NSE6_FAC-6.4 Exam Questions - Online Test


NSE6_FAC-6.4 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

surepassexam.com

we provide Accurate Fortinet NSE6_FAC-6.4 book which are the best for clearing NSE6_FAC-6.4 test, and to get certified by Fortinet Fortinet NSE 6 - FortiAuthenticator 6.4. The NSE6_FAC-6.4 Questions & Answers covers all the knowledge points of the real NSE6_FAC-6.4 exam. Crack your Fortinet NSE6_FAC-6.4 Exam with latest dumps, guaranteed!

Online NSE6_FAC-6.4 free questions and answers of New Version:

NEW QUESTION 1
You are the administrator of a global enterprise with three FortiAuthenticator devices. You would like to deploy them to provide active-passive HA at headquarters, with geographically distributed load balancing.
What would the role settings be?

  • A. One standalone and two load balancersB One standalone primary, one cluster member, and one load balancer
  • B. Two cluster members and one backup
  • C. Two cluster members and one load balancer

Answer: B

Explanation:
To deploy three FortiAuthenticator devices to provide active-passive HA at headquarters, with geographically distributed load balancing, the role settings would be:
NSE6_FAC-6.4 dumps exhibit One standalone primary, which acts as the master device for HA and load balancing
NSE6_FAC-6.4 dumps exhibit One cluster member, which acts as the backup device for HA and load balancing
NSE6_FAC-6.4 dumps exhibit One load balancer, which acts as a remote device that forwards authentication requests to the primary or cluster member device
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/high-availability#ha-an

NEW QUESTION 2
What are three key features of FortiAuthenticator? (Choose three)

  • A. Identity management device
  • B. Log server
  • C. Certificate authority
  • D. Portal services
  • E. RSSO Server

Answer: ACD

Explanation:
FortiAuthenticator is a user and identity management solution that provides strong authentication, wireless 802.1X authentication, certificate management, RADIUS AAA (authentication, authorization, and accounting), and Fortinet Single Sign-On (FSSO). It also offers portal services for guest management,
self-service password reset, and device registration. It is not a log server or an RSSO server. References: https://docs.fortinet.com/document/fortiauthenticator/6.4/release-notes

NEW QUESTION 3
An administrator has an active directory (AD) server integrated with FortiAuthenticator. They want members of only specific AD groups to participate in FSSO with their corporate FortiGate firewalls.
How does the administrator accomplish this goal?

  • A. Configure a FortiGate filter on FortiAuthenticatoc
  • B. Configure a domain groupings list to identify the desired AD groups.
  • C. Configure fine-grained controls on FortiAuthenticator to designate AD groups.
  • D. Configure SSO groups and assign them to FortiGate groups.

Answer: D

Explanation:
To allow members of only specific AD groups to participate in FSSO with their corporate FortiGate firewalls, the administrator can configure SSO groups and assign them to FortiGate groups. SSO groups are groups of users or devices that are defined on FortiAuthenticator based on various criteria, such as user group membership, source IP address, MAC address, or device type. FortiGate groups are groups of users or devices that are defined on FortiGate based on various criteria, such as user group membership, firewall policy, or authentication method. By mapping SSO groups to FortiGate groups, the administrator can control which users or devices can access the network resources protected by FortiGate.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/single-sign-on#sso-gro

NEW QUESTION 4
You are a FortiAuthenticator administrator for a large organization. Users who are configured to use FortiToken 200 for two-factor authentication can no longer authenticate. You have verified that only the users with two-factor authentication are experiencing the issue.
What can cause this issue?

  • A. FortiToken 200 license has expired
  • B. One of the FortiAuthenticator devices in the active-active cluster has failed
  • C. Time drift between FortiAuthenticator and hardware tokens
  • D. FortiAuthenticator has lost contact with the FortiToken Cloud servers

Answer: C

Explanation:
One possible cause of the issue is time drift between FortiAuthenticator and hardware tokens. Time drift occurs when the internal clocks of FortiAuthenticator and hardware tokens are not synchronized. This can result in mismatched one-time passwords (OTPs) generated by the hardware tokens and expected by FortiAuthenticator. To prevent this issue, FortiAuthenticator provides a time drift tolerance option that allows a certain number of seconds of difference between the clocks.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/two-factor-authenticati

NEW QUESTION 5
You are an administrator for a large enterprise and you want to delegate the creation and management of guest users to a group of sponsors.
How would you associate the guest accounts with individual sponsors?

