PRUEBA 25

In the Secure Private Access (SPA) use case, which two FortiSASE features facilitate access to corporate applications? (Choose two.). cloud access security broker (CASB). SD-WAN. zero trust network access (ZTNA). thin edge.

Which two components are part of onboarding a secure web gateway (SWG) endpoint for secure internet access (SIA)? (Choose two.). proxy auto-configuration (PAC) file. FortiSASE certificate authority (CA) certificate. FortiClient software. Tunnel policy.

Which two advantages does FortiSASE bring to businesses with microbranch offices that have FortiAP deployed for unmanaged devices? (Choose two.). It secures internet access both on and off the network. It uses zero trust network access (ZTNA) tags to perform device compliance checks. It eliminates the requirement for an on-premises firewall. It simplifies management and provisioning.

Which information can an administrator monitor using reports generated on FortiSASE?. sanctioned and unsanctioned Software-as-a-Service (SaaS) applications usage. FortiClient vulnerability assessment. SD-WAN performance. FortiSASE administrator and system events.

In a FortiSASE secure web gateway (SWG) deployment, which two features protect against webbased threats? (Choose two.). SSL deep inspection for encrypted web traffic. malware protection with sandboxing capabilities. web application firewall (WAF) for web applications. intrusion prevention system (IPS) for web traffic.

Refer to the exhibits. A FortiSASE administrator has configured an antivirus profile in the security profile group and applied it to the internet access policy. Remote users are still able to download the eicar.com-zip file from https://eicar.org. Which configuration on FortiSASE is allowing users to perform the download?. Web filter is allowing the URL. Deep inspection is not enabled. Application control is exempting all the browser traffic. Intrusion prevention is disabled.

Based on the configuration shown, in which two ways will FortiSASE process sessions that require FortiSandbox inspection? (Choose two.). Only endpoints assigned a profile for sandbox detection will be processed by the sandbox feature. FortiClient quarantines only infected files that FortiSandbox detects as medium level. All files executed on a USB drive will be sent to FortiSandbox for analysis. All files will be sent to a on-premises FortiSandbox for inspection.

An administrator must restrict endpoints from certain countries from connecting to FortiSASE. Which configuration can achieve this?. Configure a network lockdown policy on the endpoint profiles. Configure a geography address object as the source for a deny policy. Configure geofencing to restrict access from the required countries. Configure source IP anchoring to restrict access from the specified countries.

What is the benefit of SD-WAN on-ramp deployment with FortiSASE?. To provide access to private applications using the bookmark portal. To provide device compliance checks using ZTNA tags. To secure internet traffic for branch users. To manage branch location endpoints.

Which two settings are automatically pushed from FortiSASE to FortiClient in a new FortiSASE deployment with default settings? (Choose two.). zero trust network access (ZTNA) tags. tunnel profile. FortiSASE certificate authority (CA) certificate. real-time protection.

Refer to the exhibits. Jumpbox and Windows-AD are endpoints from the same remote location. Jumpbox can access the internet through FortiSASE, while Windows-AD can no longer access the internet. Based on the information in the exhibits, which reason explains the outage on Windows-AD?. Windows-AD is excluded from FortiSASE management. The FortiClient version installed on Windows AD does not match the expected version on FortiSASE. The device posture for Windows-AD has changed. The remote VPN user on Windows-AD no longer matches any VPN policy.

Which description of the FortiSASE inline-CASB component is true?. It has limited visibility when data is transmitted. It detects data in motion. It is placed outside the traffic path. It relies on API to integrate with cloud services.

Which authentication method overrides any other previously configured user authentication on FortiSASE?. Local. RADIUS. SSO. MFA.

What are two advantages of using zero-trust tags? (Choose two.). Zero-trust tags can determine the security posture of an endpoint. Zero-trust tags can be assigned to endpoint profiles based on user groups. Zero-trust tags can be used to allow or deny access to network resources. Zero-trust tags can help monitor endpoint system resource usage.

Which FortiSASE feature ensures least-privileged user access to corporate applications that are protected by an on-premises FortiGate device?. secure web gateway (SWG). zero trust network access (ZTNA). cloud access security broker (CASB). remote browser isolation (RBI).

A company must provide access to a web server through FortiSASE secure private access for contractors. What is the recommended method to provide access?. Configure a TCP access proxy forwarding rule and push it to the contractor FortiClient endpoint. Update the DNS records on the endpoint to access private applications. Publish the web server URL on a bookmark portal and share it with contractors. Update the PAC file with the web server URL and share it with contractor.

