Pregunta 1
Pregunta
Fortigate methods of firewall authentication (Select 3)
Respuesta
-
Local password authentication
-
server-based password authentication
-
two-factor authentication
-
LDAP
-
Token
-
TACACS+
Pregunta 2
Pregunta
Remote authentication server (Select 4)
Respuesta
-
POP3
-
RADIUS
-
LDAP
-
TACACS+
-
Token Server
-
FortiAuthenticator
Pregunta 3
Pregunta
POP3 is the only server that requires an email address as the login credential.
Pregunta 4
Pregunta
Tokens use a specific algorithm to generate an OTP. The algorithm consists of:
Respuesta
-
The time: obtained from an accurate internal clock.
A seed: a unique, randomly-generated number that does not change in time.
-
A seed: obtained from an accurate internal clock.
The time : a unique, randomly-generated number that does not change in time.
Pregunta 5
Pregunta
Authentication methods and active authentication types :
Respuesta
-
Active
Passive
-
Local
Remote
Pregunta 6
Pregunta
[blank_start]Active[blank_end] :
User receives a login prompt
Must manually enter credentials to authenticate
POP3, LDAP, RADIUS, Local and TACACS+
[blank_start]Passive[blank_end] :
User does not receive a login prompt
Credentials are determined automatically
-Method varies depending on type of authentication used
FSSO, RSSO, and NTLM
Pregunta 7
Pregunta
Port used for LDAP:
Respuesta
-
TCP Port 389
-
TCP Port 398
-
TCP Port 983
Pregunta 8
Pregunta 9
Pregunta
Testing LDAP query:
Pregunta 10
Pregunta
When FortiGate uses RADIUS server for remote authentication, which statement about RADIUS is true?
Pregunta 11
Pregunta
Which of the following is a valid reply from a RADIUS server to an ACCESS-REQUEST packet from FortiGate?
Respuesta
-
a. ACCESS-PENDING
-
b. ACCESS-REJECT
Pregunta 12
Pregunta
A remote LDAP user is trying to authenticate with a user name and password. How does FortiGate verify the login credentials?
Pregunta 13
Pregunta
Which statement about guest user groups is true?
Pregunta 14
Pregunta
Which statement about active authentication is true?
Respuesta
-
a. Active authentication is always used before passive authentication.
-
b. The firewall policy must allow the HTTP, HTTPS, FTP, and/or Telnet protocols in order for the user to be prompted for credentials.
Pregunta 15
Pregunta
[blank_start]ACCESS—ACCEPT[blank_end], which means that the user credentials are ok
[blank_start]ACCESS—REJECT[blank_end], which means that the credentials are wrong
[blank_start]ACCESS—CHALLENGE[blank_end], which means that the server is requesting a secondary password ID, token, or certificate. This is typically the reply from the server when using two-factor authentication.
Respuesta
-
ACCESS—ACCEPT
-
ACCESS—REJECT
-
ACCESS—CHALLENGE
Pregunta 16
Pregunta
[blank_start]The Common Name identifier[blank_end] setting is the attribute name used to find the user name. Some schemas allow you to use the attribute uid. Active Directory most commonly uses sAMAccountName or cn, but can use others as well.
[blank_start]The Distinguished Name[blank_end] setting identifies the top of the tree where the users are located, which is generally the dc value; however, it can be a specific container or ou. You must use the correct X.500 or LDAP format.
[blank_start]The Bind Type[blank_end] setting depends on the security settings of the LDAP server. The setting Regular (to specify a regular bind) is required if you are searching across multiple domains and require the credentials of a user that is authorized to perform LDAP queries (for example, an LDAP administrator).