Fortinet FCSS_SASE_AD-23 - FCSS - FortiSASE 23 Administrator Exam
Page: 2 / 11
Total 54 questions
Question #6 (Topic: Exam A)
Refer to the exhibit.
A company has a requirement to inspect all the endpoint internet traffic on FortiSASE, and exclude Google Maps traffic from the FortiSASE VPN tunnel and redirect it to the endpoint physical interface.
Which configuration must you apply to achieve this requirement?
A company has a requirement to inspect all the endpoint internet traffic on FortiSASE, and exclude Google Maps traffic from the FortiSASE VPN tunnel and redirect it to the endpoint physical interface.
Which configuration must you apply to achieve this requirement?
A. Exempt the Google Maps FQDN from the endpoint system proxy settings.
B. Configure a static route with the Google Maps FQDN on the endpoint to redirect traffic
C. Configure the Google Maps FQDN as a split tunneling destination on the FortiSASE endpoint profile.
D. Change the default DNS server configuration on FortiSASE to use the endpoint system DNS.
Answer: C
Question #7 (Topic: Exam A)
Refer to the exhibit.
To allow access, which web filter configuration must you change on FortiSASE?
To allow access, which web filter configuration must you change on FortiSASE?
A. FortiGuard category-based filter
B. content filter
C. URL Filter
D. inline cloud access security broker (CASB) headers
Answer: B
Question #8 (Topic: Exam A)
Refer to the exhibits.
Win10-Pro and Win7-Pro are endpoints from the same remote location. Win10-Pro can access the internet though FortiSASE, while Win7-Pro can no longer access the internet.
Given the exhibits, which reason explains the outage on Win7-Pro?
Win10-Pro and Win7-Pro are endpoints from the same remote location. Win10-Pro can access the internet though FortiSASE, while Win7-Pro can no longer access the internet.
Given the exhibits, which reason explains the outage on Win7-Pro?
A. The Win7-Pro device posture has changed.
B. Win7-Pro cannot reach the FortiSASE SSL VPN gateway
C. The Win7-Pro FortiClient version does not match the FortiSASE endpoint requirement.
D. Win-7 Pro has exceeded the total vulnerability detected threshold.
Answer: A
Question #9 (Topic: Exam A)
Refer to the exhibits.
A FortiSASE administrator is trying to configure FortiSASE as a spoke to a FortiGate hub. The tunnel is up to the FortiGate hub. However, the administrator is not able to ping the Webserver hosted behind the FortiGate hub.
Based on the output, what is the reason for the ping failures?
A FortiSASE administrator is trying to configure FortiSASE as a spoke to a FortiGate hub. The tunnel is up to the FortiGate hub. However, the administrator is not able to ping the Webserver hosted behind the FortiGate hub.
Based on the output, what is the reason for the ping failures?
A. The Secure Private Access (SPA) policy needs to allow PING service.
B. Quick mode selectors are restricting the subnet.
C. The BGP route is not received.
D. Network address translation (NAT) is not enabled on the spoke-to-hub policy.
Answer: C
Question #10 (Topic: Exam A)
An organization wants to block all video and audio application traffic but grant access to videos from CNN.
Which application override action must you configure in the Application Control with Inline-CASB?
Which application override action must you configure in the Application Control with Inline-CASB?
A. Allow
B. Pass
C. Permit
D. Exempt
Answer: A
