Fortinet NSE7_SSE_AD-25 - Fortinet NSE 7 - FortiSASE 25 Enterprise Administrator Exam
Page: 2 / 8
Total 36 questions
Question #6 (Topic: Exam A)
Refer to the exhibits.
A FortiSASE administrator has configured an antivirus profile in the security profile group and applied it to the internet access policy. Remote users are still able to download the eicar.com-zip file from https: //eicar.org.
Which configuration on FortiSASE is allowing users to perform the download?
A FortiSASE administrator has configured an antivirus profile in the security profile group and applied it to the internet access policy. Remote users are still able to download the eicar.com-zip file from https: //eicar.org.
Which configuration on FortiSASE is allowing users to perform the download?
A. Deep inspection is not enabled.
B. Application control is exempting all the browser traffic.
C. Web filter is allowing the URL.
D. Intrusion prevention is disabled.
Answer: A
Question #7 (Topic: Exam A)
Refer to the exhibit.
Which two prerequisites must be met to use the feature shown in the exhibit? (Choose two.)
Which two prerequisites must be met to use the feature shown in the exhibit? (Choose two.)
A. The secure private access (SPA) feature must be configured in FortiSASE.
B. The relevant FortiGate ZTNA application gateway must be configured.
C. FortiClient must be installed on the user’s device to access the private application.
D. The proxy and proxy user single sign-on (SSO) features must be configured in FortiSASE.
Answer: AB
Question #8 (Topic: Exam A)
Refer to the exhibit.
A customer configured the On/off-net detection rule to disable FortiSASE VPN auto-connect when users are inside the corporate network. The rule is set to Connects with a known public IP using the company’s public IP address. However, when the users are on the corporate network, the FortiSASE VPN still auto-connects. The customer has confirmed that traffic is going to the internet with the correct IP address.
Which configuration is causing the issue?
A customer configured the On/off-net detection rule to disable FortiSASE VPN auto-connect when users are inside the corporate network. The rule is set to Connects with a known public IP using the company’s public IP address. However, when the users are on the corporate network, the FortiSASE VPN still auto-connects. The customer has confirmed that traffic is going to the internet with the correct IP address.
Which configuration is causing the issue?
A. The On-net rule set configuration is incorrect.
B. Allow local LAN access when endpoint is on-net is disabled when it should be enabled.
C. Exempt endpoint from FortiSASE auto-connect is disabled when it should be enabled.
D. Is connected to a known DNS server should be enabled and configured.
Answer: A
Question #9 (Topic: Exam A)
How does FortiSASE Secure Private Access (SPA) facilitate connectivity to private resources in a hub-and-spoke network?
A. SPA establishes direct links to spokes without IPsec or BGP and uses an easy configuration key to secure web traffic for remote users.
B. SPA applies source network address translation (SNAT) for remote user traffic and uses IKEv1 for IPsec tunnels to connect to standalone hubs without BGP support.
C. SPA connects to private resources using HTTP and HTTPS protocols and relies on FortiClient for agentless access to SD-WAN deployments.
D. SPA connects a FortiSASE POP to a FortiGate hub or SD-WAN deployment using IPsec and BGP for dynamic route exchange with an easy configuration key for simplified setup on FortiOS.
Answer: D
Question #10 (Topic: Exam A)
For monitoring potentially unwanted applications on endpoints, which information is available on the FortiSASE software installations page? (Choose two.)
A. The endpoint the software is installed on
B. The license status of the software
C. The vendor of the software
D. The usage frequency of the software
Answer: AC
