Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Fortinet FCSS_SASE_AD-23

Fortinet FCSS_SASE_AD-23 Exam Practice Questions (P. 1)

  • Full Access (54 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #1
Refer to the exhibit.

The daily report for application usage shows an unusually high number of unknown applications by category.
What are two possible explanations for this? (Choose two.)
  1. A
    Certificate inspection is not being used to scan application traffic.
  2. B
    The inline-CASB application control profile does not have application categories set to Monitor.
  3. C
    Zero trust network access (ZTNA) tags are not being used to tag the correct users.
  4. D
    Deep inspection is not being used to scan traffic.

Correct Answer: AD ?️

Question #2
What are two advantages of using zero-trust tags? (Choose two.)
  1. A
    Zero-trust tags can be used to allow or deny access to network resources.
  2. B
    Zero-trust tags can determine the security posture of an endpoint.
  3. C
    Zero-trust tags can be used to create multiple endpoint profiles which can be applied to different endpoints.
  4. D
    Zero-trust tags can be used to allow secure web gateway (SWG) access.

Correct Answer: AB ?️

Question #3
Refer to the exhibits.





A FortiSASE administrator is trying to configure FortiSASE as a spoke to a FortiGate hub. The VPN tunnel does not establish.
Based on the provided configuration, what configuration needs to be modified to bring the tunnel up?
  1. A
    NAT needs to be enabled in the Spoke-to-Hub firewall policy.
  2. B
    The BGP router ID needs to match on the hub and FortiSASE.
  3. C
    FortiSASE spoke devices do not support mode config.
  4. D
    The hub needs IKEv2 enabled in the IPsec phase 1 settings.

Correct Answer: C ?️

Question #4
Refer to the exhibits.


When remote users connected to FortiSASE require access to internal resources on Branch-2, how will traffic be routed?
  1. A
    FortiSASE will use the SD-WAN capability and determine that traffic will be directed to HUB-2, which will then route traffic to Branch-2.
  2. B
    FortiSASE will use the AD VPN protocol and determine that traffic will be directed to Branch-2 directly, using a static route.
  3. C
    FortiSASE will use the SD-WAN capability and determine that traffic will be directed to HUB-1, which will then route traffic to Branch-2.
  4. D
    FortiSASE will use the AD VPN protocol and determine that traffic will be directed to Branch-2 directly, using a dynamic route.

Correct Answer: D ?️

Question #5
Refer to the exhibits.



A FortiSASE administrator has configured an antivirus profile in the security profile group and applied it to the internet access policy. Remote users are still able to download the eicar.com-zip file from https://eicar.org. Traffic logs show traffic is allowed by the policy.
Which configuration on FortiSASE is allowing users to perform the download?
  1. A
    Web filter is allowing the traffic.
  2. B
    IPS is disabled in the security profile group.
  3. C
    The HTTPS protocol is not enabled in the antivirus profile.
  4. D
    Force certificate inspection is enabled in the policy.

Correct Answer: A ?️

Next Questions

All Pages