FCP – FortiGate Administrator 7.6 — Question 57

You have configured the FortiGate device for FSSO. A user is successful in log-in to windows, but their access to the internet is denied.
What should the administrator check first?

Answer options

• A. Whether the user is assigned to the correct AD group.
• B. The FortiGate firewall policy settings for SSL decryption.
• C. The FortiGate FSSO active users list for user’s IP address.
• D. The windows event viewer for failed login attempts.

Correct answer: C

Explanation

The correct answer is C because checking the FortiGate FSSO active users list allows the administrator to confirm if the user is recognized by the FortiGate device and associated with the correct IP address. If the user is not listed, it indicates that FSSO is not functioning correctly for that user. Options A, B, and D are less relevant as they do not directly address the FSSO configuration and user recognition on the FortiGate device.