Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Fortinet FCSS_SASE_AD-25 - FCSS - FortiSASE 25 Administrator

Fortinet FCSS_SASE_AD-25 Premium Access     Download Demo    
Page: 1 / 2
Total 53 questions

Which FortiSASE feature ensures least-privileged user access to corporate applications that are protected by an on-premises FortiGate device?

A.

secure web gateway (SWG)

B.

zero trust network access (ZTNA)

C.

cloud access security broker (CASB)

D.

remote browser isolation (RBI)

How can digital experience monitoring (DEM) on an endpoint assist in diagnosing connectivity and network issues?

A.

FortiSASE runs a ping from the endpoint to calculate the TTL to the SaaS application.

B.

FortiSASE runs SNMP traps to the endpoint using the DEM agent to verify the SaaS application health status.

C.

FortiSASE runs a netstat from the endpoint to the SaaS application to see if ports are open.

D.

FortiSASE runs a trace job on the endpoint using the DEM agent to the Software-as-a-Service (SaaS) application.

Refer to the exhibits.

Jumpbox and Windows-AD are endpoints from the same remote location. Jumpbox can access the internet through FortiSASE, while Windows-AD can no longer access the internet.

Based on the information in the exhibits, which reason explains the outage on Windows-AD?

A.

Windows-AD is excluded from FortiSASE management.

B.

The FortiClient version installed on Windows AD does not match the expected version on FortiSASE.

C.

The device posture for Windows-AD has changed.

D.

The remote VPN user on Windows-AD no longer matches any VPN policy.

Refer to the exhibits.

A FortiSASE administrator has configured an antivirus profile in the security profile group and applied it to the internet access policy. Remote users are still able to download the eicar.com-zip file from https://eicar.org.

Which configuration on FortiSASE is allowing users to perform the download?

A.

Web filter is allowing the URL.

B.

Deep inspection is not enabled.

C.

Application control is exempting all the browser traffic.

D.

Intrusion prevention is disabled.

A customer wants to ensure secure access for private applications for their users by replacing their VPN.

Which two SASE technologies can you use to accomplish this task? (Choose two.)

A.

zero trust network access (ZTNA)

B.

secure SD-WAN

C.

secure web gateway (SWG) and cloud access security broker (CASB)

D.

SD-WAN on-ramp

Which two settings are automatically pushed from FortiSASE to FortiClient in a new FortiSASE deployment with default settings? (Choose two.)

A.

zero trust network access (ZTNA) tags

B.

tunnel profile

C.

FortiSASE certificate authority (CA) certificate

D.

real-time protection

Refer to the exhibit.

The daily report for application usage for internet traffic shows an unusually high number of unknown applications by category.

What are two possible explanations for this? (Choose two.)

A.

Certificate inspection is not being used to scan application traffic.

B.

Deep inspection is not being used to scan traffic.

C.

The private access policy must be to set to log Security Events.

D.

The inline-CASB application control profile does not have application categories set to Monitor.

What are two advantages of using zero-trust tags? (Choose two.)

A.

Zero-trust tags can determine the security posture of an endpoint.

B.

Zero-trust tags can be assigned to endpoint profiles based on user groups.

C.

Zero-trust tags can be used to allow or deny access to network resources.

D.

Zero-trust tags can help monitor endpoint system resource usage.

What are two benefits of deploying FortiSASE with FortiGate ZTNA access proxy? (Choose two.)

A.

It offers data center redundancy.

B.

The on-premises FortiGate performs a device posture check.

C.

It is ideal for latency-sensitive applications.

D.

It supports both agentless ZTNA and agent-based ZTNA.

Your FortiSASE customer has a small branch office in which ten users will be using their personal laptops and mobile devices to access the internet.

Which deployment should they use to secure their internet access with minimal configuration?

A.

Deploy FortiGate as a LAN extension to secure internet access.

B.

Deploy FortiAP to secure internet access.

C.

Deploy FortiClient endpoint agent to secure internet access.

D.

Deploy SD-WAN on-ramp to secure internet access.