Which interface services must be enabled for the SCEP client to connect to Authenticator?

1. A. OCSP
2. B. REST API
3. C. SSH
4. D. HTTP/HTTPS

Correct Answer: D
HTTP/HTTPS are the interface services that must be enabled for the SCEP client to connect to FortiAuthenticator. SCEP stands for Simple Certificate Enrollment Protocol, which is a method of requesting and issuing digital certificates over HTTP or HTTPS. FortiAuthenticator supports SCEP as a certificate authority (CA) and can process SCEP requests from SCEP clients. To enable SCEP on FortiAuthenticator, the HTTP or HTTPS service must be enabled on the interface that receives the SCEP requests.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/certificate-management

Which two capabilities does FortiAuthenticator offer when acting as a self-signed or local CA? (Choose two)

1. A. Validating other CA CRLs using OSCP
2. B. Importing other CA certificates and CRLs
3. C. Merging local and remote CRLs using SCEP
4. D. Creating, signing, and revoking of X.509 certificates

Correct Answer: BD
FortiAuthenticator can act as a self-signed or local CA that can issue certificates to users, devices, or other CAs. It can also import other CA certificates and CRLs to trust them and validate their certificates. It can also create, sign, and revoke X.509 certificates for various purposes, such as VPN authentication, web server encryption, or wireless security. It cannot validate other CA CRLs using OCSP or merge local and remote CRLs using SCEP because these are protocols that require communication with external CAs. References: https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372408/certificate-management

Which two are supported captive or guest portal authentication methods? (Choose two)

1. A. Linkedln
2. B. Apple ID
3. C. Instagram
4. D. Email

Correct Answer: AD
FortiAuthenticator supports various captive or guest portal authentication methods, including social media login with Linkedln, Facebook, Twitter, Google+, or WeChat; email verification; SMS verification; voucher code; username and password; and MAC address bypass. Apple ID and Instagram are not supported as authentication methods. References:
https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372404/guest-management/37240

At a minimum, which two configurations are required to enable guest portal services on FortiAuthenticator? (Choose two)

1. A. Configuring a portal policy
2. B. Configuring at least on post-login service
3. C. Configuring a RADIUS client
4. D. Configuring an external authentication portal

Correct Answer: AB
enable guest portal services on FortiAuthenticator, you need to configure a portal policy that defines the conditions for presenting the guest portal to users and the authentication methods to use. You also need to configure at least one post-login service that defines what actions to take after a user logs in successfully, such as sending an email confirmation, assigning a VLAN, or creating a user account. Configuring a RADIUS client or an external authentication portal are optional steps that depend on your network setup and requirements. References:
https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372404/guest-management