthenticator itself for securing its own services, such as HTTPS, RADIUS, or LDAP.
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/certificate-management#certificate-types
NEW QUESTION 4
Which two features of FortiAuthenticator are used for EAP deployment? (Choose two.)
A. Certificate authority.
B. LDAP server.
C. MAC authentication bypass.
D. RADIUS server.
Answer: AD
Explanation:
Two features of FortiAuthenticator that are used for EAP deployment are certificate authority and RADIUS server. Certificate authority allows FortiAuthenticator to issue and manage digital certificates for EAP methods that require certificate-based authentication, such as EAP-TLS or PEAP-EAP-TLS. RADIUS server allows FortiAuthenticator to act as an authentication server for EAP methods that use RADIUS as a transport protocol, such as EAP-GTC or PEAP-MSCHAPV2.
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/wireless-802-1x-authentication
NEW QUESTION 5
Which statement about captive portal policies is true, assuming a single policy has been defined?
A. Portal policies apply only to authentication requests coming from unknown RADIUS clients.
B. All conditions in the policy must match before a user is presented with the captive portal.
C. Conditions in the policy apply only to wireless users.
D. Portal policies can be used only for BYODs.
Answer: B
Explanation:
Captive portal policies are used to define the conditions and settings for presenting a captive portal to users who need to authenticate before accessing the network. A captive portal policy consists of a set of conditions and a set of actions. The conditions can be based on various attributes, such as source IP address, MAC address, user group, device type, or RADIUS client. The actions can include redirecting the user to a specific portal, applying a specific authentication method, or assigning a specific VLAN or firewall policy. A single policy can have multiple conditions, and all conditions in the policy must match before a user is presented with the captive portal.
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/portal-services#captive-portal-policies
NEW QUESTION 6
Which two protocols are the default management access protocols for administrative access for FortiAuthenticator? (Choose two.)
A. Telnet
B. HTTPS
C. SSH
D. SNMP
Answer: BC
Explanation:
HTTPS and SSH are the default management access protocols for administrative access for FortiAuthenticator. HTTPS allows administrators to access the web-based GUI of FortiAuthenticator using a web browser and a secure connection. SSH allows administrators to access the CLI of FortiAuthenticator using an SSH client and an encrypted connection. Both protocols require the administrator to enter a valid username and password to log in.
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/system-settings#management-access
NEW QUESTION 7
An administrator has an active directory (AD) server integrated with FortiAuthenticator. They want members of only specific AD groups to participate in FSSO with their corporate FortiGate firewalls. How does the administrator accomplish this goal?
A. Configure a FortiGate filter on FortiAuthenticator.
B. Configure a domain groupings list to identify the desired AD groups.
C. Configure fine-grained controls on FortiAuthenticator to designate AD groups.
D. Configure SSO groups and assign them to FortiGate groups.
Answer: D
Explanation:
To allow members of only specific AD groups to participate in FSSO with their corporate FortiGate firewalls, the administrator can configure SSO groups and assign them to FortiGate groups. SSO groups are groups of users or devices that are defined on FortiAuthenticator based on various criteria, such as user group membership, source IP address, MAC address, or device type. FortiGate groups are groups of users or devices that are defined on FortiGate based on various criteria, such as user group membership, firewall policy, or authentication method. By mapping SSO groups to FortiGate groups, the administrator can control which users or devices can access the network resources protected by FortiGate.
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/single-sign-on#sso-groups
NEW QUESTION 8
When configuring syslog SSO, which three actions must you take, in addition to enabling the syslog SSO method? (Choose three.)
A. Enable syslog on the FortiAuthenticator interface.
B. Define a syslog source.
C. Select a syslog rule for message parsing.
D. Set the same password on both the FortiAuthenticator and the syslog server.
E. Set the syslog UDP port on FortiAuthenticator.
Answer: BCE
Explanation:
To configure syslog SSO, three actions must be taken, in addition to enabling the syslog SSO method:
– Define a syslog source, which is a device that sends syslog messages to FortiAuthenticator containing user logon or logoff information.
– Select a syslog rule for message parsing, which is a predefined or custom rule that defines how to extract the user name, IP address, and logon or logoff action from the syslog message.
– Set the syslog UDP port on FortiAuthenticator, which is the port number that FortiAuthenticator listens on for incoming syslog messages.
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/single-sign-on#syslog-sso
NEW QUESTION 9
Which two statement about the RADIUS service on FortiAuthenticator are true? (Choose two.)
A. Two-factor authentication cannot be enforced when using RADIUS authentication.
B. RADIUS users can migrated to LDAP users.
C. Only local users can be authenticated through RADIUS.
D. FortiAuthenticator answers only to RADIUS client that are registered with FortiAuthenticator.
Answer: BD
Explanation:
Two statements about the RADIUS service on FortiAuthenticator are true:
– RADIUS users can be migrated to LDAP users using the RADIUS learning mode feature. This feature allows FortiAuthenticator to learn user credentials from an existing RADIUS server and store them locally as LDAP users for future authentication requests.
