Role-Based Authentication Quiz

Questions and Answers

What is the purpose of role-based authentication?

• To assign device access randomly to different users
• To create separate user groups without any access restrictions
• To allow unrestricted access to all devices and servers
• To assign device access based on role and restrict access for business critical devices and servers (correct)

How can role-based authentication be helpful in an O.T network?

• By creating a single user group for all roles
• By not assigning any specific access based on roles
• By providing unrestricted access to all devices for all users
• By assigning different access for different roles to avoid security risks (correct)

What can be scheduled to allow access during a set time window in role-based authentication?

• Admin access
• All user access
• Third-party user access (correct)
• No access can be scheduled

Where can role-based user groups be configured and maintained?

FortiGate, FortiAuthenticator, or any remote authentication server (A)

What do FortiGate and FortiAuthenticator rely on for authentication in server-based authentication?

A remote server (C)

Which protocols can be used for user information in server-based authentication?

POP3, RADIUS, L-DAP, and TACACS+ (B)

What is recommended regarding separate authentication servers for O.T and I.T in server-based authentication?

Using separate authentication servers for O.T and I.T (B)

What is the primary purpose of creating separate user groups for different roles in role-based authentication?

To allow access throughout the network based on roles (B)

Why is it critical to come up with a strategy to assign different access for different roles in an O.T network?

To avoid any security risks (C)

What can be used to restrict access to third-party users in role-based authentication?

Firewall policies (D)

Which type of network requires careful creation of an access list based on roles?

O.T network (A)

What is the purpose of using the firewall policies in role-based authentication?

To restrict access to network devices and servers (B)

What is required to manage local authentication in a larger O.T network with FortiGate devices?

An external authentication server (B)

When using a remote authentication server to authenticate users, who evaluates the user credentials?

The remote authentication server (A)

How can you save FortiGate resources when dealing with a larger user list in a centralized location?

Using remote authentication (B)

What should be done to secure the remote authentication server?

Keep it behind the most restricted firewall (D)

What is an instruction for checking authentication in firewall policies?

Check the source of the firewall policy (B)

What is used as part of Source criteria to match in firewall policies?

Users (A)

What is required to restrict access to the authentication server from select devices?

Define source IP-addresses in a policy (C)

What can FortiAuthenticator be used for in relation to remote servers?

Pull user information from remote servers (A)

What is the purpose of using FortiAuthenticator as a remote server on FortiGate?

Configure and maintain user information (B)

When does FortiGate check firewall policies to determine whether to accept or deny the communication session?

When the firewall receives the initial connection (D)

What can be included in the source definition for a firewall policy to successfully authenticate users?

Local user accounts, remote server users and groups, PKI users, and FSSO users (B)

What is the purpose of using remote authentication with FortiGate?

To create and maintain a larger user list in a centralized location (A)