  • A. As an administrator, you can assign guest groups to individual sponsors.
  • B. Guest accounts are associated with the sponsor that creates the guest account.
  • C. You can automatically add guest accounts to groups associated with specific sponsors.
  • D. Select the sponsor on the guest portal, during registration.

Answer: B

Explanation:
Guest accounts are associated with the sponsor that creates the guest account. A sponsor is a user who has permission to create and manage guest accounts on behalf of other users3. A sponsor can create guest accounts using the sponsor portal or the REST API3. The sponsor’s username is recorded as a field in the guest account’s profile3.
References: 3 https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/guest

NEW QUESTION 6
Which statement about the assignment of permissions for sponsor and administrator accounts is true?

  • A. Only administrator accounts permissions are assigned using admin profiles.
  • B. Sponsor permissions are assigned using group settings.
  • C. Administrator capabilities are assigned by applying permission sets to admin groups.
  • D. Both sponsor and administrator account permissions are assigned using admin profiles.

Answer: D

Explanation:
Both sponsor and administrator account permissions are assigned using admin profiles. An admin profile is a set of permissions that defines what actions an administrator or a sponsor can perform on FortiAuthenticator. An admin profile can be assigned to an admin group or an individual admin user. A sponsor is a special type of admin user who can create and manage guest accounts on behalf of other users.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/administrators#admin-p

NEW QUESTION 7
Which method is the most secure way of delivering FortiToken data once the token has been seeded?

  • A. Online activation of the tokens through the FortiGuard network
  • B. Shipment of the seed files on a CD using a tamper-evident envelope
  • C. Using the in-house token provisioning tool
  • D. Automatic token generation using FortiAuthenticator

Answer: A

Explanation:
Online activation of the tokens through the FortiGuard network is the most secure way of delivering FortiToken data once the token has been seeded because it eliminates the risk of seed files being compromised during transit or storage. The other methods involve physical or manual delivery of seed files which can be intercepted, lost, or stolen. References: https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372403/fortitoken

NEW QUESTION 8
Which two statements regarding the configuration are true? (Choose two.)

  • A. All guest accounts created using the account registration feature will be placed under the Guest_Portal_Users group
  • B. All accounts registered through the guest portal must be validated through email
  • C. Guest users must fill in all the fields on the registration form
  • D. Guest user account will expire after eight hours

Answer: AB

Explanation:
The screenshot shows that the account registration feature is enabled for the guest portal and that the guest group is set to Guest_Portal_Users. This means that all guest accounts created using this feature will be placed under that group1. The screenshot also shows that email validation is enabled for the guest portal and that the email validation link expires after 24 hours. This means that all accounts registered through the guest portal must be validated through email within that time frame1.
References: 1 https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/guest

NEW QUESTION 9
Which three of the following can be used as SSO sources? (Choose three)

  • A. FortiClient SSO Mobility Agent
  • B. SSH Sessions
  • C. FortiAuthenticator in SAML SP role
  • D. Fortigate
  • E. RADIUS accounting

Answer: ADE

Explanation:
FortiAuthenticator supports various SSO sources that can provide user identity information to other devices in the network, such as FortiGate firewalls or FortiAnalyzer log servers. Some of the supported SSO sources are:
NSE6_FAC-6.4 dumps exhibit FortiClient SSO Mobility Agent: A software agent that runs on Windows devices and sends user login information to FortiAuthenticator.
NSE6_FAC-6.4 dumps exhibit FortiGate: A firewall device that can send user login information from various sources, such as FSSO agents, captive portals, VPNs, or LDAP servers, to FortiAuthenticator.
NSE6_FAC-6.4 dumps exhibit RADIUS accounting: A protocol that can send user login information from RADIUS servers or clients, such as wireless access points or VPN concentrators, to FortiAuthenticator.
SSH sessions and FortiAuthenticator in SAML SP role are not valid SSO sources because they do not provide user identity information to other devices in the network. References: https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372410/single-sign-on

