NSE 8 – Network Security Expert (811) — Question 28

A customer wants to use a central RADIUS server for management authentication when connecting to the FortiGate GUI and to provide different levels of access for different types of employees.
Which three actions are required to provide the requested functionality? (Choose three.)

Answer options

• A. Create a wildcard administrator on the FortiGate.
• B. Enable radius-vdom-override in the CLI.
• C. Create multiple administrator profiles with matching RADIUS VSAs.
• D. Enable accprofile-override in the CLI.
• E. Set the RADIUS authentication type to MS-CHAPv2.

Correct answer: A, C, D

Explanation

Creating a wildcard administrator allows for flexible access management, while developing multiple administrator profiles with corresponding RADIUS VSAs enables tailored access for different employee types. Activating accprofile-override in the CLI permits overriding of access profiles based on RADIUS attributes, which is essential for differentiated access levels. The other options do not directly address the requirement for varied access based on employee roles.