Exam NSE7_OTS-6.4 topic 1 question 13 discussion

Actual exam question from Fortinet's NSE7_OTS-6.4

Question #: 13
Topic #: 1

An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.
What should the OT supervisor do to achieve this on FortiGate?

A. Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.
B. Enable two-factor authentication with FSSO.
C. Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.
D. Under config user settings configure set auth-on-demand implicit.

Show Suggested Answer

Suggested Answer: C 🗳️

by bigbug at Sept. 23, 2022, 2:55 p.m.

Comments

Submit Cancel

GCISystemIntegrator

5 months, 3 weeks ago

Selected Answer: D

only with the command in D option permit to have passive and active auth. with FSSO no user prompt regardless order of any firewall policy.

upvoted 1 times

...

azjlmpang

1 year, 1 month ago

Selected Answer: C

C. Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.

upvoted 1 times

...

John1216

1 year, 3 months ago

D. Under config user settings configure set auth-on-demand implicit.

upvoted 1 times

...

ollo79

1 year, 5 months ago

C, auth-on-demand implicit is default

upvoted 2 times

...

ali_red

1 year, 7 months ago

Selected Answer: C

C for sure

upvoted 1 times

...

Spippolo

1 year, 9 months ago

Selected Answer: C

C. When you enable authentication, all the systems will have to authenticated before traffic is placed on egress interface. Alternatively, on the CLI only, you can change the auth-on-demand option to always.

upvoted 1 times

...