Question 1 - Fortinet FCP_FAC_AD-6.5 Real Exam Questions [Jan 2026 Update]

Q: 1

Which two capabilities does FortiAuthenticator offer when acting as a self-signed or local CA? (Choose two.)

Options

Correct Answer:

C, D

Explanation

When FortiAuthenticator is configured to act as a self-signed or local Certificate Authority (CA), its primary function is to manage a Public Key Infrastructure (PKI). This fundamentally involves the entire lifecycle management of digital certificates, which includes creating certificate signing requests (CSRs), signing them to issue X.509 certificates, and revoking them when they are no longer valid.

To operate within a broader trusted environment, FortiAuthenticator must also be able to recognize and trust other CAs. This is achieved by importing the certificates of other trusted CAs and their corresponding Certificate Revocation Lists (CRLs), which allows it to validate certificate chains and the status of certificates issued by those external authorities.

Why Incorrect

A. OCSP (Online Certificate Status Protocol) is a method for checking a certificate's revocation status, serving as an alternative to CRLs, not a tool for validating another CA's CRL.

B. SCEP (Simple Certificate Enrollment Protocol) is used for automating certificate enrollment and renewal processes, not for merging or managing local and remote CRLs.

References

1. FortiAuthenticator 6.4 Administration Guide

Page 138

Section: "Certificate Management > Local CAs > Certificate authorities". This section states

"As a CA

FortiAuthenticator can sign certificate signing requests (CSRs) from other devices

and manage the Certificate Revocation List (CRL)." This directly supports the capability of creating

signing

and revoking certificates (Option D).

2. FortiAuthenticator 6.4 Administration Guide

Page 151

Section: "Certificate Management > Remote CAs > Trusted CAs". The documentation states

"You can import remote CA certificates to FortiAuthenticator. These are certificates of CAs that you trust." This supports the capability to import other CA certificates (part of Option C).

3. FortiAuthenticator 6.4 Administration Guide

Page 152

Section: "Certificate Management > Remote CAs > Certificate revocation lists". This section details the process: "You can import a certificate revocation list (CRL) from a remote CA." This supports the capability to import CRLs (part of Option C).

4. FortiAuthenticator 6.4 Administration Guide

Page 153

Section: "Certificate Management > SCEP". This section describes SCEP's function for certificate enrollment

confirming it is not used for CRL management

which invalidates Option B.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE