Fortinet NSE6 Exam Questions

Question 6 of 60

Which behavior does not exist for certificate revocation lists (CRLs) on FortiAuthenticator?

All local CAs share the same CRLs

CRLs can be exported

Revoked certificates are automatically placed on the CRL

SCEP can be used to distribute CRLs

Correct Answer: C

Question 7 of 60

A device that is 802.1X non-compliant must be connected to the network. Which authentication method can you use to authenticate the device with
FortiAuthenticator?

EAP-TTLS

EAP-TLS

PEAP (MSCHAPv2)

MAC authentication bypass

Correct Answer: D

Question 8 of 60

Which statements are true for the EAP-TTLS authentication method? (Choose two.)

Uses mutual authentication

Validates only the server (FortiAuthenticator) identity

Requires an EAP server certificate

Supports a port access control (wired) solution only

Correct Answer: A, C

Question 9 of 60

Which statements are true about the FortiAuthenticator CLI? (Choose two.)

The CLI is used for initial configuration, factory resets, and debugging only

The CLI is accessible through the dashboard of the Web-based manager

The CLI is accessible through a terminal emulation application using the SSH protocol

The CLI is used to configure DNS server addresses

Correct Answer: A, C

Question 10 of 60

RADIUS authentication with FortiAuthenticator is not working. The traffic sniffer indicates that client traffic is not reaching FortiAuthenticator. Which could be the cause of the problem? (Choose two.)

Incorrect RADIUS client IP and pre-shared secret

Group filters on the RADIUS client

Authentication method on the RADIUS client

Firewall policies on FortiGate

Correct Answer: A, D