NSE6_FAC-6.4 Free Practice Test

An administrator is integrating FortiAuthenticator with an existing RADIUS server with the intent of eventually replacing the RADIUS server with FortiAuthenticator.
How can FortiAuthenticator help facilitate this process?

1. A. By configuring the RADIUS accounting proxy
2. B. By enabling automatic REST API calls from the RADIUS server
3. C. By enabling learning mode in the RADIUS server configuration
4. D. By importing the RADIUS user records

Correct Answer: C
FortiAuthenticator can help facilitate the process of replacing an existing RADIUS server by enabling learning mode in the RADIUS server configuration. This allows FortiAuthenticator to learn user credentials from the existing RADIUS server and store them locally for future authentication requests2. This way, FortiAuthenticator can gradually take over the role of the RADIUS server without disrupting the user experience.
References: 2 https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/radiu

A device or user identity cannot be established transparently, such as with non-domain BYOD devices, and allow users to create their own credentialis.
In this case, which user idendity discovery method can Fortiauthenticator use?

1. A. Syslog messaging or SAML IDP
2. B. Kerberos-base authentication
3. C. Radius accounting
4. D. Portal authentication

Correct Answer: D
Portal authentication is a user identity discovery method that can be used when a device or user identity cannot be established transparently, such as with non-domain BYOD devices, and allow users to create their own credentials. Portal authentication requires users to enter their credentials on a web page before accessing network resources. The other methods are used for transparent identification of domain devices or users. References:
https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372406/user-identity-discovery
Examine the screenshot shown in the exhibit.

You have implemented two-factor authentication to enhance security to sensitive enterprise systems. How could you bypass the need for two-factor authentication for users accessing form specific secured
networks?

1. A. Create an admin realm in the authentication policy
2. B. Specify the appropriate RADIUS clients in the authentication policy
3. C. Enable Adaptive Authentication in the portal policy
4. D. Enable the Resolve user geolocation from their IP address option in the authentication policy.

Correct Answer: C
Adaptive Authentication is a feature that allows administrators to bypass the need for two-factor authentication for users accessing from specific secured networks. Adaptive Authentication uses geolocation information from IP addresses to determine whether a user is accessing from a trusted network or not. If the user is accessing from a trusted network, FortiAuthenticator can skip the second factor of authentication and grant access based on the first factor only.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/authentication-policies

You are a Wi-Fi provider and host multiple domains.
How do you delegate user accounts, user groups and permissions per domain when they are authenticating on a single FortiAuthenticator device?

1. A. Create realms.
2. B. Create user groups
3. C. Create multiple directory trees on FortiAuthenticator
4. D. Automatically import hosts from each domain as they authenticate.

Correct Answer: A
Realms are a way to delegate user accounts, user groups and permissions per domain when they are authenticating on a single FortiAuthenticator device. A realm is a logical grouping of users and groups based on a common attribute, such as a domain name or an IP address range. Realms allow administrators to apply different authentication policies and settings to different groups of users based on their realm membership.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/user-management#real