Free Fortinet NSE6_FAC-6.4 Exam Actual Questions

The questions for NSE6_FAC-6.4 were last updated On Apr 3, 2025

At ValidExamDumps, we consistently monitor updates to the Fortinet NSE6_FAC-6.4 exam questions by Fortinet. Whenever our team identifies changes in the exam questions,exam objectives, exam focus areas or in exam requirements, We immediately update our exam questions for both PDF and online practice exams. This commitment ensures our customers always have access to the most current and accurate questions. By preparing with these actual questions, our customers can successfully pass the Fortinet NSE 6 - FortiAuthenticator 6.4 exam on their first attempt without needing additional materials or study guides.

Other certification materials providers often include outdated or removed questions by Fortinet in their Fortinet NSE6_FAC-6.4 exam. These outdated questions lead to customers failing their Fortinet NSE 6 - FortiAuthenticator 6.4 exam. In contrast, we ensure our questions bank includes only precise and up-to-date questions, guaranteeing their presence in your actual exam. Our main priority is your success in the Fortinet NSE6_FAC-6.4 exam, not profiting from selling obsolete exam questions in PDF or Online Practice Test.

 

Question No. 1

When you are setting up two FortiAuthenticator devices in active-passive HA, which HA role must you select on the master FortiAuthenticator?

Show Answer Hide Answer
Correct Answer: A

When you are setting up two FortiAuthenticator devices in active-passive HA, you need to select the active-passive master role on the master FortiAuthenticator device. This role means that the device will handle all requests and synchronize data with the slave device until a failover occurs. The slave device must be configured as an active-passive slave role. The other roles are used for different HA modes, such as standalone (no HA), cluster (active-active), or load balancing (active-active with load balancing). Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372411/high-availability


Question No. 2

When configuring syslog SSO, which three actions must you take, in addition to enabling the syslog SSO method? (Choose three.)

Show Answer Hide Answer
Correct Answer: B, C, E

To configure syslog SSO, three actions must be taken, in addition to enabling the syslog SSO method:

Define a syslog source, which is a device that sends syslog messages to FortiAuthenticator containing user logon or logoff information.

Select a syslog rule for message parsing, which is a predefined or custom rule that defines how to extract the user name, IP address, and logon or logoff action from the syslog message.

Set the syslog UDP port on FortiAuthenticator, which is the port number that FortiAuthenticator listens on for incoming syslog messages.


Question No. 3

A system administrator wants to integrate FortiAuthenticator with an existing identity management system with the goal of authenticating and deauthenticating users into FSSO.

What feature does FortiAuthenticator offer for this type of integration?

Show Answer Hide Answer
Correct Answer: C

REST API is a feature that allows FortiAuthenticator to integrate with an existing identity management system with the goal of authenticating and deauthenticating users into FSSO. REST API stands for Representational State Transfer Application Programming Interface, which is a method of exchanging data between different systems using HTTP requests and responses. FortiAuthenticator provides a REST API that can be used by external systems to perform various actions, such as creating, updating, deleting, or querying users and groups, or sending FSSO logon or logoff events.


Question No. 4

Which three of the following can be used as SSO sources? (Choose three)

Show Answer Hide Answer
Correct Answer: A, D, E

FortiAuthenticator supports various SSO sources that can provide user identity information to other devices in the network, such as FortiGate firewalls or FortiAnalyzer log servers. Some of the supported SSO sources are:

FortiClient SSO Mobility Agent: A software agent that runs on Windows devices and sends user login information to FortiAuthenticator.

FortiGate: A firewall device that can send user login information from various sources, such as FSSO agents, captive portals, VPNs, or LDAP servers, to FortiAuthenticator.

RADIUS accounting: A protocol that can send user login information from RADIUS servers or clients, such as wireless access points or VPN concentrators, to FortiAuthenticator.

SSH sessions and FortiAuthenticator in SAML SP role are not valid SSO sources because they do not provide user identity information to other devices in the network. Reference: https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372410/single-sign-on


Question No. 5

Which network configuration is required when deploying FortiAuthenticator for portal services?

Show Answer Hide Answer
Correct Answer: D

When deploying FortiAuthenticator for portal services, such as guest portal, sponsor portal, user portal or FortiToken activation portal, the network configuration must allow specific ports to be open between FortiAuthenticator and the authentication clients. These ports are:

TCP 80 for HTTP access

TCP 443 for HTTPS access

TCP 389 for LDAP access

TCP 636 for LDAPS access

UDP 1812 for RADIUS authentication

UDP 1813 for RADIUS accounting