Firewall policies dictate whether a user or device can (or cannot) authenticate to a network. Which statements are true regarding firewall authentication? (Choose two.) In order to authenticate a specific user, the firewall policy must include both the IP address and the user as the source. Firewall policies can be configured to authenticate certificate users. Users are forced to actively authenticate when the following protocols are disabled in the firewall policy: HTTP, HTTPS, FTP, Telnet. The order of the firewall policies alw: credentials are determined actively o LDAP and RADIUS are both remote authentication servers that FortiGate can tie into for authentication. What is a key difference between these servers? ‘Only LDAP can have a secure connection with FortiGate using a server certificate. Only LDAP can be configured to authenticate groups as defined on the LDAP server. Only LDAP provides authentication, authorization, and accounting (AAA) services. Only RADIUS requires a distinguished) gl rusk lo eecue uy Lore) Tes 4Which statements are true of public key infrastracture (PKI) users on FortiGate? (Choose two.) FortiGate must include the CA certificate that issued the PKI peer user certificate. © PKI users can belong to firewall user groups. PKI users must authenticate with both a certificate and a password. O The first PKI user must be added tgC PPA At nn auemer tc Authentication and Certificates” in the eee aed ed What best describes the authentication idle time-out feature on FortiGate? © The length of time FortiGate waits for the user to enter their authentication credentials © The length of time an authenticated user is allowed to send and receive traffic before they are timed out The length of time an authenticated user is allowed to remain authenticated without any packets being generated by the host device The length of time an authenticated YO yee eg ui traffic without a new session being cir WU ae eae host device ealA remote user is trying to authenticate with a user name and password. How does FortiGate verify the login credentials? © FortiGate queries its own database for user credentials. © FortiGate queries the remote server for user credentials. © FortiGate sends the user entered credentials to the remote server for verification. FortiGate re-generates the algori credentials and compares it agairy sipemmed rae cask) remote server. aie oa Correct Which ways can FortiGate deliver one-time passwords (OTPs) to two-factor authentication users in your network? (Choose three.) @ Hardware FortiToken 1D Web portal @ sms © USB FortiToken Please review the slide "Two-Factor . , rere ar ees & FortiToken Mobile Passwords" in the Firewall ear ar aesWhich statements are true regarding captive portal? (Choose three.) © Only passive authentication methods can use captive portal. © Captive portal is enabled at the interface level. ® Captive portal can exempt specific devices from authenticating. 1 Captive portal must be hosted on a FortiGate device. Captive portal users can be prese! and authentication prompt. Ce eo eer Ee eel ee Which are valid replies from a RADIUS server to an ACCESS-REQUEST packet from FortiGate? (Choose two.) @ ACCESS-CHALLENGE C1 ACCESS-RESTRICT 0 ACCESS-PENDING @ ACCESS-REJECT Please review the slide “RADIUS eC ec eeWhich statements are true regarding active authentication? (Choose two.) & Active authentication prompts the user for login credentials. 5 Active authentication is always used before passive authentication. The firewall policy must allow the HTTP, HTTPS, FTP, and/or Telnet protocols. Enabling authentication on a pol It RA Re eed authentication. Cee ee aoa ee Ca acted! Which firewall authentication methods does FortiGate support? (Choose three.) @ Local password authentication (© Out-of-band authentication @ Server-based password authentication @ Two-factor authentication © Biometric authentication Please refer to the slide "FortiGate Dee ager a) ete reer rl eu?