NSE 4 – FortiGate 6.4 — Question 1

Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)

Answer options

• A. For a stronger authentication, you can also enable extended authentication (XAuth) to request the remote peer to provide a username and password.
• B. FortiGate supports pre-shared key and signature as authentication methods.
• C. Enabling XAuth results in a faster authentication because fewer packets are exchanged.
• D. A certificate is not required on the remote peer when you set the signature as the authentication method.

Correct answer: A, B

Explanation

Option A is correct because enabling XAuth does request additional credentials from the remote peer, enhancing security. Option B is also correct as FortiGate does support both pre-shared keys and digital signatures for authentication. Options C and D are incorrect because enabling XAuth does not speed up authentication and a certificate is often necessary for certain authentication methods like signatures.