Fortinet FCSS_SASE_AD-24 - FCSS - FortiSASE 24 Administrator Exam
Page: 1 / 5
Total 23 questions
Question #1 (Topic: Exam A)
What are two advantages of using zero-trust tags? (Choose two.)
A. Zero-trust tags can help in diagnosing connectivity issues.
B. Zero-trust tags can determine the security posture of an endpoint.
C. Zero-trust tags can be used to allow or deny access to network resources.
D. Zero-trust tags can be assigned to endpoint profiles based on user groups.
Answer: BC
Question #2 (Topic: Exam A)
Which statement describes the FortiGuard forensics analysis feature on FortiSASE?
A. It is a 24x7x365 monitoring service of your FortiSASE environment.
B. It can monitor endpoint resources in real-time.
C. It can help troubleshoot user-to-application performance issues.
D. It can help customers identify and mitigate potential risks to their network.
Answer: D
Question #3 (Topic: Exam A)
Which statement best describes the Digital Experience Monitor (DEM) feature on FortiSASE?
A. It can help IT and security teams ensure consistent security monitoring for remote users.
B. It can be used to request a detailed analysis of the endpoint from the FortiGuard team.
C. It requires a separate DEM agent to be downloaded from the FortiSASE portal and installed on the endpoint.
D. It provides end-to-end network visibility from all the FortiSASE security PoPs to a specific SaaS application.
Answer: D
Question #4 (Topic: Exam A)
Refer to the exhibit.
A company has a requirement to inspect all the endpoint internet traffic on FortiSASE, and exclude Google Maps traffic from the FortiSASE VPN tunnel and redirect it to the endpoint physical interface.
Which configuration must you apply to achieve this requirement?
A company has a requirement to inspect all the endpoint internet traffic on FortiSASE, and exclude Google Maps traffic from the FortiSASE VPN tunnel and redirect it to the endpoint physical interface.
Which configuration must you apply to achieve this requirement?
A. Implement a ZTNA destination rule using Google Maps FQDN on FortiSASE to identify and redirect Google Maps traffic.
B. Configure the Google Maps FQDN as a split tunneling destination on the FortiSASE endpoint profile.
C. Exempt the Google Maps FQDN from the endpoint system proxy settings.
D. Configure a split-tunnel VPN policy using Google Maps FQDN to exclude and redirect the traffic.
Answer: B
Question #5 (Topic: Exam A)
Which of the following describes the FortiSASE inline-CASB component?
A. It uses API to connect to the cloud applications.
B. It detects data at rest.
C. It provides visibility for unmanaged locations and devices.
D. It is placed directly in the traffic path between the endpoint and cloud applications.
Answer: D
