Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
 

Fortinet FCSS_SASE_AD-23 Exam Actual Questions

The questions for FCSS_SASE_AD-23 were last updated on Oct. 14, 2024.
  • Viewing page 1 out of 8 pages.
  • Viewing questions 1-4 out of 30 questions

Topic 1 - Exam A

Question #1 Topic 1

Refer to the exhibit.

The daily report for application usage shows an unusually high number of unknown applications by category.
What are two possible explanations for this? (Choose two.)

  • A. Certificate inspection is not being used to scan application traffic.
  • B. The inline-CASB application control profile does not have application categories set to Monitor.
  • C. Zero trust network access (ZTNA) tags are not being used to tag the correct users.
  • D. Deep inspection is not being used to scan traffic.
Reveal Solution Hide Solution   Discussion  

Correct Answer: AD 🗳️

Question #2 Topic 1

What are two advantages of using zero-trust tags? (Choose two.)

  • A. Zero-trust tags can be used to allow or deny access to network resources.
  • B. Zero-trust tags can determine the security posture of an endpoint.
  • C. Zero-trust tags can be used to create multiple endpoint profiles which can be applied to different endpoints.
  • D. Zero-trust tags can be used to allow secure web gateway (SWG) access.
Reveal Solution Hide Solution   Discussion  

Correct Answer: AB 🗳️

Question #3 Topic 1

Refer to the exhibits.





A FortiSASE administrator is trying to configure FortiSASE as a spoke to a FortiGate hub. The VPN tunnel does not establish.
Based on the provided configuration, what configuration needs to be modified to bring the tunnel up?

  • A. NAT needs to be enabled in the Spoke-to-Hub firewall policy.
  • B. The BGP router ID needs to match on the hub and FortiSASE.
  • C. FortiSASE spoke devices do not support mode config.
  • D. The hub needs IKEv2 enabled in the IPsec phase 1 settings.
Reveal Solution Hide Solution   Discussion   2

Correct Answer: C 🗳️

Question #4 Topic 1

Refer to the exhibits.


When remote users connected to FortiSASE require access to internal resources on Branch-2, how will traffic be routed?

  • A. FortiSASE will use the SD-WAN capability and determine that traffic will be directed to HUB-2, which will then route traffic to Branch-2.
  • B. FortiSASE will use the AD VPN protocol and determine that traffic will be directed to Branch-2 directly, using a static route.
  • C. FortiSASE will use the SD-WAN capability and determine that traffic will be directed to HUB-1, which will then route traffic to Branch-2.
  • D. FortiSASE will use the AD VPN protocol and determine that traffic will be directed to Branch-2 directly, using a dynamic route.
Reveal Solution Hide Solution   Discussion   1

Correct Answer: C 🗳️

Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...