Which two statements about the EAP-TTLS authentication method are true? (Choose two)

A. Uses mutualauthentication

B. Uses digital certificates only on the server side

C. Requires an EAP server certificate

D. Support a port access control (wired) solution only

What happens when a certificate is revoked? (Choose two)

A. Revoked certificates cannot be reinstated for any reason

B. All certificates signed by a revoked CA certificate are automatically revoked

C. Revoked certificates are automatically added to the CRL

D. External CAs will priodically query Fortiauthenticator and automatically download revoked certificates

Which network configuration is required when deploying FortiAuthenticator for portal services?

A. FortiAuthenticator must have the REST API access enable on port1

B. One of the DNS servers must be a FortiGuard DNS server

C. Fortigate must be setup as default gateway for FortiAuthenticator

D. Policies must have specific ports open between FortiAuthenticator and the authentication clients

Which EAP method is known as the outer authentication method?

A. PEAP

B. EAP-GTC

C. EAP-TLS

D. MSCHAPV2

You are a FortiAuthenticator administrator for a large organization. Users who are configured to use FortiToken 200 for two-factor authentication can no longer authenticate. You have verified that only the users with two-factor authentication are experiencing the issue.

What can couse this issue?

A. On of the FortiAuthenticator devices in the active-active cluster has failed

B. FortiAuthenticator has lose contact with the FortiToken Cloud servers

C. FortiToken 200 licence has expired

D. Time drift between FortiAuthenticator and hardware tokens

How can a SAML metada file be used?

A. To defined a list of trusted user names

B. To import the required IDP configuration

C. To correlate the IDP address to its hostname

D. To resolve the IDP realm for authentication

When you are setting up two FortiAuthenticator devices in active-passive HA, which HA role must you select on the masterFortiAuthenticator?

A. Active-passive master

B. Standalone master

C. Cluster member

D. Load balancing master

Which two are supported captive or guest portal authentication methods? (Choose two)

A. Linkedln

B. Apple ID

C. Instagram

D. Email

Which method is the most secure way of delivering FortiToken data once the token has been seeded?

A. Online activation of the tokens through the FortiGuard network

B. Shipment of the seed files on a CD using a tamper-evident envelope

C. Using the in-house token provisioning tool

D. Automatic token generation using FortiAuthenticator

Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion?

A. Service provider contacts idendity provider, idendity provider validates principal for service provider, service provider establishes communication with principal

B. Principal contacts idendity provider and is redirected to serviceprovider, principal establishes connection with service provider, service provider validates authentication with identify provider

C. Principal contacts service provider, service provider redirects principal to idendity provider, after succesfull authentication identify provider redirects principal to service provider

D. Principal contacts idendity provider and authenticates, identity provider relays principal to service provider after valid authentication