● FCP - FortiAuthenticator 6.5 Administrator Exam Materials
Please note that the exam "FCP - FortiAuthenticator 6.5 Administrator" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
Question #21
Question #22
Which two protocols are the default management access protocols for administrative access to FortiAuthenticator? (Choose two answers)
- A. SSH
- B. SNMP
- C. Telnet
- D. HTTPS
Question #23
What capability does the inbound proxy setting provide? (Choose one answer)
- A. It allows FortiAuthenticator system access to authenticating users, based on a geo IP address designation.
- B. It allows FortiAuthenticator the ability to round robin load balance remote authentication servers.
- C. It allows FortiAuthenticator to act as a proxy for remote authentication servers.
- D. It allows FortiAuthenticator to determine the origin source IP address after traffic passes through a proxy for system access.
Question #24
You have implemented two-factor authentication to enhance security to sensitive enterprise systems.
How could you bypass the need for two-factor authentication for users accessing from specific secured networks?
(Choose one answer)
- A. Specify the appropriate RADIUS clients in the authentication policy.
- B. Create an admin realm in the authentication policy.
- C. Enable Adaptive Authentication in the portal policy.
- D. Enable the Resolve user geolocation from their IP address option in the authentication policy.
Question #25
Which two statements about the self-service portal are true? (Choose two answers)
- A. Administrator approval is required for all self-registrations.
- B. Self-registration information can be sent to the user through email or SMS.
- C. Realms can be used to configure which self-registered users or groups can authenticate on the network.
- D. Authenticating users must specify domain name along with username.
Question #26
When configuring syslog SSO, which three actions must you take, in addition to enabling the syslog SSO method? (Choose three answers)
- A. Enable syslog on the FortiAuthenticator interface.
- B. Define a syslog source.
- C. Set the same password on both the FortiAuthenticator and the syslog server.
- D. Set the syslog UDP port on FortiAuthenticator.
- E. Select a syslog rule for message parsing.
Question #27
Which statement about captive portal policies is true, assuming a single policy has been defined? (Choose one answer)
- A. Portal policies can be used only for BYODs.
- B. Portal policies apply only to authentication requests coming from unknown RADIUS clients
- C. All conditions in the policy must match before a user is presented with the captive portal.
- D. Conditions in the policy apply only to wireless users.
Question #28
Which two statements about the RADIUS service on FortiAuthenticator are true? (Choose two answers)
- A. Two-factor authentication cannot be enforced when using RADIUS authentication
- B. RADIUS users can be migrated to LDAP users
- C. Only Local users can be authenticated through RADIUS
- D. FortiAuthenticator answers only to RADIUS clients that are registered with FortiAuthenticator
Question #29
Which two are supported captive or guest portal authentication methods? (Choose two answers)
- A. LinkedIn
- B. Apple ID
- C. Instagram
- D. Email
Question #30
A device or user identity cannot be established transparently, such as with non-domain BYOD devices, and allow users to create their own credentials.
In this case, which user identity discovery method can FortiAuthenticator use?
(Choose one answer)
- A. Syslog messaging or SAML IdP
- B. Kerberos-based authentication
- C. RADIUS accounting
- D. Portal authentication
Why would you configure an OCSP responder URL in an end-entity certificate? (Choose one answer)