Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Fortinet FCP > Firewall Authentication > Flashcards

Firewall Authentication Flashcards

1
Q

What are the three firewall auth methods for users?

A

Local password
Server based (ldap, radius, pop3, tacas+)
Two-factor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What auth servers does FG support?

A

POP3, RADIUS, LDAP, TACACS+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Can POP3 servers be configured in GUI?

A

No, CLI only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does DSA Stand for

A

Directory System AGENT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

LDAP port

A

389

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Common Name Identifier?

A

Used to find the username i.e. sAMAccountName or cn for LDAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the Distinguished Name setting for LDAP?

A

Identifies the top of the tree where the users are located, generally the dc value but could be container or ou.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What protocols does secure LDAP use

A

LADPS or STARTTLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Access-Request?

A

The request that FG sends to RADIUS to auth a user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Access-Accept for Radius?

A

User credentials are ok

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Access-Reject for Radius?

A

User credentials are wrong

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Access-Challenge?

A

Radius server for secondary password ID, token, or certificate. (two factor) Not supported by all devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What should you deploy to help keep OTP in sync?

A

A NTP server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is used to generate a OTP?

A

Seed + Time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Can you register a FortiToken to more than on FortiGate?

A

No, only one, you must use FortiAuthenticator if you wish to use the same FortiToken Across multiple FG

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are examples of passive authentication?

A

Forti SSO
RSSO
NTLM

17
Q

What does RSSO stand for?

A

RADIUS Single Sign-on

18
Q

What type of user groups are there?

A

Firewall
Guest
FSSO
RSSO

19
Q

Should you allow DNS to run before your user is authenticated?

A

Yes, as it is usually required to resolve host names prior to authentication being triggered.

20
Q

What protocols can be used to trigger active authentication in a firewall policy

A

HTTPS
HTTP
FTP
Telnet

21
Q

When using active and passive policies together, what is meant to be the primary authentication method?

22
Q

What CLI command enables you to force FortiGate to trigger an auth request?

A

Config user setting
Set auth-on-demand <Always | Implicit>
Implicit lets traffic through if there is a fall through policy
Always triggers auth regardless of their being a fall through policy.

23
Q

What CLI command is used to force auth timeout

A

Config user setting
set auth-timeout-type

[ Idle-time out | Hard-timeout | new-session]

24
Q

Where on the GUI do you monitor users?

A

Dashboard> User & Devices > Firewall Users

Fortinet FCP (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions