Fortinet NSE6 Exam Questions

Question 6 of 60

A device that is 802.1X non-compliant must be connected to the network. Which authentication method can you use to authenticate the device with
FortiAuthenticator?

EAP-TTLS

EAP-TLS

PEAP (MSCHAPv2)

MAC authentication bypass

Correct Answer: D

Question 7 of 60

Which statements are true for the EAP-TTLS authentication method? (Choose two.)

Uses mutual authentication

Validates only the server (FortiAuthenticator) identity

Requires an EAP server certificate

Supports a port access control (wired) solution only

Correct Answer: A, C

Question 8 of 60

Which statements are true about the FortiAuthenticator CLI? (Choose two.)

The CLI is used for initial configuration, factory resets, and debugging only

The CLI is accessible through the dashboard of the Web-based manager

The CLI is accessible through a terminal emulation application using the SSH protocol

The CLI is used to configure DNS server addresses

Correct Answer: A, C

Question 9 of 60

RADIUS authentication with FortiAuthenticator is not working. The traffic sniffer indicates that client traffic is not reaching FortiAuthenticator. Which could be the cause of the problem? (Choose two.)

Incorrect RADIUS client IP and pre-shared secret

Group filters on the RADIUS client

Authentication method on the RADIUS client

Firewall policies on FortiGate

Correct Answer: A, D

Question 10 of 60

Which statements are true about the RADIUS service on FortiAuthenticator? (Choose two.)

FortiAuthenticator only answers to RADIUS clients that are registered with FortiAuthenticator

Local users can be authenticated through RADIUS

Administrator users can be authenticated through RADIUS

RADIUS clients must accept the RADIUS challenge response method if using two-factor authentication

Correct Answer: C, D