Free FCP_FAC_AD-6.5 Questions for Fortinet FCP_FAC_AD-6.5 Exam [May-2026]
Validate your FCP_FAC_AD-6.5 Exam Preparation with FCP_FAC_AD-6.5 Practice Test (Online & Offline)
Fortinet FCP_FAC_AD-6.5 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
| Topic 10 |
|
| Topic 11 |
|
NEW QUESTION # 39
Which network configuration is required when deploying FortiAuthenticator for portal services?
- A. FortiAuthenticator must have the REST API access enabled on port 1
- B. One of the DNS servers must be a FortiGuard DNS server
- C. FortiGate must be set up as the default gateway for FortiAuthenticator
- D. Policies must have specific ports open between FortiAuthenticator and the authentication clients
Answer: D
NEW QUESTION # 40
Which of the following is a benefit of using role-based access control (RBAC) in FortiAuthenticator?
- A. It eliminates the need for authentication
- B. It assigns the same permissions to all users
- C. It provides granular control over user access based on their roles
- D. It automatically generates strong passwords for users
Answer: C
NEW QUESTION # 41
What is the advantage of using FortiToken for two-factor authentication?
- A. It's a physical token made of solid gold
- B. It can generate unlimited tokens for free
- C. It doesn't require user interaction for authentication
- D. It can be easily integrated with any third-party authentication service
Answer: C
NEW QUESTION # 42
What is the primary benefit of single sign-on (SSO) in a network environment?
- A. Faster internet speeds
- B. Allowing users to access multiple resources with a single authentication
- C. Minimizing the need for strong passwords
- D. Reducing the number of users
Answer: B
NEW QUESTION # 43
What is the purpose of using local authentication events for Fortinet Single Sign-On (FSSO)?
- A. To provide access only to local resources
- B. To track user logon events within FortiAuthenticator
- C. To sync user accounts with third-party services
- D. To eliminate the need for authentication altogether
Answer: B
NEW QUESTION # 44
An administrator wants users and devices that cannot be identified transparently, such as Android BYOD devices, to be able to register and create their own credentials.
In this case, which FortiAuthenticator user identity discovery method can the administrator use?
- A. Syslog messaging or SAML IdP
- B. Portal authentication
- C. SSOMA
- D. Kerberos-based authentication
Answer: B
Explanation:
Portal authentication allows unidentified users or devices, such as Android BYOD devices, to self-register and create credentials through a captive or guest portal on FortiAuthenticator.
NEW QUESTION # 45
What is the benefit of integrating FortiAuthenticator with Active Directory for single sign-on?
- A. It prevents any user logon events from being recorded
- B. It centralizes user management and reduces password fatigue
- C. It requires users to use different credentials for different resources
- D. It allows users to authenticate using only their email addresses
Answer: B
NEW QUESTION # 46
How can a SAML metada file be used?
- A. To resolve the IDP realm for authentication
- B. To defined a list of trusted user names
- C. To correlate the IDP address to its hostname
- D. To import the required IDP configuration
Answer: D
NEW QUESTION # 47
Which interface services must be enabled for the SCEP client to connect to Authenticator?
- A. OCSP
- B. REST API
- C. SSH
- D. HTTP/HTTPS
Answer: D
NEW QUESTION # 48
An administrator is integrating FortiAuthenticator with an existing RADIUS server with the intent of eventually replacing the RADIUS server with FortiAuthenticator.
How can FortiAuthenticator help facilitate this process?
- A. By enabling learning mode in the RADIUS server configuration
- B. By configuring the RADIUS accounting proxy
- C. By importing the RADIUS user records
- D. By enabling automatic REST API calls from the RADIUS server
Answer: A
NEW QUESTION # 49
Which component of a digital certificate contains information about the certificate holder's identity?
- A. Subject field
- B. Private key
- C. Certificate Authority's signature
- D. Public key
Answer: A
NEW QUESTION # 50
What can third-party logon events be used for in Fortinet Single Sign-On (FSSO)?
- A. Creating virtual networks
- B. Generating weather forecasts
- C. Automatically updating software
- D. Tracking user logon events from other systems
Answer: D
NEW QUESTION # 51
A device that is 802.1X non-compliant must be connected to the network.
Which authentication method can you use to authenticate the device with FortiAuthenticator?
- A. MAC-based authentication
- B. Machine-based authentication
- C. EAP-TTLS
- D. EAP-TLS
Answer: A
NEW QUESTION # 52
Which of the following authentication methods is NOT typically used for single sign-on (SSO)?
