Fortinet FCSS_SASE_AD-25 Exam Practice Test Instant Access

Question 1

Refer to the exhibits.

Antivirus is installed on a Windows 10 endpoint, but the windows application firewall is stopping it from running.

What will the endpoint security posture check be?

AFortiClient will tag the endpoint as FortiSASE-Non-Compliant.

BFortiClient will be unmanaged from FortiSASE due to failed compliance.

CFortiClient will trigger network lockdown on the endpoint.

DFortiClient will prompt the user to enable antivirus.

Answer : A

Although the antivirus is installed, it is not running due to the Windows application firewall blocking it. According to the FortiSASE-Non-Compliant rule, antivirus software must be both installed and running. Since this condition fails, FortiClient assigns the FortiSASE-Non-Compliant tag to the endpoint.

Question 2

Which two of the following can release the network lockdown on the endpoint applied by FortiSASE? (Choose two.)\

AWhen the endpoint connects to the FortiSASE tunnel

BWhen the endpoint is determined as on-net

CWhen the endpoint is rebooted

DWhen the endpoint is determined as compliant using ZTNA tags

Answer : A, D

FortiSASE releases network lockdown when the endpoint re-establishes the tunnel connection or when it is verified as compliant through ZTNA tag evaluation, ensuring it meets security posture requirements.

Question 3

How do security profile group objects behave when central management is enabled on FortiSASE?

AObjects support two-way synchronization.

BObjects created on FortiSASE can be retrieved on FortiManager.

CObjects that are only flow-based are supported.

DObjects are considered read-only on FortiSASE.

Answer : D

When central management is enabled, security profile group objects are managed exclusively through FortiManager, making them read-only on the FortiSASE portal to ensure centralized policy control.

Question 4

A customer wants to upgrade their legacy on-premises proxy to a cloud-based proxy for a hybrid network.

Which two FortiSASE features would help the customer achieve this outcome? (Choose two.)

Asecure web gateway (SWG)

Bzero trust network access (ZTNA)

Csandbox cloud

Dinline-CASB

Answer : A, D

The secure web gateway (SWG) serves as the cloud-based proxy that inspects and controls web traffic, replacing the on-premises proxy. The inline-CASB provides additional visibility and control over cloud application usage, enhancing security in hybrid environments.

Question 5

What are two benefits of deploying secure private access with SD-WAN? (Choose two.)

Aa direct access proxy tunnel from FortiClient to the on-premises FortiGate

BZTNA posture check performed by the hub FortiGate

Csupport of both TCP and UDP applications

Dinline security inspection by FortiSASE

Answer : B, C

Deploying secure private access with SD-WAN enables the hub FortiGate to perform ZTNA posture checks, and supports both TCP and UDP applications over the tunnel, allowing for flexible and secure access to internal resources.

Question 6

A company must provide access to a web server through FortiSASE secure private access for contractors.

What is the recommended method to provide access?

AConfigure a TCP access proxy forwarding rule and push it to the contractor FortiClient endpoint.

BUpdate the DNS records on the endpoint to access private applications.

CPublish the web server URL on a bookmark portal and share it with contractors.

DUpdate the PAC file with the web server URL and share it with contractors.

Answer : C

The bookmark portal is the recommended method for providing contractors access to private web applications through FortiSASE Secure Private Access, as it offers a user-friendly, secure, and controlled access mechanism without requiring full network connectivity.

Question 7

Refer to the exhibits.

How will the application vulnerabilities be patched, based on the exhibits provided?

AThe vulnerability will be patched automatically based on the endpoint profile configuration.

BThe vulnerability will be patched by installing the patch from the vendor's website.

CThe end user will patch the vulnerabilities using the FortiClient software.

DAn administrator will patch the vulnerability remotely using FortiSASE.

Answer : B

Fortinet FCSS - FortiSASE 25 Administrator FCSS_SASE_AD-25 Exam Practice Test