The FCP_FAC_AD-6.5 FCP - FortiAuthenticator 6.5 Administrator exam is a specialized elective exam within the FCP in Network Security Certification pathway. The exam has been meticulously designed to evaluate your knowledge and expertise regarding FortiAuthenticator devices. To help candidates succeed, PassQuestion has developed comprehensive FCP - FortiAuthenticator 6.5 Administrator FCP_FAC_AD-6.5 Exam Questions designed to cover all the knowledge points that you will encounter in the actual exam. By utilizing the FCP - FortiAuthenticator 6.5 Administrator FCP_FAC_AD-6.5 Exam Questions from PassQuestion, you will be able to build your confidence and familiarize yourself with the type of questions that are likely to appear on the exam. This effective preparation strategy will also provide you with crucial insights and tips on how to approach the FCP_FAC_AD-6.5 exam.

The FCP in Network Security certification validates your ability to secure networks and applications by deploying, managing, and monitoring Fortinet network security products. This curriculum will cover the day-to-day tasks related to Fortinet network security devices. We recommend this certification for cybersecurity professionals who require the expertise needed to deploy, manage, and analyze Fortinet network security devices. To obtain the FCP in Network Security certification, you must pass the core exam and one elective exam no more than two years apart. The certification will be active for two years from the date of the second exam.

Core Exams    

NSE 4 FortiOS
FCP - FortiGate Administrator 

Elective Exams    

NSE 5 FortiAnalyzer (version 7.0 or older)
NSE 6 FortiAnalyzer Administrator / FCP - FortiAnalyzer Administrator
NSE 6 FortiAuthenticator / FCP - FortiAuthenticator Administrator
NSE 5 FortiClient EMS / FCP - FortiClient EMS Administrator
NSE 5 FortiManager / FCP - FortiManager Administrator
NSE 6 FortiNAC
NSE 6 FortiSwitch
NSE 6 Secure Wireless LAN

FCP - FortiAuthenticator 6.5 Administrator

The FCP—FortiAuthenticator 6.5 Administrator exam evaluates your knowledge of, and expertise with, FortiAuthenticator devices. The exam tests applied knowledge of FortiAuthenticator configuration, operation, and day-to-day administration, and includes the administration of users, PKI certificates, configuration extracts, and troubleshooting captures. The FCP—FortiAuthenticator 6.5 Administrator exam is intended for network and security professionals responsible for the configuration and administration of Identity Access Management and Single Sign-On in an enterprise network security infrastructure.

Exam Details

Exam name: FCP—FortiAuthenticator 6.5 Administrator
Exam series: FCP_FAC_AD-6.5
Time allowed: 60 minutes
Exam questions: 30 multiple-choice questions
Scoring Pass or fail. A score report is available from your Pearson VUE account
Language: English
Product version: FortiAuthenticator 6.5

Exam Topics

Successful candidates have applied knowledge and skills in the following areas and tasks:

FortiAuthenticator management

• Perform deployment configuration on FortiAuthenticator
• Explain and configure administrative accounts and roles
• Configure advanced system settings
• Configure and manage user accounts

Certificate management

• Describe key concepts of PKI and digital certificates
• Use the FortiAuthenticator certificate management service to generate local certificates
• Implement automatic certificate management services

Active authentication (RADIUS, LDAP, 802.1x, Portal Services)

• Implement RADIUS profiles and realms for RADIUS authentication
• Configure and manage supported remote authentication services
• Use FortiAuthenticator portal services to authenticate local and remote users
• Configure tokens and two-factor authentication

Single sign-on

• Use local authentication events for Fortinet Single Sign-On (FSSO)
• Use third-party logon events via RADIUS single sign-on (RSSO), tags, and logs to generate FSSO events
• Implement SAML roles on FortiAuthenticator for the SAML SSO service

View Online FCP - FortiAuthenticator 6.5 Administrator FCP_FAC_AD-6.5 Free Questions

1. A device that is 802.1X non-compliant must be connected to the network. Which authentication method can you use to authenticate the device with FortiAuthenticator?
A. EAP-TTLS
B. EAP-TLS
C. MAC-based authentication
D. Machine-based authentication
Answer: C
 
2. You are the administrator of a large network and you want to track your users by leveraging the FortiClient SSO Mobility Agent. As part of the deployment you want to make sure that a bad actor will not be allowed to authenticate with an unauthorized AD server and appear as a legitimate user when reported by the agent.
Which option can prevent such an attack?
A. Add only the trusted AD servers to a valid servers group.
B. Change the Secret key in the Enable authentication option for the FortiClient Mobility Agent Service.
C. Enable the Enable RADIUS accounting SSO clients method.
D. Enable the Enable NTLM option in the FortiClient Mobility Agent Service.
Answer: D
 
3. What happens when a certificate is revoked? (Choose two.)
A. Revoked certificates cannot be reinstated for any reason
B. External CAs will periodically query FortiAuthenticator and automatically download revoked certificates
C. All certificates signed by a revoked CA certificate are automatically revoked
D. Revoked certificates are automatically added to the CRL
Answer: C, D
 
4. When you are setting up two FortiAuthenticator devices in active-passive HA, which HA role must you select on the primary FortiAuthenticator?
A. Standalone primary
B. Cluster member
C. Active-passive primary
D. Load balancing primary
Answer: B
 
5. FortiAuthenticator has several roles that involve digital certificates. Which role allows FortiAuthenticator to receive the signed certificate signing requests (CSRs) and send certificate revocation lists (CRLs)?
A. Remote LDAP server
B. EAP server
C. SCEP server
D. OCSP server
Answer: C
 
6. Which FSSO discovery method makes use of service tickets to authenticate new users and validate the currently logged on users?
A. FortiClient SSO mobility agent
B. Kerberos-based FSSO
C. RADIUS accounting
D. DC polling
Answer: B
 
7. When revoking a certificate, which reason must be selected if you want the ability to reinstate it at a later time?
A. On Hold
B. Superseded
C. Operation ceased
D. Unspecified
Answer: A
 
8. Which three factors can determine which RADIUS policy is matched during a RADIUS authentication? (Choose three.)
A. Policy ranking
B. RADIUS client
C. Selected realm
D. RADIUS response
e) RADIUS attribute
Answer: A, B, E
 
9. When working with administrator profiles, which permission sets can be customized?
A. All permission sets can be customized.
B. Only the pre-existing permission sets can be customized.
C. Only non-administrator permission sets can be customized.
D. Only user-created or cloned permission sets can be customized.
Answer: D
 
10. You are a network administrator with a large wireless environment. FortiAuthenticator acts as the RADIUS server for your wireless controllers. You want specific wireless controllers to authenticate users against specific realms. How would you satisfy this requirement?
A. Define RADIUS clients
B. Enable Adaptive Authentication
C. Create Access point groups
D. RADUIS policy
Answer: D