Practice Exams:

Free NSE6_FAC-6.4 Exam Braindumps

Pass your Fortinet NSE 6 - FortiAuthenticator 6.4 exam with these free Questions and Answers

Page 4 of 10
PDF with 47 Questions
QUESTION 11

An administrator is integrating FortiAuthenticator with an existing RADIUS server with the intent of eventually replacing the RADIUS server with FortiAuthenticator.
How can FortiAuthenticator help facilitate this process?

  1. A. By configuring the RADIUS accounting proxy
  2. B. By enabling automatic REST API calls from the RADIUS server
  3. C. By enabling learning mode in the RADIUS server configuration
  4. D. By importing the RADIUS user records

Correct Answer: C
FortiAuthenticator can help facilitate the process of replacing an existing RADIUS server by enabling learning mode in the RADIUS server configuration. This allows FortiAuthenticator to learn user credentials from the existing RADIUS server and store them locally for future authentication requests2. This way, FortiAuthenticator can gradually take over the role of the RADIUS server without disrupting the user experience.
References: 2 https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/radiu

QUESTION 12

Which network configuration is required when deploying FortiAuthenticator for portal services?

  1. A. FortiAuthenticator must have the REST API access enable on port1
  2. B. One of the DNS servers must be a FortiGuard DNS server
  3. C. Fortigate must be setup as default gateway for FortiAuthenticator
  4. D. Policies must have specific ports open between FortiAuthenticator and the authentication clients

Correct Answer: D
When deploying FortiAuthenticator for portal services, such as guest portal, sponsor portal, user portal or FortiToken activation portal, the network configuration must allow specific ports to be open between FortiAuthenticator and the authentication clients. These ports are:
NSE6_FAC-6.4 dumps exhibit TCP 80 for HTTP access
NSE6_FAC-6.4 dumps exhibit TCP 443 for HTTPS access
NSE6_FAC-6.4 dumps exhibit TCP 389 for LDAP access
NSE6_FAC-6.4 dumps exhibit TCP 636 for LDAPS access
NSE6_FAC-6.4 dumps exhibit UDP 1812 for RADIUS authentication
NSE6_FAC-6.4 dumps exhibit UDP 1813 for RADIUS accounting
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/portal-services#networ

QUESTION 13

Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion?

  1. A. Service provider contacts idendity provider, idendity provider validates principal for service provider, service provider establishes communication with principal
  2. B. Principal contacts idendity provider and is redirected to service provider, principal establishes connection with service provider, service provider validates authentication with identify provider
  3. C. Principal contacts service provider, service provider redirects principal to idendity provider, after succesfull authentication identify provider redirects principal to service provider
  4. D. Principal contacts idendity provider and authenticates, identity provider relays principal to service provider after valid authentication

Correct Answer: C
SP-initiated SSO SAML packet flow for a host without a SAML assertion is as follows:
NSE6_FAC-6.4 dumps exhibit Principal contacts service provider, requesting access to a protected resource.
NSE6_FAC-6.4 dumps exhibit Service provider redirects principal to identity provider, sending a SAML authentication request.
NSE6_FAC-6.4 dumps exhibit Principal authenticates with identity provider using their credentials.
NSE6_FAC-6.4 dumps exhibit After successful authentication, identity provider redirects principal back to service provider, sending a SAML response with a SAML assertion containing the principal’s attributes.
NSE6_FAC-6.4 dumps exhibit Service provider validates the SAML response and assertion, and grants access to the principal.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/saml-service-provider#

QUESTION 14

Which two types of digital certificates can you create in Fortiauthenticator? (Choose two)

  1. A. User certificate
  2. B. Organization validation certificate
  3. C. Third-party root certificate
  4. D. Local service certificate

Correct Answer: AD
FortiAuthenticator can create two types of digital certificates: user certificates and local service certificates. User certificates are issued to users or devices for authentication purposes, such as VPN, wireless, or web access. Local service certificates are issued to FortiAuthenticator itself for securing its own services, such as HTTPS, RADIUS, or LDAP.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/certificate-management

Page 4 of 10
PDF with 47 Questions

Post your Comments and Discuss Fortinet NSE6_FAC-6.4 exam with other Community members: