PRUEBA 23-24

Which statement describes the FortiGuard forensics analysis feature on FortiSASE?. It is a 24x7x365 monitoring service of your FortiSASE environment. It can monitor endpoint resources in real-time. It can help troubleshoot user-to-application performance issues. It can help customers identify and mitigate potential risks to their network.

Which of the following describes the FortiSASE inline-CASB component?. It uses API to connect to the cloud applications. It detects data at rest. It provides visibility for unmanaged locations and devices. It is placed directly in the traffic path between the endpoint and cloud applications.

Which two statements describe a zero trust network access (ZTNA) private access use case? (Choose two.). All FortiSASE user-based deployments are supported. Data center redundancy is offered. All TCP-based applications are supported. The security posture of the device is secure.

Which event log subtype captures FortiSASE SSL VPN user creation?. VPN vents. Administrator Events. User Events. Endpoint Events.

Which two components are part of onboarding a secure web gateway (SWG) endpoint? (Choose two.). Proxy auto-configuration (PAC) file. FortiSASE SSL VPN gateway URL. FortiSASE CA certificate. FortiSASE invitation code.

During FortiSASE provisioning, how many security points of presence (POPs) need to be configured by the FortiSASE administrator?. one. two. three. four.

When viewing the daily summary report generated by FortiSASE, the administrator notices that the report contains very little data. What is a possible explanation for this almost empty report?. The web filter security profile is not set to Monitor. Log allowed traffic is set to Security Events for all policies. There are no security profile group applied to all policies. Digital experience monitoring is not configured.

You are designing a new network for Company X and one of the new cybersecurity policy requirements is that all remote users working from home must always be connected and protected. Which FortiSASE component facilitates this always-on security measure?. Thin-branch SASE extension. Cloud access security broker. Unified FortiClient. Secure web gateway.

Which two advantages does FortiSASE bring to businesses with multiple branch offices? (Choose two.). It offers customizable dashboard views for each branch location. It offers a local data center installation for the FortiSASE controller. It offers centralized management for simplified administration. It eliminates the need to have an on-premises firewall for each branch.

A FortiSASE administrator is configuring a Secure Private Access (SPA) solution to share endpoint information with a corporate FortiGate. Which three configuration actions will achieve this solution? (Choose three.). Authorize the corporate FortiGate on FortiSASE as a ZTNA access proxy. Use the FortiClient EMS cloud connector on the corporate FortiGate to connect to FortiSASE. Apply the FortiSASE zero trust network access (ZTNA) license on the corporate FortiGate. Add the FortiGate IP address in the secure private access configuration on FortiSASE. Register FortiGate and FortiSASE under the same FortiCloud account.

When deploying FortiSASE agent-based clients, which three features are available compared to an agentless solution? (Choose three.). Web filter. ZTNA tags. Anti-ransomware protection. Vulnerability scan. SSL inspection.

When remote users connected to FortiSASE require access to internal resources on Branch-2, how will traffic be routed?. FortiSASE will use the SD-WAN capability and determine that traffic will be directed to HUB-2, which will then route traffic to Branch-2. FortiSASE will use the AD VPN protocol and determine that traffic will be directed to Branch-2 directly, using a static route. FortiSASE will use the SD-WAN capability and determine that traffic will be directed to HUB-1, which will then route traffic to Branch-2. FortiSASE will use the AD VPN protocol and determine that traffic will be directed to Branch-2 directly, using a dynamic route.

To allow access, which web filter configuration must you change on FortiSASE?. FortiGuard category-based filter. content filter. URL Filter. inline cloud access security broker (CASB) headers.

Win10-Pro and Win7-Pro are endpoints from the same remote location. Win10-Pro can access the internet though FortiSASE, while Win7-Pro can no longer access the internet. Given the exhibits, which reason explains the outage on Win7-Pro?. The Win7-Pro device posture has changed. Win7-Pro cannot reach the FortiSASE SSL VPN gateway. The Win7-Pro FortiClient version does not match the FortiSASE endpoint requirement. Win-7 Pro has exceeded the total vulnerability detected threshold.

A FortiSASE administrator is trying to configure FortiSASE as a spoke to a FortiGate hub. The tunnel is up to the FortiGate hub. However, the administrator is not able to ping the Webserver hosted behind the FortiGate hub. Based on the output, what is the reason for the ping failures?. The Secure Private Access (SPA) policy needs to allow PING service. Quick mode selectors are restricting the subnet. The BGP route is not received. Network address translation (NAT) is not enabled on the spoke-to-hub policy.

An organization wants to block all video and audio application traffic but grant access to videos from CNN. Which application override action must you configure in the Application Control with Inline-CASB?. Allow. Pass. Permit. Exempt.

An organization needs to resolve internal hostnames using its internal rather than public DNS servers for remotely connected endpoints. Which two components must be configured on FortiSASE to achieve this? (Choose two.). SSL deep inspection. Split DNS rules. Split tunneling destinations. DNS filter.

In the user connection monitor, the FortiSASE administrator notices the user name is showing random characters. Which configuration change must the administrator make to get proper user information?. Turn off log anonymization on FortiSASE. Add more endpoint licenses on FortiSASE. Configure the username using FortiSASE naming convention. Change the deployment type from SWG to VPN.

When you configure FortiSASE Secure Private Access (SPA) with SD-WAN integration, you must establish a routing adjacency between FortiSASE and the FortiGate SD-WAN hub. Which routing protocol must you use?. BGP. IS-IS. OSPF. EIGRP.

Which secure internet access (SIA) use case minimizes individual workstation or device setup, because you do not need to install FortiClient on endpoints or configure explicit web proxy settings on web browser-based endpoints?. SIA for inline-CASB users. SIA for agentless remote users. SIA for SSLVPN remote users. SIA for site-based remote users.

Which two deployment methods are used to connect a FortiExtender as a FortiSASE LAN extension? (Choose two.). Connect FortiExtender to FortiSASE using FortiZTP. Enable Control and Provisioning Wireless Access Points (CAPWAP) access on the FortiSASE portal. Enter the FortiSASE domain name in the FortiExtender GUI as a static discovery server. Configure an IPsec tunnel on FortiSASE to connect to FortiExtender.

Which policy type is used to control traffic between the FortiClient endpoint to FortiSASE for secure internet access?. VPN policy. thin edge policy. private access policy. secure web gateway (SWG) policy.

Which two additional components does FortiSASE use for application control to act as an inline-CASB? (Choose two.). intrusion prevention system (IPS). SSL deep inspection. DNS filter. Web filter with inline-CASB.

To complete their day-to-day operations, remote users require access to a TCP-based application that is hosted on a private web server. Which FortiSASE deployment use case provides the most efficient and secure method for meeting the remote users' requirements?. SD-WAN private access. inline-CASB. zero trust network access (ZTNA) private access. next generation firewall (NGFW).

When deploying FortiSASE agentless secure web gateway (SWG) clients, which three features can you use to scan client traffic? (Choose three.). Antiransomware protection. Intrusion prevention system (IPS). Inline-CASB HTTP header insertion. DNS filter. SSL inspection.

Which two additional components does FortiSASE use for application control to act as an inline-CASB? (Choose two.). Intrusion prevention system (IPS). Data leak prevention engine. SSL deep inspection. Web filter with inline-CASB.

Users are unable to access https://login.live.com. To allow access, which web filter configuration must you change on FortiSASE?. FortiGuard category-based filter. content filter. URL filter. inline-CASB headers.