Fortinet NSE7_SSE_AD-25 - Fortinet NSE 7 - FortiSASE 25 Enterprise Administrator Exam
Page: 1 / 8
Total 36 questions
Question #1 (Topic: Exam A)
What is the role of ZTNA tags in the FortiSASE Secure Internet Access (SIA) and Secure Private Access (SPA) use cases?
A. ZTNA tags are created to isolate browser sessions in SIA and enforce data loss prevention in SPA for all devices.
B. ZTNA tags determine device posture for non-web traffic protocols and are applied only in agentless deployments for SIA.
C. ZTNA tags determine device posture for endpoints running FortiClient and are used to grant or deny access in SIA or SPA based on that posture.
D. ZTNA tags are applied to unmanaged endpoints without FortiClient to secure HTTP and HTTPS traffic in SIA and SPA.
Answer: C
Question #2 (Topic: Exam A)
Which authentication method overrides any other previously configured user authentication on FortiSASE?
A. Local
B. SSO
C. RADIUS
D. MFA
Answer: D
Question #3 (Topic: Exam A)
Refer to the exhibits.
Jumpbox and Windows-AD are endpoints from the same remote location. Jumpbox can access the internet through FortiSASE, while Windows-AD can no longer access the internet.
Based on the information in the exhibits, which reason explains the outage on Windows-AD?
Jumpbox and Windows-AD are endpoints from the same remote location. Jumpbox can access the internet through FortiSASE, while Windows-AD can no longer access the internet.
Based on the information in the exhibits, which reason explains the outage on Windows-AD?
A. The device security posture for Windows-AD has changed.
B. The FortiClient version installed on Windows-AD does not match the expected version on FortiSASE.
C. Windows-AD is excluded from FortiSASE management.
D. The remote VPN user on Windows-AD no longer matches any VPN policy.
Answer: A
Question #4 (Topic: Exam A)
Refer to the exhibit.
An organization must inspect all the endpoint internet traffic on FortiSASE, and exclude Google Maps traffic from the FortiSASE tunnel and redirect it to the endpoint physical interface.
Which configuration must you apply to achieve this requirement?
An organization must inspect all the endpoint internet traffic on FortiSASE, and exclude Google Maps traffic from the FortiSASE tunnel and redirect it to the endpoint physical interface.
Which configuration must you apply to achieve this requirement?
A. Add the Google Maps URL in the zero trust network access (ZTNA) TCP access proxy forwarding rule.
B. Configure a steering bypass tunnel firewall policy using Google Maps FQDN to exclude and redirect the traffic.
C. Exempt Google Maps in URL filtering in the web filter profile.
D. Add the Google Maps URL as a steering bypass destination in the endpoint profile.
Answer: D
Question #5 (Topic: Exam A)
DRAG DROP
When configuring the DLP rule in FortiSASE using Regex format, what would be the correct order for the configuration steps?
Select the step in the left column, hold and drag it to a blank position in the column on the right. Place the four correct steps in order, placing the first step in the first position at the top of the column. Once you place a step, you can move it again if you want to change your answer before moving to the next question. You need to drop four steps in the work area.
Select and drag the screen divider to change the viewable area of the source and work areas.
When configuring the DLP rule in FortiSASE using Regex format, what would be the correct order for the configuration steps?
Select the step in the left column, hold and drag it to a blank position in the column on the right. Place the four correct steps in order, placing the first step in the first position at the top of the column. Once you place a step, you can move it again if you want to change your answer before moving to the next question. You need to drop four steps in the work area.
Select and drag the screen divider to change the viewable area of the source and work areas.
Answer: 
