Fortinet FCSS_SASE_AD-25 - FCSS - FortiSASE 25 Administrator Exam
Page: 2 / 11
Total 51 questions
Question #6 (Topic: Exam A)
Refer to the exhibits.
A FortiSASE administrator has configured an antivirus profile in the security profile group and applied it to the internet access policy. Remote users are still able to download the eicar.com-zip file from https://eicar.org.
Which configuration on FortiSASE is allowing users to perform the download?
A FortiSASE administrator has configured an antivirus profile in the security profile group and applied it to the internet access policy. Remote users are still able to download the eicar.com-zip file from https://eicar.org.
Which configuration on FortiSASE is allowing users to perform the download?
A. Web filter is allowing the URL.
B. Deep inspection is not enabled.
C. Application control is exempting all the browser traffic.
D. Intrusion prevention is disabled.
Answer: B
Question #7 (Topic: Exam A)
Refer to the exhibit.
Based on the configuration shown, in which two ways will FortiSASE process sessions that require FortiSandbox inspection? (Choose two.)
Based on the configuration shown, in which two ways will FortiSASE process sessions that require FortiSandbox inspection? (Choose two.)
A. Only endpoints assigned a profile for sandbox detection will be processed by the sandbox feature.
B. FortiClient quarantines only infected files that FortiSandbox detects as medium level.
C. All files executed on a USB drive will be sent to FortiSandbox for analysis.
D. All files will be sent to a on-premises FortiSandbox for inspection.
Answer: AC
Question #8 (Topic: Exam A)
An administrator must restrict endpoints from certain countries from connecting to FortiSASE.
Which configuration can achieve this?
Which configuration can achieve this?
A. Configure a network lockdown policy on the endpoint profiles.
B. Configure a geography address object as the source for a deny policy.
C. Configure geofencing to restrict access from the required countries.
D. Configure source IP anchoring to restrict access from the specified countries.
Answer: C
Question #9 (Topic: Exam A)
What is the benefit of SD-WAN on-ramp deployment with FortiSASE?
A. To provide access to private applications using the bookmark portal
B. To provide device compliance checks using ZTNA tags
C. To secure internet traffic for branch users
D. To manage branch location endpoints
Answer: C
Question #10 (Topic: Exam A)
Which two settings are automatically pushed from FortiSASE to FortiClient in a new FortiSASE deployment with default settings? (Choose two.)
A. zero trust network access (ZTNA) tags
B. tunnel profile
C. FortiSASE certificate authority (CA) certificate
D. real-time protection
Answer: BC