Your FortiSASE customer has a small branch office in which ten users will be using their personal laptops and mobile devices to access the internet. Which deployment should they use to secure their internet access with minimal configuration?. Deploy FortiGate as a LAN extension to secure internet access. Deploy FortiAP to secure internet access. Deploy FortiClient endpoint agent to secure internet access. Deploy SD-WAN on-ramp to secure internet access.

For monitoring potentially unwanted applications on endpoints, which information is available on the FortiSASE software installations page?. the vendor of the software. the endpoint the software is installed on. the license status of the software. the usage frequency of the software.

What is the recommended method to upgrade FortiClient in a FortiSASE deployment?. Remote users must upgrade the FortiClient manually. FortiSASE automatically upgrades FortiClient when a new version is released. The FortiSASE administrator must assign endpoint groups to an endpoint upgrade rule. The FortiSASE administrator will upload the desired FortiClient version to the FortiSASE portal and push it to endpoints.

Which FortiSASE component protects users from online threats by hosting their browsing sessions on a remote container within a secure environment?. secure web gateway (SWG). remote browser isolation (RBI). cloud access security broker (CASB). data loss prevention (DLP).

What are two benefits of deploying FortiSASE with FortiGate ZTNA access proxy? (Choose two.). It offers data center redundancy. The on-premises FortiGate performs a device posture check. It is ideal for latency-sensitive applications. It supports both agentless ZTNA and agent-based ZTNA.

In a FortiSASE SD-WAN deployment with dual hubs, what are two benefits of assigning hubs with different priorities? (Choose two.). optimized performance that meets the minimum SLA requirements. load balancing based on session identification. bandwidth allocated traffic shaping. redundancy to seamlessly steer traffic.

Refer to the exhibits Antivirus is installed on a Windows 10 endpoint, but the windows application firewall is stopping it from running. What will the endpoint security posture check be?. FortiClient will tag the endpoint as FortiSASE-Non-Compliant. FortiClient will be unmanaged from FortiSASE due to failed compliance. FortiClient will trigger network lockdown on the endpoint. FortiClient will prompt the user to enable antivirus.

What can be configured on FortiSASE as an additional layer of security for FortiClient registration?. security posture tags. application inventory. user verification. device identification.

Which statement best describes the Digital Experience Monitor (DEM) feature on FortiSASE?. It provides end-to-end network visibility from all the FortiSASE security PoPs to a specific SaaS application. It gathers all the vulnerability information from all the FortiClient endpoints. It is used for performing device compliance checks on endpoints. It monitors the FortiSASE POP health based on ping probes.

In which two ways does FortiSASE help organizations ensure secure access for remote workers? (Choose two.). It secures traffic from endpoints to cloud applications. It uses the FortiCloud organizational units to assign endpoint profiles to remote workers. It uses the identity and access management (IAM) portal to validate the identities of remote workers. It offers zero trust network access (ZTNA) capabilities.

How does FortiSASE hide user information when viewing and analyzing logs?. By tokenization in log data. By masking log data. By compressing log data. By hashing log data.

How do security profile group objects behave when central management is enabled on FortiSASE?. Objects support two-way synchronization. Objects created on FortiSASE can be retrieved on FortiManager. Objects that are only flow-based are supported. Objects are considered read-only on FortiSASE.

A customer wants to upgrade their legacy on-premises proxy to a cloud-based proxy for a hybrid network. Which two FortiSASE features would help the customer achieve this outcome? (Choose two.). secure web gateway (SWG). zero trust network access (ZTNA). sandbox cloud. inline-CASB.

Refer to the exhibits. A FortiSASE administrator has configured FortiSASE as a spoke to a FortiGate hub. The tunnel is up to the FortiGate hub. However, the remote FortiClient is not able to access the web server hosted behind the FortiGate hub. Based on the exhibits, what is the reason for the access failure?. A private access policy has denied the traffic because of failed compliance. The hub is not advertising the required routes. The hub firewall policy does not include the FortiClient address range. The server subnet BGP route was not received on FortiSASE.

Which two purposes is the dedicated IP address used for in a FortiSASE deployment? (Choose two.). For user access control to FortiSASE. For allocation and assignment of unique IP addresses to remote users. For regulatory compliance. For isolation and identification.

