Fortinet NSE6 Certification Practice Questions & Answers

Question 6 of 60

Which behavior does not exist for certificate revocation lists (CRLs) on FortiAuthenticator?

A.

All local CAs share the same CRLs

B.

CRLs can be exported

C.

Revoked certificates are automatically placed on the CRL

D.

SCEP can be used to distribute CRLs

Question 7 of 60

A device that is 802.1X non-compliant must be connected to the network. Which authentication method can you use to authenticate the device with
FortiAuthenticator?

A.

EAP-TTLS

B.

EAP-TLS

C.

PEAP (MSCHAPv2)

D.

MAC authentication bypass

Question 8 of 60

Which statements are true for the EAP-TTLS authentication method? (Choose two.)

A.

Uses mutual authentication

B.

Validates only the server (FortiAuthenticator) identity

C.

Requires an EAP server certificate

D.

Supports a port access control (wired) solution only

Question 9 of 60

Which statements are true about the FortiAuthenticator CLI? (Choose two.)

A.

The CLI is used for initial configuration, factory resets, and debugging only

B.

The CLI is accessible through the dashboard of the Web-based manager

C.

The CLI is accessible through a terminal emulation application using the SSH protocol

D.

The CLI is used to configure DNS server addresses

Question 10 of 60

RADIUS authentication with FortiAuthenticator is not working. The traffic sniffer indicates that client traffic is not reaching FortiAuthenticator. Which could be the cause of the problem? (Choose two.)

A.

Incorrect RADIUS client IP and pre-shared secret

B.

Group filters on the RADIUS client

C.

Authentication method on the RADIUS client

D.

Firewall policies on FortiGate