● FCP - FortiAuthenticator 6.5 Administrator Exam Materials
Please note that the exam "FCP - FortiAuthenticator 6.5 Administrator" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
Question #61
Question #62
When a local root CA is created on FortiAuthenticator, the option to export the key and certificate is not available, however the option to export the certificate is.
Why is this the case?
(Choose one answer)
- A. For security reasons, a local root certificate includes OCSP responder information for automatic key retrieval.
- B. A private key is not generated for a local root certificate.
- C. The certificate includes the private key for a local root certificate.
- D. There should never be a need to export the private key.
Question #63
When creating an administrative user, what capabilities does the Web service access option provide? (Choose one answer)
- A. Management of enabled web services on the FortiAuthenticator interface
- B. Provides management access for all portal service configurations
- C. Access to web services using the REST API
- D. Access to the administrative GUI from outside the local subnet
Question #64
When creating administrative accounts, which statement is true about the assignment of permissions? (Choose one answer)
- A. You define account permissions by the type of administrative user you create.
- B. You assign permissions using administrative profiles.
- C. You must clone the existing permission sets of the accounts before you can assign them.
- D. You assign account permissions by applying permission sets to administrative groups.
Question #65
Refer to the exhibit.
Which two statements regarding the configuration are true?
(Choose one answer)
- A. All guest accounts created using the account registration feature will be placed under the Guest_Portal_Users group.
- B. Guest user account will expire after eight hours.
- C. All accounts registered through the guest portal must be validated through email.
- D. Guest users must fill in all the fields on the registration form.
Question #66
An administrator wants to allow guest users to authenticate using their Google account credentials.
Which two things must the administrator configure?
(Choose two answers)
- A. Post-login service for social account access
- B. External OAuth server
- C. Portal policy
- D. Guest template
Question #67
When configuring self-service portals on FortiAuthenticator, which two scenarios are possible? (Choose two answers)
- A. Allow self-registrations only from users in a specific LDAP group.
- B. Have all self-registrations automatically create LDAP user accounts.
- C. Require that self-registering users select group membership from a predefined list of groups.
- D. Require administrative approval of all self-registration accounts.
Question #68
When implementing two-factor authentication using TOTP, how does FortiAuthenticator prevent small differences in the token system clock and the FortiAuthenticator system clock from causing authentication to fail? (Choose one answer)
- A. FortiAuthenticator will automatically synchronize the system clock, if a token code is incorrect.
- B. FortiAuthenticator allows the administrator to update the FortiToken system time.
- C. FortiAuthenticator is configurable to allow +/- a configurable number of steps one time step from current time.
- D. FortiAuthenticator forces the agent to synchronize against a pre-defined NTP server, prior to TOTP generation.
Question #69
Which interface service must you enable for FortiAuthenticator to accept SCEP client connections? (Choose one answer)
- A. OCSP
- B. REST API
- C. HTTP/HTTPS
- D. TFTP
Question #70
Which of the following remote authentication servers can FortiAuthenticator access using a zero-trust tunnel over public networks? (Choose one answer)
- A. RADIUS
- B. LDAP
- C. SAML IdP
- D. TACACS+
Refer to the exhibit.
Which functionality does the Enable NTLM option provide? (Choose one answer)