Fortinet FCSS_SASE_AD-25 Exam Practice Test Instant Access

Question 1

Refer to the exhibit.

A customer needs to implement device posture checks for their remote endpoints while accessing the protected server. They also want the TCP traffic between the remote endpoints and the protected servers to be processed by FortiGate.

In this scenario, which two setups will achieve these requirements? (Choose two.)

AConfigure ZTNA servers and ZTNA policies on FortiGate.

BConfigure FortiGate as a zero trust network access (ZTNA) access proxy.

CConfigure ZTNA tags on FortiGate.

DConfigure private access policies on FortiSASE with ZTNA.

Answer : A, B

To enforce device posture checks and ensure that TCP traffic flows through FortiGate, the FortiGate must act as a ZTNA access proxy and host the ZTNA servers and policies. This setup allows posture validation via FortiSASE while routing traffic securely to protected servers through FortiGate.

Question 2

Which information can an administrator monitor using reports generated on FortiSASE?

Asanctioned and unsanctioned Software-as-a-Service (SaaS) applications usage

BFortiClient vulnerability assessment

CSD-WAN performance

DFortiSASE administrator and system events

Answer : A

FortiSASE reporting provides visibility into the usage of sanctioned and unsanctioned SaaS applications, enabling administrators to monitor cloud application activity and enforce security policies.

Question 3

What are two advantages of using zero-trust tags? (Choose two.)

AZero-trust tags can determine the security posture of an endpoint.

BZero-trust tags can be assigned to endpoint profiles based on user groups.

CZero-trust tags can be used to allow or deny access to network resources.

DZero-trust tags can help monitor endpoint system resource usage.

Answer : A, C

Zero-trust tags assess endpoint compliance based on defined posture rules and are used in access policies to control whether a device is permitted or denied access to specific network resources.

Question 4

Which secure internet access (SIA) use case minimizes individual endpoint configuration?

AAgentless remote user internet access

BSite-based remote user internet access

CSIA using ZTNA

DSIA for FortiClient agent remote users

Answer : B

Site-based remote user internet access minimizes individual endpoint configuration by routing user traffic through a centralized FortiSASE connection point (such as a FortiAP or FortiGate), rather than requiring each device to be individually configured with the FortiClient agent.

Question 5

Which statement best describes the Digital Experience Monitor (DEM) feature on FortiSASE?

AIt provides end-to-end network visibility from all the FortiSASE security PoPs to a specific SaaS application.

BIt gathers all the vulnerability information from all the FortiClient endpoints.

CIt is used for performing device compliance checks on endpoints.

DIt monitors the FortiSASE POP health based on ping probes.

Answer : A

The Digital Experience Monitor (DEM) in FortiSASE measures and monitors network performance from the FortiSASE Points of Presence (PoPs) to specific SaaS or cloud applications, helping identify and troubleshoot performance issues across the service path.

Question 6

What happens to the logs on FortiSASE that are older than the configured log retention period?

AThe logs are deleted from FortiSASE.

BThe logs are indexed and can be stored in a SQL database.

CThe logs are backed up on FortiCloud.

DThe logs are compressed and archived.

Answer : A

Once the configured log retention period expires, FortiSASE automatically deletes the older logs to free up storage and maintain compliance with retention policies.

Question 7

In a FortiSASE secure web gateway (SWG) deployment, which two features protect against web-based threats? (Choose two.)

ASSL deep inspection for encrypted web traffic

Bmalware protection with sandboxing capabilities

Cweb application firewall (WAF) for web applications

Dintrusion prevention system (IPS) for web traffic

Answer : A, B

SSL deep inspection allows FortiSASE to analyze encrypted web traffic for threats, while malware protection with sandboxing detects and blocks malicious files delivered through web channels.

Fortinet FCSS - FortiSASE 25 Administrator FCSS_SASE_AD-25 Exam Practice Test