NSE 4 – FortiGate 6.2 — Question 101

An administrator has configured a dialup IPsec VPN with XAuth.
Which statement best describes what occurs during this scenario?

Answer options

• A. Dialup clients must provide their local ID during phase 2 negotiations.
• B. Only digital certificates will be accepted as an authentication method in phase 1.
• C. Phase 1 negotiations will skip preshared key exchange.
• D. Dialup clients must provide a username and password for authentication.

Correct answer: D

Explanation

The correct answer is D because XAuth requires dialup clients to authenticate using a username and password. Option A is incorrect as local IDs are not needed during phase 2. Option B is wrong because other authentication methods, such as preshared keys, can also be used in phase 1. Option C is false since preshared key exchange is not skipped in phase 1.