– FortiAuthenticator answers only to RADIUS clients that are registered with FortiAuthenticator. A RADIUS client is a device that sends RADIUS authentication or accounting requests to FortiAuthenticator. A RADIUS client must be added and configured on FortiAuthenticator before it can communicate with it.
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/radius-service
NEW QUESTION 10
A digital certificate, also known as an X.509 certificate, contains which two pieces of information? (Choose two.)
A. Issuer.
B. Shared secret.
C. Public key.
D. Private key.
Answer: AC
Explanation:
A digital certificate, also known as an X.509 certificate, contains two pieces of information:
– Issuer, which is the identity of the certificate authority (CA) that issued the certificate.
– Public key, which is the public part of the asymmetric key pair that is associated with the certificate subject.
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/certificate-management#certificate-components
NEW QUESTION 11
What are three key features of FortiAuthenticator? (Choose three.)
A. Identity management device.
B. Log server.
C. Certificate authority.
D. Portal services.
E. RSSO server.
Answer: ACD
Explanation:
FortiAuthenticator is a user and identity management solution that provides strong authentication, wireless 802.1X authentication, certificate management, RADIUS AAA (authentication, authorization, and accounting), and Fortinet Single Sign-On (FSSO). It also offers portal services for guest management, self-service password reset, and device registration. It is not a log server or an RSSO server.
https://docs.fortinet.com/document/fortiauthenticator/6.4/release-notes
NEW QUESTION 12
At a minimum, which two configurations are required to enable guest portal services on FortiAuthenticator? (Choose two.)
A. Configuring a portal policy.
B. Configuring at least on post-login service.
C. Configuring a RADIUS client.
D. Configuring an external authentication portal.
Answer: AB
Explanation:
To enable guest portal services on FortiAuthenticator, you need to configure a portal policy that defines the conditions for presenting the guest portal to users and the authentication methods to use. You also need to configure at least one post-login service that defines what actions to take after a user logs in successfully, such as sending an email confirmation, assigning a VLAN, or creating a user account. Configuring a RADIUS client or an external authentication portal are optional steps that depend on your network setup and requirements.
https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372404/guest-management
NEW QUESTION 13
Which two SAML roles can Fortiauthenticator be configured as? (Choose two.)
A. Idendity provider.
B. Principal.
C. Assertion server.
D. Service provider.
Answer: AD
Explanation:
FortiAuthenticator can be configured as a SAML identity provider (IdP) or a SAML service provider (SP). As an IdP, FortiAuthenticator authenticates users and issues SAML assertions to SPs. As an SP, FortiAuthenticator receives SAML assertions from IdPs and grants access to users based on the attributes in the assertions. Principal and assertion server are not valid SAML roles.
https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372407/saml
NEW QUESTION 14
Which statement about the guest portal policies is true?
A. Guest portal policies apply only to authentication requests coming from unknown RADIUS clients.
B. Guest portal policies can be used only for BYODs.
C. Conditions in the policy apply only to guest wireless users.
D. All conditions in the policy must match before a user is presented with the guest portal.
Answer: D
Explanation:
Guest portal policies are rules that determine when and how to present the guest portal to users who want to access the network. Each policy has a set of conditions that can be based on various factors, such as the source IP address, MAC address, RADIUS client, user agent, or SSID. All conditions in the policy must match before a user is presented with the guest portal. Guest portal policies can apply to any authentication request coming from any RADIUS client, not just unknown ones. They can also be used for any type of device, not just BYODs. They can also apply to wired or VPN users, not just wireless users.
https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372404/guest-management/372406/portal-policies
NEW QUESTION 15
Which method is the most secure way of delivering FortiToken data once the token has been seeded?
A. Online activation of the tokens through the FortiGuard network.
B. Shipment of the seed files on a CD using a tamper-evident envelope.
C. Using the in-house token provisioning tool.
D. Automatic token generation using FortiAuthenticator.
Answer: A
Explanation:
Online activation of the tokens through the FortiGuard network is the most secure way of delivering FortiToken data once the token has been seeded because it eliminates the risk of seed files being compromised during transit or storage. The other methods involve physical or manual delivery of seed files which can be intercepted, lost, or stolen.
https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372403/fortitoken
NEW QUESTION 16
……
Learning the PassLeader NSE6_FAC-6.4 dumps with VCE and PDF for 100% passing Fortinet certification — https://www.passleader.com/nse6-fac-6-4.html (50 Q&As Dumps)
BONUS!!! Download part of PassLeader NSE6_FAC-6.4 dumps for free — https://drive.google.com/drive/folders/1LMtffMU3tl2XFjMokjUcb2qxPi4KsrZB