01. A device that is 802.1X non-compliant must be connected to the network. Which authentication method can you use to authenticate the device with FortiAuthenticator?
a) EAP-TTLS
b) EAP-TLS
c) MAC-based authentication
d) Machine-based authentication
02. You are the administrator of a large network and you want to track your users by leveraging the FortiClient SSO Mobility Agent. As part of the deployment you want to make sure that a bad actor will not be allowed to authenticate with an unauthorized AD server and appear as a legitimate user when reported by the agent.
Which option can prevent such an attack?
a) Add only the trusted AD servers to a valid servers group.
b) Change the Secret key in the Enable authentication option for the FortiClient Mobility Agent Service.
c) Enable the Enable RADIUS accounting SSO clients method.
d) Enable the Enable NTLM option in the FortiClient Mobility Agent Service.
03. What happens when a certificate is revoked?
(Choose two.)
a) Revoked certificates cannot be reinstated for any reason
b) External CAs will periodically query FortiAuthenticator and automatically download revoked certificates
c) All certificates signed by a revoked CA certificate are automatically revoked
d) Revoked certificates are automatically added to the CRL
04. When you are setting up two FortiAuthenticator devices in active-passive HA, which HA role must you select on the primary FortiAuthenticator?
a) Standalone primary
b) Cluster member
c) Active-passive primary
d) Load balancing primary
05. FortiAuthenticator has several roles that involve digital certificates. Which role allows FortiAuthenticator to receive the signed certificate signing requests (CSRs) and send certificate revocation lists (CRLs)?
a) Remote LDAP server
b) EAP server
c) SCEP server
d) OCSP server
06. Which FSSO discovery method makes use of service tickets to authenticate new users and validate the currently logged on users?
a) FortiClient SSO mobility agent
b) Kerberos-based FSSO
c) RADIUS accounting
d) DC polling
07. When revoking a certificate, which reason must be selected if you want the ability to reinstate it at a later time?
a) On Hold
b) Superseded
c) Operation ceased
d) Unspecified
08. Which three factors can determine which RADIUS policy is matched during a RADIUS authentication?
(Choose three.)
a) Policy ranking
b) RADIUS client
c) Selected realm
d) RADIUS response
e) RADIUS attribute
09. When working with administrator profiles, which permission sets can be customized?
a) All permission sets can be customized.
b) Only the pre-existing permission sets can be customized.
c) Only non-administrator permission sets can be customized.
d) Only user-created or cloned permission sets can be customized.
10. You are a network administrator with a large wireless environment. FortiAuthenticator acts as the RADIUS server for your wireless controllers. You want specific wireless controllers to authenticate users against specific realms. How would you satisfy this requirement?
a) Define RADIUS clients
b) Enable Adaptive Authentication
c) Create Access point groups
d) RADUIS policy