NEW QUESTION 10
Which two statements about the EAP-TTLS authentication method are true? (Choose two)

  • A. Uses mutual authentication
  • B. Uses digital certificates only on the server side
  • C. Requires an EAP server certificate
  • D. Support a port access control (wired) solution only

Answer: BC

Explanation:
EAP-TTLS is an authentication method that uses digital certificates only on the server side to establish a secure tunnel between the server and the client. The client does not need a certificate but can use any inner authentication method supported by the server, such as PAP, CHAP, MS-CHAP, or EAP-MD5. EAP-TTLS requires an EAP server certificate that is issued by a trusted CA and installed on the FortiAuthenticator device acting as the EAP server. EAP-TTLS supports both wireless and wired solutions for port access control. References: https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372412/eap-ttls

NEW QUESTION 11
An administrator wants to keep local CA cryptographic keys stored in a central location.
Which FortiAuthenticator feature would provide this functionality?

  • A. SCEP support
  • B. REST API
  • C. Network HSM
  • D. SFTP server

Answer: C

Explanation:
Network HSM is a feature that allows FortiAuthenticator to keep local CA cryptographic keys stored in a central location. HSM stands for Hardware Security Module, which is a physical device that provides secure storage and generation of cryptographic keys. Network HSM allows FortiAuthenticator to use an external HSM device to store and manage the private keys of its local CAs, instead of storing them locally on the FortiAuthenticator device.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/certificate-management

NEW QUESTION 12
What capability does the inbound proxy setting provide?

  • A. It allows FortiAuthenticator to determine the origin source IP address after traffic passes through a proxy for system access,
  • B. It allows FortiAuthenticator to act as a proxy for remote authentication servers.
  • C. It allows FortiAuthenticator the ability to round robin load balance remote authentication servers.
  • D. It allows FortiAuthenticator system access to authenticating users, based on a geo IP address designation.

Answer: A

Explanation:
The inbound proxy setting provides the ability for FortiAuthenticator to determine the origin source IP address after traffic passes through a proxy for system access. The inbound proxy setting allows FortiAuthenticator to use the X-Forwarded-For header in the HTTP request to identify the original client IP address. This can help FortiAuthenticator apply the correct authentication policy or portal policy based on the source IP address.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/system-settings#inboun

NEW QUESTION 13
Which statement about the guest portal policies is true?

  • A. Guest portal policies apply only to authentication requests coming from unknown RADIUS clients
  • B. Guest portal policies can be used only for BYODs
  • C. Conditions in the policy apply only to guest wireless users
  • D. All conditions in the policy must match before a user is presented with the guest portal

Answer: D

Explanation:
Guest portal policies are rules that determine when and how to present the guest portal to users who want to access the network. Each policy has a set of conditions that can be based on various factors, such as the source IP address, MAC address, RADIUS client, user agent, or SSID. All conditions in the policy must match before a user is presented with the guest portal. Guest portal policies can apply to any authentication request coming from any RADIUS client, not just unknown ones. They can also be used for any type of device, not just BYODs. They can also apply to wired or VPN users, not just wireless users. References:
https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372404/guest-management/37240

NEW QUESTION 14
What are three key features of FortiAuthenticator? (Choose three)

  • A. Identity management device
  • B. Log server
  • C. Certificate authority
  • D. Portal services
  • E. RSSO Server

Answer: ACD

Explanation:
FortiAuthenticator is a user and identity management solution that provides strong authentication, wireless 802.1X authentication, certificate management, RADIUS AAA (authentication, authorization, and accounting), and Fortinet Single Sign-On (FSSO). It also offers portal services for guest management,
self-service password reset, and device registration. It is not a log server or an RSSO server. References:
https://docs.fortinet.com/document/fortiauthenticator/6.4/release-notes

NEW QUESTION 15
......

Thanks for reading the newest NSE6_FAC-6.4 exam dumps! We recommend you to try the PREMIUM Dumps-files.com NSE6_FAC-6.4 dumps in VCE and PDF here: https://www.dumps-files.com/files/NSE6_FAC-6.4/ (47 Q&As Dumps)