QUESTION: 9

An administrator wants to keep local CA cryptographic keys stored in a central location.

Which FortiAuthenticator feature would provide this functionality?

SCEP support
REST API
Network HSM
SFTP server

Answer(s): C

Explanation:

Network HSM is a feature that allows FortiAuthenticator to keep local CA cryptographic keys stored in a central location. HSM stands for Hardware Security Module, which is a physical device that provides secure storage and generation of cryptographic keys. Network HSM allows FortiAuthenticator to use an external HSM device to store and manage the private keys of its local CAs, instead of storing them locally on the FortiAuthenticator device.

Reference:

https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration- guide/906179/certificate-management#network-hsm

Reveal Solution Next Question

QUESTION: 10

Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion?

Service provider contacts idendity provider, idendity provider validates principal for service provider, service provider establishes communication with principal
Principal contacts idendity provider and is redirected to service provider, principal establishes connection with service provider, service provider validates authentication with identify provider
Principal contacts service provider, service provider redirects principal to idendity provider, after succesfull authentication identify provider redirects principal to service provider
Principal contacts idendity provider and authenticates, identity provider relays principal to service provider after valid authentication

Answer(s): C

Explanation:

SP-initiated SSO SAML packet flow for a host without a SAML assertion is as follows:

Principal contacts service provider, requesting access to a protected resource.

Service provider redirects principal to identity provider, sending a SAML authentication request.

Principal authenticates with identity provider using their credentials.

After successful authentication, identity provider redirects principal back to service provider, sending a SAML response with a SAML assertion containing the principal's attributes.

Service provider validates the SAML response and assertion, and grants access to the principal.

Reference:

https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration- guide/906179/saml-service-provider#sp-initiated-sso

Reveal Solution Next Question

QUESTION: 11

Which two types of digital certificates can you create in Fortiauthenticator? (Choose two)

User certificate
Organization validation certificate
Third-party root certificate
Local service certificate

Answer(s): A,D

Explanation:

FortiAuthenticator can create two types of digital certificates: user certificates and local service certificates. User certificates are issued to users or devices for authentication purposes, such as VPN, wireless, or web access. Local service certificates are issued to FortiAuthenticator itself for securing its own services, such as HTTPS, RADIUS, or LDAP.

Reference:

https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration- guide/906179/certificate-management#certificate-types

Reveal Solution Next Question

QUESTION: 12

Which EAP method is known as the outer authentication method?

PEAP
EAP-GTC
EAP-TLS
MSCHAPV2

Answer(s): A

Explanation:

PEAP is known as the outer authentication method because it establishes a secure tunnel between the client and the server using TLS. The inner authentication method, such as EAP-GTC, EAP-TLS, or MSCHAPV2, is then used to authenticate the client within the tunnel.

Reference:

https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration- guide/906179/wireless-802-1x-authentication#peap

Reveal Solution Next Question

Free NSE6_FAC-6.4 Exam Braindumps (page: 4)

QUESTION: 9

Explanation:

Reference:

QUESTION: 10

Explanation:

Reference:

QUESTION: 11

Explanation:

Reference:

QUESTION: 12

Explanation:

Reference:

NSE6_FAC-6.4 Exam Discussions & Posts