NSE 4 – FortiGate 6.0 — Question 76

An administrator has configured a dialup IPsec VPN with XAuth. Which statement best describes what occurs during this scenario?

Answer options

• A. Phase 1 negotiations will skip preshared key exchange.
• B. Only digital certificates will be accepted as an authentication method in phase 1.C
• C. Dialup clients must provide a username and password for authentication.
• D. Dialup clients must provide their local ID during phase 2 negotiations.

Correct answer: C

Explanation

The correct answer is C because XAuth requires dialup clients to authenticate using a username and password. Option A is incorrect as preshared keys are still part of the process, and option B is wrong since XAuth allows for multiple authentication methods, not just digital certificates. Option D is also incorrect because local IDs are typically not needed during phase 2 negotiations.