Free FCSS_SASE_AD-23 Sample Questions — FCSS - FortiSASE 23 Administrator

Which FortiSASE feature ensures least-privileged user access to all applications?

• A. secure web gateway (SWG)
• B. SD-WAN
• C. zero trust network access (ZTNA)
• D. thin branch SASE extension

A customer wants to upgrade their legacy on-premises proxy to a cloud-based proxy for a hybrid network. Which FortiSASE features would help the customer to achieve this outcome?

• A. SD-WAN and NGFW
• B. SD-WAN and inline-CASB
• C. zero trust network access (ZTNA) and next generation firewall (NGFW)
• D. secure web gateway (SWG) and inline-CASB

An organization wants to block all video and audio application traffic but grant access to videos from CNN. Which application override action must you configure in the Application Control with Inline-CASB?

• A. Allow
• B. Pass
• C. Permit
• D. Exempt

Which two settings are automatically pushed from FortiSASE to FortiClient in a new FortiSASE deployment with default settings? (Choose two.)

• A. FortiSASE CA certificate
• B. Real-time protection
• C. SSL VPN profile
• D. ZTNA tags

In the Secure Private Access (SPA) use case, which two FortiSASE features facilitate access to corporate applications? (Choose two.)

• A. Zero trust network access (ZTNA)
• B. Cloud access security broker (CASB)
• C. Thin edge
• D. SD-WAN

An organization needs to resolve internal hostnames using its internal rather than public DNS servers for remotely connected endpoints. Which two components must be configured on FortiSASE to achieve this? (Choose two.)

• A. SSL deep inspection
• B. Split DNS rules
• C. Split tunneling destinations
• D. DNS filter

When deploying FortiSASE agentless secure web gateway (SWG) clients, which three features can you use to scan client traffic? (Choose three.)

• A. Antiransomware protection
• B. Intrusion prevention system (IPS)
• C. Inline-CASB HTTP header insertion
• D. DNS filter
• E. SSL inspection

When accessing the FortiSASE portal for the first time, an administrator must select data center locations for which three FortiSASE components? (Choose three.)

• A. Logging
• B. Sandbox
• C. Endpoint management
• D. Identity & access management (IAM)
• E. Points of presence

What are two advantages of using zero-trust tags? (Choose two.)

• A. Zero-trust tags can be used to allow or deny access to network resources
• B. Zero-trust tags can determine the security posture of an endpoint
• C. Zero-trust tags can be used to create multiple endpoint profiles which can be applied to different endpoints
• D. Zero-trust tags can be used to allow secure web gateway (SWG) access

When viewing the daily summary report generated by FortiSASE. the administrator notices that the report contains very little data. What is a possible explanation for this almost empty report?

• A. Digital experience monitoring is not configured
• B. Log allowed traffic is set to Security Events for all policies
• C. The web filter security profile is not set to Monitor
• D. There are no security profile group applied to all policies