NSE6_FAC-6.4 Fortinet Exam Questions and Free Practice Test

Question 7

Which statement about captive portal policies is true, assuming a single policy has been defined?

A. All conditions in the policy must match before a user is presented with the captive portal.

B. Conditions in the policy apply only to wireless users.

C. Portal policies can be used only for BYODs.

Correct Answer:B
Captive portal policies are used to define the conditions and settings for presenting a captive portal to users who need to authenticate before accessing the network. A captive portal policy consists of a set of conditions and a set of actions. The conditions can be based on various attributes, such as source IP address, MAC address, user group, device type, or RADIUS client. The actions can include redirecting the user to a specific portal, applying a specific authentication method, or assigning a specific VLAN or firewall policy. A single policy can have multiple conditions, and all conditions in the policy must match before a user is presented with the captive portal.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/portal-services#captive

Question 8

Which two types of digital certificates can you create in Fortiauthenticator? (Choose two)

A. User certificate

B. Organization validation certificate

C. Third-party root certificate

D. Local service certificate

Correct Answer:AD
FortiAuthenticator can create two types of digital certificates: user certificates and local service certificates. User certificates are issued to users or devices for authentication purposes, such as VPN, wireless, or web access. Local service certificates are issued to FortiAuthenticator itself for securing its own services, such as HTTPS, RADIUS, or LDAP.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/certificate-management

Question 9

How can a SAML metada file be used?

A. To defined a list of trusted user names

B. To import the required IDP configuration

C. To correlate the IDP address to its hostname

D. To resolve the IDP realm for authentication

Correct Answer:B
A SAML metadata file can be used to import the required IDP configuration for SAML service provider mode. A SAML metadata file is an XML file that contains information about the identity provider (IDP) and the service provider (SP), such as their entity IDs, endpoints, certificates, and attributes. By importing a SAML metadata file from the IDP, FortiAuthenticator can automatically configure the necessary settings for SAML service provider mode.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/saml-service-provider#

Question 10

You want to monitor FortiAuthenticator system information and receive FortiAuthenticator traps through SNMP.
Which two configurations must be performed after enabling SNMP access on the FortiAuthenticator interface? (Choose two)

A. Enable logging services

B. Set the tresholds to trigger SNMP traps

C. Upload management information base (MIB) files to SNMP server

D. Associate an ASN, 1 mapping rule to the receiving host

Correct Answer:BC
To monitor FortiAuthenticator system information and receive FortiAuthenticator traps through SNMP, two configurations must be performed after enabling SNMP access on the FortiAuthenticator interface:
NSE6_FAC-6.4 dumps exhibit Set the thresholds to trigger SNMP traps for various system events, such as CPU usage, disk usage, memory usage, or temperature.
Upload management information base (MIB) files to SNMP server to enable the server to interpret the SNMP traps sent by FortiAuthenticator.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/system-settings#snmp

Question 11

What are three key features of FortiAuthenticator? (Choose three)

A. Identity management device

B. Log server

C. Certificate authority

D. Portal services

E. RSSO Server

Correct Answer:ACD
FortiAuthenticator is a user and identity management solution that provides strong authentication, wireless 802.1X authentication, certificate management, RADIUS AAA (authentication, authorization, and accounting), and Fortinet Single Sign-On (FSSO). It also offers portal services for guest management,
self-service password reset, and device registration. It is not a log server or an RSSO server. References: https://docs.fortinet.com/document/fortiauthenticator/6.4/release-notes

Question 12

Which two protocols are the default management access protocols for administrative access for FortiAuthenticator? (Choose two)

A. Telnet

B. HTTPS

C. SSH

D. SNMP

Correct Answer:BC
HTTPS and SSH are the default management access protocols for administrative access for FortiAuthenticator. HTTPS allows administrators to access the web-based GUI of FortiAuthenticator using a web browser and a secure connection. SSH allows administrators to access the CLI of FortiAuthenticator using an SSH client and an encrypted connection. Both protocols require the administrator to enter a valid username and password to log in.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/system-settings#manag

START NSE6_FAC-6.4 EXAM