- A. Smart card authentication
- B. Captcha authentication
- C. Biometric authentication
- D. Username and password
Answer: B
NEW QUESTION # 53
Which two methods are supported captive or guest portal authentication methods? (Choose two.)
- A. Email
- B. Microsoft Live
- C. WhatsApp
- D. LinkedIn
Answer: A,B
Explanation:
FortiAuthenticator captive or guest portals support authentication via email verification and third-party identity providers like Microsoft Live for user validation and access control.
NEW QUESTION # 54
Which statement about the guest portal policies is true?
- A. Guest portal policies can be used only for BYODs
- B. Guest portal policies apply only to authentication requests coming from unknown RADIUS clients
- C. All conditions in the policy must match before a user is presented with the guest portal
- D. Conditions in the policy apply only to guest wireless users
Answer: C
NEW QUESTION # 55
You are an administrator for a large enterprise and you want to delegate the creation and management of guest users to a group of sponsors.
How would you associate the guest accounts with individual sponsors?
- A. As an administrator, you can assign guest groups to individual sponsors.
- B. Select the sponsor on the guest portal, during registration.
- C. You can automatically add guest accounts to groups associated with specific sponsors.
- D. Guest accounts are associated with the sponsor that creates the guest account.
Answer: D
NEW QUESTION # 56
Refer to the exhibit.
Which functionality does theEnable NTLMoption provide?
- A. It prevents users from authenticating to an unauthorized AD server.
- B. It allows FortiAuthenticator to message end users using the FortiClient for SSO.
- C. It forces FortiClient users to use two-factor authentication when using FortiClient for SSO.
- D. It enables tracking and recording all authentications performed through FortiClient.
Answer: A
Explanation:
Enabling NTLM authentication in this FortiAuthenticator SSO configuration ensures that user authentication requests are validated against the specified domain, preventing users from authenticating to an unauthorized Active Directory server.
NEW QUESTION # 57
Examine the screenshot shown in the exhibit.
Which two statements regarding the configuration are true? (Choose two.)
- A. Guest users must fill in all the fields on the registration form.
- B. All accounts registered through the guest portal must be validated through email.
- C. All guest accounts created using the account registration feature will be placed under the Guest_Portal_Users group.
- D. Guest user account will expire after eight hours.
Answer: B,C
NEW QUESTION # 58
Why would you configure an OCSP responder URL in an end-entity certificate?
- A. To designate the SCEP server to use for CRL updates for that certificate
- B. To identify the end point that a certificate has been assigned to
- C. To designate a server for certificate status checking
- D. To provide the CRL location for the certificate
Answer: C
Explanation:
Configuring an OCSP responder URL in an end-entity certificate designates the server that will be queried to check the real-time revocation status of the certificate.
NEW QUESTION # 59
In FortiAuthenticator, what is the purpose of a captive portal?
- A. To encrypt all network traffic for security
- B. To capture and authenticate user credentials before granting access to the network
- C. To manage hardware resources in the network
- D. To restrict user access to specific websites
Answer: B
NEW QUESTION # 60
An administrator has just learned that an intermediate CA certificate signed by a FortiAuthenticator device acting as the Root CA has been compromised.
Which two steps should the administrator take to resolve the security issue? (Choose two.)
- A. Update the OCSP responder URLs for the certificate.
- B. Create a new intermediate certificate with the same private key.
- C. Revoke the Intermediate certificate so it is added to the CRL of the Root CA.
- D. Revoke all end-system and end-user certificates that this compromised intermediate CA has signed.
Answer: C,D
Explanation:
Revoking the compromised intermediate CA certificate adds it to the Root CA's CRL, preventing its further use.
All end-entity certificates issued by the compromised intermediate must be revoked, as their trust is no longer valid.
NEW QUESTION # 61
Which three of the following can be used as SSO sources? (Choose three)
- A. FortiAuthenticator in SAML SP role
- B. Fortigate
- C. SSH Sessions
- D. FortiClient SSO Mobility Agent
- E. RADIUS accounting
Answer: B,D,E
NEW QUESTION # 62
......
Check Real Fortinet FCP_FAC_AD-6.5 Exam Question for Free (2026): https://www.pass4surecert.com/Fortinet/FCP_FAC_AD-6.5-practice-exam-dumps.html
Get all the Information About Fortinet FCP_FAC_AD-6.5 Exam 2026 Practice Test Questions: https://drive.google.com/open?id=1Bpl7UxdcaRRUbhJFh-2pNDLpbXXIq7gE