NSE 7 – OT Security 6.4 — Question 34

An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.
What should the OT supervisor do to achieve this on FortiGate?

Answer options

• A. Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.
• B. Enable two-factor authentication with FSSO.
• C. Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.
• D. Under config user settings configure set auth-on-demand implicit.

Correct answer: C

Explanation

The correct answer is C because configuring a firewall policy with FSSO users at the top ensures that passive authentication is prioritized. Option A incorrectly focuses on LDAP users, while B discusses two-factor authentication, which is not directly relevant to the order of authentication methods. Option D is about a different configuration that does not specifically address the challenge of prioritizing passive over active authentication.