● FCP - FortiAuthenticator 6.5 Administrator Exam Materials
Please note that the exam "FCP - FortiAuthenticator 6.5 Administrator" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
Question #31
Question #32
What happens when a certificate is revoked? (Choose two answers)
- A. Revoked certificates cannot be reinstated for any reason
- B. All certificates signed by a revoked CA certificate are automatically revoked
- C. Revoked certificates are automatically added to the CRL
- D. External CAs will periodically query FortiAuthenticator and automatically download revoked certificates
Question #33
You are the administrator of a large network that includes a large local user database on the current FortiAuthenticator. You want to import all the local users into a new FortiAuthenticator device.
Which method should you use to migrate the local users?
(Choose one answer)
- A. Import users using RADIUS accounting updates.
- B. Import the current directory structure.
- C. Import users from RADIUS.
- D. Import users using a CSV file.
Question #34
Which three of the following can be used as SSO sources? (Choose three answers)
- A. FortiClient SSO Mobility Agent
- B. SSH sessions
- C. FortiAuthenticator in SAML SP role
- D. FortiGate
- E. RADIUS accounting
Question #35
Which two capabilities does FortiAuthenticator offer when acting as a self-signed or local CA? (Choose two answers)
- A. Validating other CA CRLs using OCSP
- B. Importing other CA certificates and CRLs
- C. Merging local and remote CRLs using SCEP
- D. Creating, signing, and revoking of X.509 certificates
Question #36
Which statement about the guest portal policies is true? (Choose one answer)
- A. Guest portal policies apply only to authentication requests coming from unknown RADIUS clients.
- B. Guest portal policies can be used only for BYODs.
- C. Conditions in the policy apply only to guest wireless users.
- D. All conditions in the policy must match before a user is presented with the guest portal.
Question #37
When you are setting up two FortiAuthenticator devices in active-passive HA,
which HA role must you select on the master FortiAuthenticator?
(Choose one answer)
- A. Active-passive master
- B. Standalone master
- C. Cluster member
- D. Load balancing master
Question #38
Which two statements about the EAP-TTLS authentication method are true? (Choose two answers)
- A. Uses mutual authentication
- B. Uses digital certificates only on the server side
- C. Requires an EAP server certificate
- D. Supports a port access control (wired) solution only
Question #39
Which behaviors exist for certificate revocation lists (CRLs) on FortiAuthenticator? (Choose two answers)
- A. CRLs contain the serial number of the certificate that has been revoked
- B. Revoked certificates are automatically placed on the CRL
- C. CRLs can be exported only through the SCEP server
- D. All local CAs share the same CRLs
Question #40
Which network configuration is required when deploying FortiAuthenticator for portal services? (Choose one answer)
- A. FortiAuthenticator must have the REST API access enabled on port 1
- B. One of the DNS servers must be a FortiGuard DNS server
- C. FortiGate must be set up as the default gateway for FortiAuthenticator
- D. Policies must have specific ports open between FortiAuthenticator and the authentication clients
Which two SAML roles can FortiAuthenticator be configured as? (Choose two answers)