Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Fortinet FCSS_SASE_AD-24 - FCSS - FortiSASE 24 Administrator

Page: 1 / 2
Total 44 questions

A FortiSASE administrator is configuring a Secure Private Access (SPA) solution to share endpoint information with a corporate FortiGate.

Which three configuration actions will achieve this solution? (Choose three.)

A.

Add the FortiGate IP address in the secure private access configuration on FortiSASE.

B.

Use the FortiClient EMS cloud connector on the corporate FortiGate to connect to FortiSASE

C.

Register FortiGate and FortiSASE under the same FortiCloud account.

D.

Authorize the corporate FortiGate on FortiSASE as a ZTNA access proxy.

E.

Apply the FortiSASE zero trust network access (ZTNA) license on the corporate FortiGate.

During FortiSASE provisioning, how many security points of presence (POPs) need to be configured by the FortiSASE administrator?

A.

3

B.

4

C.

2

D.

1

Refer to the exhibits.

A FortiSASE administrator is trying to configure FortiSASE as a spoke to a FortiGate hub. The tunnel is up to the FortiGale hub. However, the administrator is not able to ping the webserver hosted behind the FortiGate hub.

Based on the output, what is the reason for the ping failures?

A.

The Secure Private Access (SPA) policy needs to allow PING service.

B.

Quick mode selectors are restricting the subnet.

C.

The BGP route is not received.

D.

Network address translation (NAT) is not enabled on the spoke-to-hub policy.

Which FortiSASE feature ensures least-privileged user access to all applications?

A.

secure web gateway (SWG)

B.

SD-WAN

C.

zero trust network access (ZTNA)

D.

thin branch SASE extension

Refer to the exhibits.

A FortiSASE administrator has configured an antivirus profile in the security profile group and applied it to the internet access policy. Remote users are still able to download the eicar.com-zip file from https://eicar.org. Traffic logs show traffic is allowed by the policy.

Which configuration on FortiSASE is allowing users to perform the download?

A.

Web filter is allowing the traffic.

B.

IPS is disabled in the security profile group.

C.

The HTTPS protocol is not enabled in the antivirus profile.

D.

Force certificate inspection is enabled in the policy.

Which policy type is used to control traffic between the FortiClient endpoint to FortiSASE for secure internet access?

A.

VPN policy

B.

thin edge policy

C.

private access policy

D.

secure web gateway (SWG) policy

A customer wants to upgrade their legacy on-premises proxy to a could-based proxy for a hybrid network. Which FortiSASE features would help the customer to achieve this outcome?

A.

SD-WAN and NGFW

B.

SD-WAN and inline-CASB

C.

zero trust network access (ZTNA) and next generation firewall (NGFW)

D.

secure web gateway (SWG) and inline-CASB

When you configure FortiSASE Secure Private Access (SPA) with SD-WAN integration, you must establish a routing adjacency between FortiSASE and the FortiGate SD-WAN hub. Which routing protocol must you use?

A.

BGP

B.

IS-IS

C.

OSPF

D.

EIGRP

When accessing the FortiSASE portal for the first time, an administrator must select data center locations for which three FortiSASE components? (Choose three.)

A.

Endpoint management

B.

Points of presence

C.

SD-WAN hub

D.

Logging

E.

Authentication

What are two advantages of using zero-trust tags? (Choose two.)

A.

Zero-trust tags can be used to allow or deny access to network resources

B.

Zero-trust tags can determine the security posture of an endpoint.

C.

Zero-trust tags can be used to create multiple endpoint profiles which can be applied to different endpoints

D.

Zero-trust tags can be used to allow secure web gateway (SWG) access