Refer to the exhibits. Exhibit A. Exhibit B. The exhibit contains a network interface configuration, firewall policies, and a CLI console configuration. How will FortiGate handle user authentication for traffic that arrives on the LAN interface?
A.
If there is a fall-through policy in place, users will not be prompted for authentication.
B.
Authentication is enforced at a policy level; all users will be prompted for authentication.
C.
All users will be prompted for authentication, users from the Sales group can authenticate successfully with the correct credentials.
D.
All users will be prompted for authentication, users from the HR group can authenticate successfully with the correct credentials.
Interface LAN(Pport3)is configured to authenticate and only allow HR to access, so the correct answer is D. " All users will be prompted for authentication, users from the HR group can authenticate successfully with the correct credentials"
i think the firewall policy and the cli user setting are not relevant for the question, its about the authentication at port level so only HR will be allowed --> answer D
After that no one will get access because the firewall policy without authentication will never hit.
D is correct.
from page 246 in Fortigate Security 7.0 Study Guide.
Captive portal authendtication at interface level and is bypassing for specific policy with "set captive-portal-exempt enable" by CLI on policy edit mode.
ok this clearly needs clarification, correct answer is D, captive portal security enabled means all HTTP requests coming to the interface will return to the auth portal until successfully authenticated, therefore it will not even get to a policy lookup if the user didn't authenticate.
D states that HR users can authenticate and are allowed, which is true, they can authenticate and the 2nd rule (in order of precedence) allows traffic for all local_subnet hosts.
auth-on-demand is set to always which means the 2nd firewall policy is no longer relevant. HR people will be to authenticate (captive portal) but have no access because there is no HR-group in the firewall policy. Answer-D still correct i guess
Interface LAN(Pport3)is configured to authenticate and only allow HR to access
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
h0p3l3ss
Highly Voted 10 months, 2 weeks agom_farhoud
Most Recent 3 months, 3 weeks agohamidreza0010
5 months agoJoggel
6 months agocreed3737
6 months, 1 week agoDID123
6 months, 3 weeks agogiulianorco
7 months, 1 week agoPabloSL
7 months, 1 week agom_farhoud
5 months agoborghetti79
7 months, 2 weeks agoDylon
5 months agoMoustache_Boy
8 months, 1 week agolregu82
9 months, 3 weeks ago