Question 6 of 30
Which network configuration is required when depioying FortiAuthenticator for portal services?
Answer

Suggested Answer

The suggested answer is B.

When deploying FortiAuthenticator for portal services, it is essential to ensure that policies have specific ports open between FortiAuthenticator and the authentication clients. This configuration is crucial for enabling communication and facilitating authentication processes between the clients and FortiAuthenticator.

Community Votes1 vote
BSuggested
100%
Question 7 of 30
You are a FortiAuthenticator administrator for a large organization. Users who are configured to use FortiToken 200 for two-factor authentication can no longer authenticate. You have verified that only the users with two-factor authentication are experiencing the issue.
What can cause this issue?
Answer

Suggested Answer

The suggested answer is C.

Time drift between FortiAuthenticator and hardware tokens can cause users to no longer authenticate. If the internal clocks of FortiAuthenticator and the FortiToken 200 devices are not synchronized, the one-time passwords (OTPs) generated by the tokens will not match the expected values, leading to authentication failures. Ensuring time synchronization or configuring time drift tolerance can resolve this issue.

Community Votes7 votes
CSuggested
100%
Question 8 of 30
Why would you configure an OCSP responder URL in an end-entity certificate?
Answer

Suggested Answer

The suggested answer is C.

Configuring an OCSP responder URL in an end-entity certificate is necessary to designate a server for certificate status checking. OCSP stands for Online Certificate Status Protocol, which helps verify whether a certificate is valid or has been revoked in real-time. The specified OCSP responder URL points to the server that can provide the status of the certificate.

Community Votes3 votes
CSuggested
100%
Question 9 of 30
An administrator wants to keep local CA cryptographic keys stored in a central location.
Which FortiAuthenticator feature would provide this functionality?
Answer

Suggested Answer

The suggested answer is C.

To keep local CA cryptographic keys stored in a central location, the FortiAuthenticator feature required is Network HSM (Hardware Security Module). Network HSMs are designed to protect and manage digital keys for strong authentication, ensuring that cryptographic keys are securely stored and managed in a centralized in a hardware device.

Community Votes3 votes
CSuggested
100%
Question 10 of 30
Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion?
Answer

Suggested Answer

The suggested answer is A.

In an SP-initiated Single Sign-On (SSO) SAML flow, when a principal (user) does not have a SAML assertion, the correct sequence is as follows: The principal first contacts the service provider. Since the principal does not have a SAML assertion, the service provider redirects the principal to the identity provider. The identity provider then authenticates the principal. After successful authentication, the identity provider sends the principal back to the service provider with the necessary SAML assertion. This sequence ensures that the user is authenticated by the identity provider before accessing services from the service provider.

Community Votes8 votes
ASuggested
100%