Firewall Authentication

Description

NSE4 6.0 NSE4 6.0 Quiz on Firewall Authentication, created by Marcos Avila on 16/08/2018.
Marcos Avila
Quiz by Marcos Avila, updated more than 1 year ago
Marcos Avila
Created by Marcos Avila over 6 years ago
86
1

Resource summary

Question 1

Question
Fortigate methods of firewall authentication (Select 3)
Answer
  • Local password authentication
  • server-based password authentication
  • two-factor authentication
  • LDAP
  • Token
  • TACACS+

Question 2

Question
Remote authentication server (Select 4)
Answer
  • POP3
  • RADIUS
  • LDAP
  • TACACS+
  • Token Server
  • FortiAuthenticator

Question 3

Question
POP3 is the only server that requires an email address as the login credential.
Answer
  • True
  • False

Question 4

Question
Tokens use a specific algorithm to generate an OTP. The algorithm consists of:
Answer
  • The time: obtained from an accurate internal clock. A seed: a unique, randomly-generated number that does not change in time.
  • A seed: obtained from an accurate internal clock. The time : a unique, randomly-generated number that does not change in time.

Question 5

Question
Authentication methods and active authentication types :
Answer
  • Active Passive
  • Local Remote

Question 6

Question
[blank_start]Active[blank_end] : User receives a login prompt Must manually enter credentials to authenticate POP3, LDAP, RADIUS, Local and TACACS+ [blank_start]Passive[blank_end] : User does not receive a login prompt Credentials are determined automatically -Method varies depending on type of authentication used FSSO, RSSO, and NTLM
Answer
  • Active
  • Passive

Question 7

Question
Port used for LDAP:
Answer
  • TCP Port 389
  • TCP Port 398
  • TCP Port 983

Question 8

Question
?
Answer
  • Example Directory Tree
  • Example Organizational Domain Tree
  • Example LDAP hierarchy

Question 9

Question
Testing LDAP query:
Answer
  • diagnose test authserver ldap <server> <username> <password>
  • diagnose authserver <serverip> ldap <username> <password>

Question 10

Question
When FortiGate uses RADIUS server for remote authentication, which statement about RADIUS is true?
Answer
  • a. FortiGate must query remote RADIUS server using the distinguished name (dn).
  • b. RADIUS group memberships are provided by vendor specific attributes (VSAs) configured on the RADIUS server.

Question 11

Question
Which of the following is a valid reply from a RADIUS server to an ACCESS-REQUEST packet from FortiGate?
Answer
  • a. ACCESS-PENDING
  • b. ACCESS-REJECT

Question 12

Question
A remote LDAP user is trying to authenticate with a user name and password. How does FortiGate verify the login credentials?
Answer
  • a. FortiGate queries its own database for user credentials.
  • b. FortiGate sends the user entered credentials to the remote server for verification.

Question 13

Question
Which statement about guest user groups is true?
Answer
  • a. Guest user group accounts are temporary.
  • b. Guest user group account passwords are temporary.

Question 14

Question
Which statement about active authentication is true?
Answer
  • a. Active authentication is always used before passive authentication.
  • b. The firewall policy must allow the HTTP, HTTPS, FTP, and/or Telnet protocols in order for the user to be prompted for credentials.

Question 15

Question
[blank_start]ACCESS—ACCEPT[blank_end], which means that the user credentials are ok [blank_start]ACCESS—REJECT[blank_end], which means that the credentials are wrong [blank_start]ACCESS—CHALLENGE[blank_end], which means that the server is requesting a secondary password ID, token, or certificate. This is typically the reply from the server when using two-factor authentication.
Answer
  • ACCESS—ACCEPT
  • ACCESS—REJECT
  • ACCESS—CHALLENGE

Question 16

Question
[blank_start]The Common Name identifier[blank_end] setting is the attribute name used to find the user name. Some schemas allow you to use the attribute uid. Active Directory most commonly uses sAMAccountName or cn, but can use others as well. [blank_start]The Distinguished Name[blank_end] setting identifies the top of the tree where the users are located, which is generally the dc value; however, it can be a specific container or ou. You must use the correct X.500 or LDAP format. [blank_start]The Bind Type[blank_end] setting depends on the security settings of the LDAP server. The setting Regular (to specify a regular bind) is required if you are searching across multiple domains and require the credentials of a user that is authorized to perform LDAP queries (for example, an LDAP administrator).
Answer
  • The Common Name identifier
  • The Distinguished Name
  • The Bind Type
Show full summary Hide full summary

Similar

French Intermediate
PatrickNoonan
Enzymes
daniel.praecox
Study Plan
mlanders
Cells, Tissues and Organs
yusanr98
Main People in Medicine Through Time
Holly Bamford
History- Medicine through time key figures
gemma.bell
Creating Mind Maps with GoConqr
Andrea Leyden
Computer Systems
lisawinkler10
GCSE History – Social Impact of the Nazi State in 1945
Ben C
Lesson Planning: 4 Organisational Tips for Teachers
miminoma
Photosynthesis and Respiration
Jessica Phillips