Summer Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

Certensure Logo
  1. Home
  2. Fortinet
  3. Fortinet Certified Solution Specialist
  4. FCSS_SASE_AD-25 - FCSS - FortiSASE 25 Administrator

Fortinet FCSS_SASE_AD-25 FCSS - FortiSASE 25 Administrator Exam Practice Test

Demo: 15 questions
Total 53 questions
Get FCSS_SASE_AD-25 Full Access Download FCSS_SASE_AD-25 PDF

FCSS - FortiSASE 25 Administrator Questions and Answers

Question 1

What are two advantages of using zero-trust tags? (Choose two.)

Options:

A.

Zero-trust tags can determine the security posture of an endpoint.

B.

Zero-trust tags can be assigned to endpoint profiles based on user groups.

C.

Zero-trust tags can be used to allow or deny access to network resources.

D.

Zero-trust tags can help monitor endpoint system resource usage.

Question 2

An administrator must restrict endpoints from certain countries from connecting to FortiSASE.

Which configuration can achieve this?

Options:

A.

Configure a network lockdown policy on the endpoint profiles.

B.

Configure a geography address object as the source for a deny policy.

C.

Configure geofencing to restrict access from the required countries.

D.

Configure source IP anchoring to restrict access from the specified countries.

Question 3

What is required to enable the MSSP feature on FortiSASE?

Options:

A.

Role-based access control (RBAC) must be assigned to identity and access management (IAM) users using the FortiCloud IAM portal.

B.

The MSSP add-on license must be applied to FortiSASE.

C.

MSSP user accounts and permissions must be configured on the FortiSASE portal.

D.

Multi-tenancy must be enabled on the FortiSASE portal.

Question 4

Refer to the exhibits.

Antivirus is installed on a Windows 10 endpoint, but the windows application firewall is stopping it from running.

What will the endpoint security posture check be?

Options:

A.

FortiClient will tag the endpoint as FortiSASE-Non-Compliant.

B.

FortiClient will be unmanaged from FortiSASE due to failed compliance.

C.

FortiClient will trigger network lockdown on the endpoint.

D.

FortiClient will prompt the user to enable antivirus.

Question 5

What happens to the logs on FortiSASE that are older than the configured log retention period?

Options:

A.

The logs are deleted from FortiSASE.

B.

The logs are indexed and can be stored in a SQL database.

C.

The logs are backed up on FortiCloud.

D.

The logs are compressed and archived.

Question 6

For monitoring potentially unwanted applications on endpoints, which information is available on the FortiSASE software installations page?

Options:

A.

the vendor of the software

B.

the endpoint the software is installed on

C.

the license status of the software

D.

the usage frequency of the software

Question 7

Refer to the exhibits.

A FortiSASE administrator has configured FortiSASE as a spoke to a FortiGate hub. The tunnel is up to the FortiGate hub. However, the remote FortiClient is not able to access the web server hosted behind the FortiGate hub.

Based on the exhibits, what is the reason for the access failure?

Options:

A.

A private access policy has denied the traffic because of failed compliance

B.

The hub is not advertising the required routes.

C.

The hub firewall policy does not include the FortiClient address range.

D.

The server subnet BGP route was not received on FortiSASE.

Question 8

In a FortiSASE SD-WAN deployment with dual hubs, what are two benefits of assigning hubs with different priorities? (Choose two.)

Options:

A.

optimized performance that meets the minimum SLA requirements

B.

load balancing based on session identification

C.

bandwidth allocated traffic shaping

D.

redundancy to seamlessly steer traffic

Question 9

Refer to the exhibit.

A customer needs to implement device posture checks for their remote endpoints while accessing the protected server. They also want the TCP traffic between the remote endpoints and the protected servers to be processed by FortiGate.

In this scenario, which two setups will achieve these requirements? (Choose two.)

Options:

A.

Configure ZTNA servers and ZTNA policies on FortiGate.

B.

Configure FortiGate as a zero trust network access (ZTNA) access proxy.

C.

Configure ZTNA tags on FortiGate.

D.

Configure private access policies on FortiSASE with ZTNA.

Question 10

Which description of the FortiSASE inline-CASB component is true?

Options:

A.

It has limited visibility when data is transmitted.

B.

It detects data in motion.

C.

It is placed outside the traffic path.

D.

It relies on API to integrate with cloud services.

Question 11

Refer to the exhibit.

The daily report for application usage for internet traffic shows an unusually high number of unknown applications by category.

What are two possible explanations for this? (Choose two.)

Options:

A.

Certificate inspection is not being used to scan application traffic.

B.

Deep inspection is not being used to scan traffic.

C.

The private access policy must be to set to log Security Events.

D.

The inline-CASB application control profile does not have application categories set to Monitor.

Question 12

What is the benefit of SD-WAN on-ramp deployment with FortiSASE?

Options:

A.

To provide access to private applications using the bookmark portal

B.

To provide device compliance checks using ZTNA tags

C.

To secure internet traffic for branch users

D.

To manage branch location endpoints

Question 13

Refer to the exhibit.

An organization must inspect all the endpoint internet traffic on FortiSASE, and exclude Google Maps traffic from the FortiSASE VPN tunnel and redirect it to the endpoint physical interface.

Which configuration must you apply to achieve this requirement?

Options:

A.

Configure a steering bypass tunnel firewall policy using Google Maps FQDN to exclude and redirect the traffic.

B.

Add the Google Maps URL in the zero trust network access (ZTNA) TCP access proxy forwarding rule.

C.

Add the Google Maps URL as a steering bypass destination in the endpoint profile.

D.

Exempt Google Maps in URL filtering in the web filter profile.

Question 14

In a FortiSASE secure web gateway (SWG) deployment, which two features protect against web-based threats? (Choose two.)

Options:

A.

SSL deep inspection for encrypted web traffic

B.

malware protection with sandboxing capabilities

C.

web application firewall (WAF) for web applications

D.

intrusion prevention system (IPS) for web traffic

Question 15

What are two benefits of deploying secure private access with SD-WAN? (Choose two.)

Options:

A.

a direct access proxy tunnel from FortiClient to the on-premises FortiGate

B.

ZTNA posture check performed by the hub FortiGate

C.

support of both TCP and UDP applications

D.

inline security inspection by FortiSASE

Load More FCSS_SASE_AD-25 Questions
Demo: 15 questions
Total 53 questions
Get FCSS_SASE_AD-25 Full Access Download FCSS_SASE_AD-25 PDF