NSE4 Question #295: Real Exam Question with Answer & Explanation

The correct answer is D: RSSO. Remote Single Sign-On (RSSO) cannot be used with active authentication types because it is a passive method that learns user identities without requiring direct user interaction at the FortiGate.

Submitted by fernanda_arg· Apr 18, 2026Firewall and Authentication

Question

What protocol cannot be used with the active authentication type?

Options

ALocal
BRADIUS
CLDAP
DRSSO

Explanation

Remote Single Sign-On (RSSO) cannot be used with active authentication types because it is a passive method that learns user identities without requiring direct user interaction at the FortiGate.

Common mistakes.

A. Local user authentication is an active authentication type where users provide credentials directly to the FortiGate.
B. RADIUS is a standard protocol used for active authentication, where the FortiGate forwards user credentials to a RADIUS server for verification.
C. LDAP is commonly used for active authentication, allowing the FortiGate to query an LDAP server (like Active Directory) to validate user credentials.

Concept tested. FortiGate active vs. passive authentication types

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/683109/authentication-methods

Topics

#Authentication methods#Active authentication#Passive authentication#FortiGate RSSO

Community Discussion

No community discussion yet for this question.

Full NSE4 Practice Browse All NSE4 Questions