Summer Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Examstrust Logo
examstrust mcafee
  1. Home
  2. Fortinet
  3. Fortinet Certified Solution Specialist
  4. FCSS_SASE_AD-25 - FCSS - FortiSASE 25 Administrator

Fortinet FCSS_SASE_AD-25 FCSS - FortiSASE 25 Administrator Exam Practice Test

Page: 1 / 5
Total 53 questions
Get FCSS_SASE_AD-25 Full Access Download FCSS_SASE_AD-25 PDF

FCSS - FortiSASE 25 Administrator Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$43.75  $124.99
Add to Cart

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$61.25  $174.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$38.5  $109.99
Add to Cart
Question 1

Refer to the exhibits.

Jumpbox and Windows-AD are endpoints from the same remote location. Jumpbox can access the internet through FortiSASE, while Windows-AD can no longer access the internet.

Based on the information in the exhibits, which reason explains the outage on Windows-AD?

Options:

A.

Windows-AD is excluded from FortiSASE management.

B.

The FortiClient version installed on Windows AD does not match the expected version on FortiSASE.

C.

The device posture for Windows-AD has changed.

D.

The remote VPN user on Windows-AD no longer matches any VPN policy.

Question 2

Which two advantages does FortiSASE bring to businesses with microbranch offices that have FortiAP deployed for unmanaged devices? (Choose two.)

Options:

A.

It secures internet access both on and off the network.

B.

It uses zero trust network access (ZTNA) tags to perform device compliance checks.

C.

It eliminates the requirement for an on-premises firewall.

D.

It simplifies management and provisioning.

Question 3

Refer to the exhibits.

How will the application vulnerabilities be patched, based on the exhibits provided?

Options:

A.

The vulnerability will be patched automatically based on the endpoint profile configuration.

B.

The vulnerability will be patched by installing the patch from the vendor’s website.

C.

The end user will patch the vulnerabilities using the FortiClient software.

D.

An administrator will patch the vulnerability remotely using FortiSASE.

Question 4

Which description of the FortiSASE inline-CASB component is true?

Options:

A.

It has limited visibility when data is transmitted.

B.

It detects data in motion.

C.

It is placed outside the traffic path.

D.

It relies on API to integrate with cloud services.

Question 5

A company must provide access to a web server through FortiSASE secure private access for contractors.

What is the recommended method to provide access?

Options:

A.

Configure a TCP access proxy forwarding rule and push it to the contractor FortiClient endpoint.

B.

Update the DNS records on the endpoint to access private applications.

C.

Publish the web server URL on a bookmark portal and share it with contractors.

D.

Update the PAC file with the web server URL and share it with contractors.

Question 6

Refer to the exhibit.

An organization must inspect all the endpoint internet traffic on FortiSASE, and exclude Google Maps traffic from the FortiSASE VPN tunnel and redirect it to the endpoint physical interface.

Which configuration must you apply to achieve this requirement?

Options:

A.

Configure a steering bypass tunnel firewall policy using Google Maps FQDN to exclude and redirect the traffic.

B.

Add the Google Maps URL in the zero trust network access (ZTNA) TCP access proxy forwarding rule.

C.

Add the Google Maps URL as a steering bypass destination in the endpoint profile.

D.

Exempt Google Maps in URL filtering in the web filter profile.

Question 7

Which statement best describes the Digital Experience Monitor (DEM) feature on FortiSASE?

Options:

A.

It provides end-to-end network visibility from all the FortiSASE security PoPs to a specific SaaS application.

B.

It gathers all the vulnerability information from all the FortiClient endpoints.

C.

It is used for performing device compliance checks on endpoints.

D.

It monitors the FortiSASE POP health based on ping probes.

Question 8

Refer to the exhibits.

A FortiSASE administrator has configured an antivirus profile in the security profile group and applied it to the internet access policy. Remote users are still able to download the eicar.com-zip file from

Which configuration on FortiSASE is allowing users to perform the download?

Options:

A.

Web filter is allowing the URL.

B.

Deep inspection is not enabled.

C.

Application control is exempting all the browser traffic.

D.

Intrusion prevention is disabled.

Question 9

When accessing the FortiSASE portal for the first time, an administrator must select data center locations for which three FortiSASE components? (Choose three.)

Options:

A.

Identity & access management (IAM)

B.

Points of presence

C.

Endpoint management

D.

Logging

E.

Sandbox

Question 10

Refer to the exhibit.

The daily report for application usage for internet traffic shows an unusually high number of unknown applications by category.

What are two possible explanations for this? (Choose two.)

Options:

A.

Certificate inspection is not being used to scan application traffic.

B.

Deep inspection is not being used to scan traffic.

C.

The private access policy must be to set to log Security Events.

D.

The inline-CASB application control profile does not have application categories set to Monitor.

Question 11

Refer to the exhibits.

Antivirus is installed on a Windows 10 endpoint, but the windows application firewall is stopping it from running.

What will the endpoint security posture check be?

Options:

A.

FortiClient will tag the endpoint as FortiSASE-Non-Compliant.

B.

FortiClient will be unmanaged from FortiSASE due to failed compliance.

C.

FortiClient will trigger network lockdown on the endpoint.

D.

FortiClient will prompt the user to enable antivirus.

Question 12

Refer to the exhibit.

While reviewing the traffic logs, the FortiSASE administrator notices that the usernames are showing random characters.

Why are the usernames showing random characters?

Options:

A.

Log anonymization is turned on to hash usernames.

B.

Special characters are used in usernames.

C.

Users are using a shared single sign-on SSO username.

D.

FortiSASE uses FortiClient unique identifiers for usernames.

Question 13

Which information can an administrator monitor using reports generated on FortiSASE?

Options:

A.

sanctioned and unsanctioned Software-as-a-Service (SaaS) applications usage

B.

FortiClient vulnerability assessment

C.

SD-WAN performance

D.

FortiSASE administrator and system events

Question 14

How does FortiSASE hide user information when viewing and analyzing logs?

Options:

A.

By tokenization in log data

B.

By masking log data

C.

By compressing log data

D.

By hashing log data

Question 15

Which statement applies to a single sign-on (SSO) deployment on FortiSASE?

Options:

A.

SSO users can be imported into FortiSASE and added to user groups.

B.

SSO is recommended only for agent-based deployments.

C.

SSO overrides any other previously configured user authentication.

D.

SSO identity providers can be integrated using public and private access types.

Load More FCSS_SASE_AD-25 Questions
Page: 1 / 5
Total 53 questions
Get FCSS_SASE_AD-25 Full Access Download FCSS_SASE_AD-25 PDF