Fortinet fcss sase ad 25 practice test

Refer to the exhibits.



Jumpbox and Windows-AD are endpoints from the same remote location. Jumpbox can access the
internet through FortiSASE, while Windows-AD can no longer access the internet.
Based on the information in the exhibits, which reason explains the outage on Windows-AD?

• A. Windows-AD is excluded from FortiSASE management.
• B. The FortiClient version installed on Windows AD does not match the expected version on FortiSASE.
• C. The device posture for Windows-AD has changed.
• D. The remote VPN user on Windows-AD no longer matches any VPN policy.

Which description of the FortiSASE inline-CASB component is true?

• A. It has limited visibility when data is transmitted.
• B. It detects data in motion.
• C. It is placed outside the traffic path.
• D. It relies on API to integrate with cloud services.

Which authentication method overrides any other previously configured user authentication on
FortiSASE?

• A. MFA
• B. Local
• C. RADIUS
• D. SSO

What are two advantages of using zero-trust tags? (Choose two.)

• A. Zero-trust tags can determine the security posture of an endpoint.
• B. Zero-trust tags can be assigned to endpoint profiles based on user groups.
• C. Zero-trust tags can be used to allow or deny access to network resources.
• D. Zero-trust tags can help monitor endpoint system resource usage.

Which FortiSASE feature ensures least-privileged user access to corporate applications that are
protected by an on-premises FortiGate device?

• A. secure web gateway (SWG)
• B. zero trust network access (ZTNA)
• C. cloud access security broker (CASB)
• D. remote browser isolation (RBI)

A company must provide access to a web server through FortiSASE secure private access for
contractors.
What is the recommended method to provide access?

• A. Configure a TCP access proxy forwarding rule and push it to the contractor FortiClient endpoint.
• B. Update the DNS records on the endpoint to access private applications.
• C. Publish the web server URL on a bookmark portal and share it with contractors.
• D. Update the PAC file with the web server URL and share it with contractors.

Your FortiSASE customer has a small branch office in which ten users will be using their personal
laptops and mobile devices to access the internet.
Which deployment should they use to secure their internet access with minimal configuration?

• A. Deploy FortiGate as a LAN extension to secure internet access.
• B. Deploy FortiAP to secure internet access.
• C. Deploy FortiClient endpoint agent to secure internet access.
• D. Deploy SD-WAN on-ramp to secure internet access.

Which information does FortiSASE use to bring network lockdown into effect on an endpoint?

• A. Zero-day malware detection on endpoint
• B. The number of critical vulnerabilities detected on the endpoint
• C. The security posture of the endpoint based on ZTNA tags
• D. The connection status of the tunnel to FortiSASE

For monitoring potentially unwanted applications on endpoints, which information is available on
the FortiSASE software installations page?

• A. the vendor of the software
• B. the endpoint the software is installed on
• C. the license status of the software
• D. the usage frequency of the software

What is the recommended method to upgrade FortiClient in a FortiSASE deployment?

• A. Remote users must upgrade the FortiClient manually.
• B. FortiSASE automatically upgrades FortiClient when a new version is released.
• C. The FortiSASE administrator must assign endpoint groups to an endpoint upgrade rule.
• D. The FortiSASE administrator will upload the desired FortiClient version to the FortiSASE portal and push it to endpoints.