nse6_fac-64

Here you have the best Fortinet nse6_fac-64 practice exam questions

You have 30 total questions to study from
Each page has 5 questions, making a total of 6 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on November 16, 2024

Question 1 of 30

Examine the screenshot shown in the exhibit.

Which two statements regarding the configuration are true? (Choose two.)

Guest users must fill in all the fields on the registration form.

All accounts registered through the guest portal must be validated through email.

All guest accounts created using the account registration feature will be placed under the Guest_Portal_Users group.

Guest user account will expire after eight hours.

Correct Answer: C, D

The configuration details indicate two true statements regarding how guest user accounts are managed. First, all guest accounts created using the account registration feature will be placed under the Guest_Portal_Users group, as specified by the 'Place registered users into a group' option. Second, the guest user account will expire after eight hours, as shown in the 'Account expires after' field, set to 8 hours.

Question 2 of 30

An administrator is integrating FortiAuthenticator with an existing RADIUS server with the intent of eventually replacing the RADIUS server with FortiAuthenticator.

How can FortiAuthenticator help facilitate this process?

By configuring the RADIUS accounting proxy

By enabling automatic REST API calls from the RADIUS server

By enabling learning mode in the RADIUS server configuration

By importing the RADIUS user records

Correct Answer: C

To facilitate the integration and eventual replacement of the existing RADIUS server, FortiAuthenticator can help by enabling learning mode in the RADIUS server configuration. Learning mode allows FortiAuthenticator to learn and store the credentials and attributes of the users as they authenticate, which aids in a seamless transition and minimizes disruption during the migration process.

Question 3 of 30

You are an administrator for a large enterprise and you want to delegate the creation and management of guest users to a group of sponsors.

How would you associate the guest accounts with individual sponsors?

As an administrator, you can assign guest groups to individual sponsors.

Guest accounts are associated with the sponsor that creates the guest account.

You can automatically add guest accounts to groups associated with specific sponsors.

Select the sponsor on the guest portal, during registration.

Correct Answer: B

Guest accounts are associated with the sponsor that creates the guest account. This approach ensures that the responsibility and management of the guest user are tied directly to the individual who created the account, maintaining clear accountability and traceability.

Question 4 of 30

You are a Wi-Fi provider and host multiple domains.

How do you delegate user accounts, user groups and permissions per domain when they are authenticating on a single FortiAuthenticator device?

Create realms.

Create user groups.

Create multiple directory trees on FortiAuthenticator.

Automatically import hosts from each domain as they authenticate.

Correct Answer: A

To delegate user accounts, user groups, and permissions per domain when users are authenticating on a single FortiAuthenticator device, you should create realms. Realms allow administrators to create a logical grouping of users and groups based on a common attribute such as a domain name or an IP address range. This enables the application of different authentication policies and settings to different groups of users based on their realm membership.

Question 5 of 30

You have implemented two-factor authentication to enhance security to sensitive enterprise systems.

How could you bypass the need for two-factor authentication for users accessing form specific secured networks?

Create an admin realm in the authentication policy.

Specify the appropriate RADIUS clients in the authentication policy.

Enable Adaptive Authentication in the portal policy.

Enable the Resolve user geolocation from their IP address option in the authentication policy.

Correct Answer: C

Enabling Adaptive Authentication allows administrators to bypass the need for two-factor authentication for users accessing from specific secured networks. It uses geolocation information from IP addresses to determine whether a user is accessing from a trusted network. If the user is accessing from a trusted network, the system can skip the second factor of authentication and grant access based on the first factor only.