How can digital experience monitoring (DEM) on an endpoint assist in diagnosing connectivity and network issues?. FortiSASE runs a ping from the endpoint to calculate the TTL to the SaaS application. FortiSASE runs SNMP traps to the endpoint using the DEM agent to verify the SaaS application health status. FortiSASE runs a netstat from the endpoint to the SaaS application to see if ports are open. FortiSASE runs a trace job on the endpoint using the DEM agent to the Software-as-a-Service (SaaS) application.

While reviewing the traffic logs, the FortiSASE administrator notices that the usernames are showing random characters. Why are the usernames showing random characters?A. Log anonymization is turned on to hash usernames. Special characters are used in usernames. Users are using a shared single sign-on SSO username. FortiSASE uses FortiClient unique identifiers for usernames.

A customer wants to ensure secure access for private applications for their users by replacing their VPN. Which two SASE technologies can you use to accomplish this task? (Choose two.). zero trust network access (ZTNA). secure SD-WAN. secure web gateway (SWG) and cloud access security broker (CASB). SD-WAN on-ramp.

Which service is included in a secure access service edge (SASE) solution, but not in a security service edge (SSE) solution?. ZTNA. SD-WAN. SWG. CASB.

Which two additional features does FortiClient integration provide with FortiSASE, when compared to secure web gateway (SWG) deployment? (Choose two.). vulnerability management. device posture check. inline-CASB protection. SSL inspection.

An organization must block user attempts to log in to non-company resources while using Microsoft Office 365 to prevent users from accessing unapproved cloud resources. Which FortiSASE feature can you implement to meet this requirement?. application control with inline-CASB. data loss prevention (DLP) with Microsoft Purview Information Protection (MPIP). web filter with inline-CASB. DNS filter with domain filter.

A customer needs to implement device posture checks for their remote endpoints while accessing the protected server. They also want the TCP traffic between the remote endpoints and the protected servers to be processed by FortiGate. In this scenario, which two setups will achieve these requirements? (Choose two.). Configure ZTNA servers and ZTNA policies on FortiGate. Configure FortiGate as a zero trust network access (ZTNA) access proxy. Configure ZTNA tags on FortiGate. Configure private access policies on FortiSASE with ZTNA.

An organization must inspect all the endpoint internet traffic on FortiSASE, and exclude Google Maps traffic from the FortiSASE VPN tunnel and redirect it to the endpoint physical interface. Which configuration must you apply to achieve this requirement?. Configure a steering bypass tunnel firewall policy using Google Maps FQDN to exclude and redirect the traffic. Add the Google Maps URL in the zero trust network access (ZTNA) TCP access proxy forwarding rule. Add the Google Maps URL as a steering bypass destination in the endpoint profile. Exempt Google Maps in URL filtering in the web filter profile.

What happens to the logs on FortiSASE that are older than the configured log retention period?. The logs are deleted from FortiSASE. The logs are indexed and can be stored in a SQL database. The logs are backed up on FortiCloud. The logs are compressed and archived.

What is required to enable the MSSP feature on FortiSASE?. Role-based access control (RBAC) must be assigned to identity and access management (IAM) users using the FortiCloud IAM portal. The MSSP add-on license must be applied to FortiSASE. MSSP user accounts and permissions must be configured on the FortiSASE portal. Multi-tenancy must be enabled on the FortiSASE portal.

When accessing the FortiSASE portal for the first time, an administrator must select data center locations for which three FortiSASE components? (Choose three.). Identity & access management (IAM). Points of presence. Endpoint management. Logging. Sandbox.

Which statement applies to a single sign-on (SSO) deployment on FortiSASE?. SSO users can be imported into FortiSASE and added to user groups. SSO is recommended only for agent-based deployments. SSO overrides any other previously configured user authentication. SSO identity providers can be integrated using public and private access types.

How will the application vulnerabilities be patched, based on the exhibits provided?. The vulnerability will be patched automatically based on the endpoint profile configuration. The vulnerability will be patched by installing the patch from the vendor’s website. The end user will patch the vulnerabilities using the FortiClient software. An administrator will patch the vulnerability remotely using FortiSASE.

An endpoint is assigned an IP address of 192.168.13.101/24. Which action will be run on the endpoint?. The endpoint will be exempted from auto-connect to the FortiSASE tunnel. The endpoint will automatically connect to the FortiSASE tunnel. The endpoint will be detected as off-net. The endpoint will be able to bypass the on-net rule because it is connecting from a known subnet.