Exam FCP_FAZ_AD-7.4 topic 1 question 13 discussion

same answer as NSE5, mistake on last comment

same answer as NSE5

Page 80 in the study guide specifically states: The Wildcard feautre allows you to authenticate users from on or more groups. One user on FortiAnalyzer that points to a remote authentication server. - NO LOCAL CREDENTIALS ON FORTIANALYZER. You can allow "MATCH ALL USERS ON REMOTE SERVER" option to allow adminsitrators to log into FortiAnalyzer using their credentials on a remote authentication server. This option is useful for creating wildcard administrators and removed the need for FortiAnalyzer to store local credentials. Thus A - A local wildcard administrator and C - One or more LDAP servers should be the correct answers.

True that this questionis tricky, but here we have to think about configuring setting for a local wilcard administrator account. Whe you create a local wildcard administrator, after typing tje user name field, you have to choose the admin type (local, radius, ldap, tacas+, pki, group, sso). if you choose local then you enter credentials and this is a local admin account, but if you one of the any remaining option, then you can select a remote server or remote serger group. The anwsers are B and C

I believe it's A and C Because the local wildcard administrator is not the administrator user itself, this wildcard calls to the remote LDAP users

Correct B and C

The question is difficult to interpret, from my point of view if we respect the order of creating what is requested, first we would have to register the server and then the group. The key word is in the question when it says: a single group. I think "Wildcard" should be ruled out because it is not talking about "multiple remote admin". Correct B and C

This question is tricky. In order to understand it you have to focus on the wording. "non-local" implies to not storing credentials locally on the FAZ. There is no specific interpretation in the study guide on none-local administrators however we can assume that a local wildcard admin would not fufill the non local portion of the question. Therefore B & C is correct.

A & C are correct. To ensure non-local administrators can login to a fortinet device, you need: 1. One or more remote LDAP servers configured. 2. Configure local wildcard administrator account by enabling the "Match all users on remote server"

B & C are correct, most likely

B & C are correct, page 80 of the FortiAnalyzer 7.4 Admin Study Guide. The answer cannot be "A" because that is a "local wildcard administrator account" and the question is how to configure to allow "non-local administrators" to authenticate.

To allow non-local administrators to authenticate on FortiAnalyzer using any account in an LDAP group, you need to configure two key settings: One or more remote LDAP servers (C): You need to configure LDAP servers so that FortiAnalyzer can authenticate non-local users through LDAP. This allows LDAP users to log in without having to create local accounts on FortiAnalyzer. A local wildcard administrator account (A): The wildcard administrator account allows any user authenticated through the LDAP server to log in as an administrator without creating individual admin accounts. Enabling the "Match all users on remote server" option simplifies authentication.

C and D, Page 106 of the Study Guide