Question 6 of 30

Refer to the exhibit.

Examine the screenshot shown in the exhibit.

Which two statements regarding the configuration are true? (Choose two.)

    Correct Answer: BC

    All guest accounts created using the account registration feature will be placed under the Guest_Portal_Users group, as indicated by the setting 'Place registered users into a group: Guest_Portal_Users'. Guest users must fill in all the fields on the registration form because multiple fields such as 'First name,' 'Last name,' 'Email address,' 'Phone number,' and 'Mobile number' are selected under 'Required field configuration.'

Question 7 of 30

Which interface services must be enabled for the SCEP client to connect to FortiAuthenticator?

    Correct Answer: B

    To connect to FortiAuthenticator, the SCEP client requires HTTP/HTTPS services to be enabled. These protocols are necessary for secure communication and data exchange between the client and the server. OCSP, SSH, and REST API are not required for this purpose.

Question 8 of 30

Which two statements about the EAP-TTLS authentication method are true? (Choose two.)

    Correct Answer: BD

    EAP-TTLS (Extensible Authentication Protocol - Tunneled Transport Layer Security) is an authentication method that uses digital certificates only on the server side, which securely authenticates the server to the client. This method requires an EAP server certificate. Unlike EAP-TLS, which requires certificates on both the server and client sides, EAP-TTLS facilitates a simpler deployment by eliminating the need for client-side certificates.

Question 9 of 30

Which EAP method is known as the outer authentication method?

    Correct Answer: C

    Protected Extensible Authentication Protocol (PEAP) is known as the outer authentication method. It provides a secure transportation channel for the inner authentication methods, like EAP-TLS or MSCHAPv2, by encapsulating the EAP within an encrypted and authenticated TLS tunnel. This is why PEAP is considered the outer authentication method.

Question 10 of 30

Which two SAMI roles can FortiAuthenticator be configured as? (Choose two.)

    Correct Answer: AD

    FortiAuthenticator can be configured as both an Identity Provider (IdP) and a Service Provider (SP) in the context of SAML roles. An Identity Provider is responsible for authenticating a user and asserting their identity to the service provider. A Service Provider receives and uses the identity assertion from the Identity Provider. The options provided align with these roles.