Logo ExamsQA
Exit
Official Bank 0/47

Fortinet NSE 6 - FortiWeb 6.4 (NSE6_FAC) - Fortinet Actual Exam Questions

Last updated on April 25, 2026

97% Exam Compliance
47 Total Questions
1
Question

An administrator has an active directory (AD) server integrated with FortiAuthenticator. They want members of only specific AD groups to participate in FSSO with their corporate FortiGate firewalls. How does the administrator accomplish this goal?

Options
A

Configure a FortiGate filter on FortiAuthenticatoc
B

Configure a domain groupings list to identify the desired AD groups.
C

Configure fine-grained controls on FortiAuthenticator to designate AD groups.
D

Configure SSO groups and assign them to FortiGate groups.
Discussion (0 comments)

to join the discussion

Community Discussion

No discussions yet. Be the first to ask!

2
Question

Which interface services must be enabled for the SCEP client to connect to Authenticator?

Options
A

OCSP
B

REST API
C

SSH
D

HTTP/HTTPS
Discussion (0 comments)

to join the discussion

Community Discussion

No discussions yet. Be the first to ask!

3
Question

Which three of the following can be used as SSO sources? (Choose three)

Select 3
Options
A

FortiClient SSO Mobility Agent
B

SSH Sessions
C

FortiAuthenticator in SAML SP role
D

Fortigate
E

RADIUS accounting
Discussion (0 comments)

to join the discussion

Community Discussion

No discussions yet. Be the first to ask!

4
Question

You are the administrator of a global enterprise with three FortiAuthenticator devices. You would like to deploy them to provide active-passive HA at headquarters, with geographically distributed load balancing. What would the role settings be?

Options
A

One standalone and two load balancers B One standalone primary, one cluster member, and one load balancer
B

Two cluster members and one backup
C

Two cluster members and one load balancer
Discussion (0 comments)

to join the discussion

Community Discussion

No discussions yet. Be the first to ask!

5
Question

A device or user identity cannot be established transparently, such as with non-domain BYOD devices, and allow users to create their own credentialis. In this case, which user idendity discovery method can Fortiauthenticator use?

Options
A

Syslog messaging or SAML IDP
B

Kerberos-base authentication
C

Radius accounting
D

Portal authentication
Discussion (0 comments)

to join the discussion

Community Discussion

No discussions yet. Be the first to ask!

Finish Practice?

Are you sure you want to finish? This will end your practice session.