At a minimum, which two configurations are required to enable guest portal services on FortiAuthenticator? (Choose two)
A. Configuring a portal policy
B. Configuring at least on post-login service
C. Configuring a RADIUS client
D. Configuring an external authentication portal
Which two statements about the EAP-TTLS authentication method are true? (Choose two)
A. Uses mutualauthentication
B. Uses digital certificates only on the server side
C. Requires an EAP server certificate
D. Support a port access control (wired) solution only
Which FSSO discovery method transparently detects logged off users without having to rely on external features such as WMI polling?
A. Windows AD polling
B. FortiClient SSO Mobility Agent
C. Radius Accounting
D. DC Polling
You want to monitor FortiAuthenticator system information and receive FortiAuthenticator traps through SNMP.
Which two configurations must be performed after enabling SNMP access on the FortiAuthenticator interface? (Choose two)
A. Enable logging services
B. Set the tresholds to trigger SNMP traps
C. Upload management information base (MIB) files to SNMP server
D. Associate an ASN, 1 mapping rule to the receiving host
How can a SAML metada file be used?
A. To defined a list of trusted user names
B. To import the required IDP configuration
C. To correlate the IDP address to its hostname
D. To resolve the IDP realm for authentication
Which interface services must be enabled for the SCEP client to connect to Authenticator?
A. OCSP
B. REST API
C. SSH
D. HTTP/HTTPS
Which method is the most secure way of delivering FortiToken data once the token has been seeded?
A. Online activation of the tokens through the FortiGuard network
B. Shipment of the seed files on a CD using a tamper-evident envelope
C. Using the in-house token provisioning tool
D. Automatic token generation using FortiAuthenticator
Which option correctly describes an SP-initiated SSO SAML packet flow for a host without a SAML assertion?
A. Service provider contacts idendity provider, idendity provider validates principal for service provider, service provider establishes communication with principal
B. Principal contacts idendity provider and is redirected to serviceprovider, principal establishes connection with service provider, service provider validates authentication with identify provider
C. Principal contacts service provider, service provider redirects principal to idendity provider, after succesfull authentication identify provider redirects principal to service provider
D. Principal contacts idendity provider and authenticates, identity provider relays principal to service provider after valid authentication
Refer to the exhibit.
Examine the screenshot shown in the exhibit.

Which two statements regarding the configuration are true? (Choose two)
A. All guest accounts created using the account registration feature will be placed under the Guest_Portal_Users group
B. All accounts registered through the guest portal must be validated through email
C. Guest users must fill in all the fields on the registration form
D. Guest user account will expire after eight hours
You are a Wi-Fi provider and host multiple domains. How do you delegate user accounts, user groups and permissions per domain when theyare authenticating on a single FortiAuthenticator device?
A. Automatically import hosts from each domain as they authenticate
B. Create multiple directory trees on FortiAuthenticator
C. Create realms
D. Create user groups