NSE 4 – FortiGate 7.0 — Question 58

Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)

Answer options

• A. A certificate is not required on the remote peer when you set the signature as the authentication method.
• B. Enabling XAuth results in a faster authentication because fewer packets are exchanged.
• C. FortiGate supports pre-shared key and signature as authentication methods.
• D. For a stronger authentication, you can also enable extended authentication (XAuth) to request the remote peer to provide a username and password.

Correct answer: C, D

Explanation

The correct answer is C and D because FortiGate indeed supports both pre-shared keys and signatures for authentication, and enabling XAuth provides an additional layer of security by requiring a username and password. Option A is incorrect since a certificate can be necessary depending on the configuration, and option B is misleading as XAuth typically introduces more overhead rather than speeding up authentication.