PRUEBA 23,24,25

Which information does FortiSASE use to bring network lockdown into effect on an endpoint?. Zero-day malware detection on endpoint. The number of critical vulnerabilities detected on the endpoint. The security posture of the endpoint based on ZTNA tags. The connection status of the tunnel to FortiSASE.

Which two settings are automatically pushed from FortiSASE to FortiClient in a new FortiSASE deployment with default settings? (Choose two.). zero trust network access (ZTNA) tags. tunnel profile. FortiSASE certificate authority (CA) certificate. real-time protection.

Which secure internet access (SIA) use case minimizes individual endpoint configuration?. Agentless remote user internet access. Site-based remote user internet access. SIA using ZTNA. SIA for FortiClient agent remote users.

What are two benefits of deploying secure private access with SD-WAN? (Choose two.). a direct access proxy tunnel from FortiClient to the on-premises FortiGate. ZTNA posture check performed by the hub FortiGate. support of both TCP and UDP applications. inline security inspection by FortiSASE.

Which two of the following can release the network lockdown on the endpoint applied by FortiSASE? (Choose two.). When the endpoint connects to the FortiSASE tunnel. When the endpoint is determined as on-net. When the endpoint is rebooted. When the endpoint is determined as compliant using ZTNA tags.

Your organization is currently using FortiSASE for its cybersecurity. They have recently hired a contractor who will work from the HQ office and who needs temporary internet access in order to set up a web-based point of sale (POS) system. What is the recommended way to provide internet access to the contractor?. Use zero trust network access (ZTNA) and tag the client as an unmanaged endpoint. Use the self-registration portal on FortiSASE to grant internet access. Use a tunnel policy with a contractors user group as the source on FortiSASE to provide internet access. Use a proxy auto-configuration (PAC) file and provide secure web gateway (SWG) service as an explicit web proxy.

In a FortiSASE secure web gateway (SWG) deployment, which three features protect against web-based threats? (Choose three.). Malware protection with sandboxing capabilities. SSL deep inspection for encrypted web traffic. Web application firewall (WAF) for web applications. Intrusion prevention system (IPS) for web traffic. Data loss prevention (DLP) for web traffic.

Refer to the exhibit. The daily report for application usage shows an unusually high number of unknown applications by category. What are two possible explanations for this? (Choose two.). Certificate inspection is not being used to scan application traffic. The inline-CASB application control profile does not have application categories set to Monitor. FortiSASE was not able to establish sessions to the SaaS applications. Deep inspection is not being used to scan traffic.

Which two are required to enable central management on FortiSASE? (Choose two.). FortiSASE connector configured on FortiManager. FortiSASE central management entitlement applied to FortiManager. The FortiManager IP address in the FortiSASE central management configuration. FortiManager and FortiSASE registered under the same FortiCloud account.

A FortiSASE administrator is trying to configure FortiSASE as a spoke to a FortiGate hub. The VPN tunnel does not establish. Which configuration needs to be modified to bring the tunnel up?. FortiSASE spoke devices do not support mode config. The network overlay ID must match on FortiSASE and the hub. The BGP router ID must match on the hub and FortiSASE. Auto-discovery-sender must be disabled on IPsec phase1 settings.