A FortiSASE administrator is trying to configure FortiSASE as a spoke to a FortiGate hub. The VPN tunnel does not establish.
Based on the provided configuration, which configuration needs to be modified to bring the tunnel up?
AThe BGP router ID must match on the hub and FortiSASE.
BAuto-discovery-sender must be disabled on IPsec phase 1 settings.
CThe network overlay ID must match on FortiSASE and the hub.
DFortiSASE spoke devices do not support mode config.
What can be configured on FortiSASE as an additional layer of security for FortiClient registration?
Asecurity posture tags
Bapplication inventory
Cuser verification
Ddevice identification
When accessing the FortiSASE portal for the first time, an administrator must select data center locations for which three FortiSASE components? (Choose three.)
AIdentity & access management (IAM)
BPoints of presence
CEndpoint management
DLogging
ESandbox
Which two components are part of onboarding a secure web gateway (SWG) endpoint for secure internet access (SIA)? (Choose two.)
Aproxy auto-configuration (PAC) file
BFortiSASE certificate authority (CA) certificate
CFortiClient software
Dtunnel policy
Question 6
Network Security
0
Question 7
Network Security
Question 8
Network Security
Question 9
Network Security
Question 10
Network Security
Question 11
Network Security
Question 12
Network Security
Question 13
Network Security
Question 14
Network Security
Question 15
Network Security
Question 16
Network Security
Question 17
Network Security
Question 18
Network Security
Question 19
Network Security
Question 20
Network Security
Question 21
Network Security
Question 22
Network Security
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Which two purposes is the dedicated IP address used for in a FortiSASE deployment? (Choose two.)
AFor user access control to FortiSASE
BFor allocation and assignment of unique IP addresses to remote users
CFor regulatory compliance
DFor isolation and identification
Which two advantages does FortiSASE bring to businesses with microbranch offices that have FortiAP deployed for unmanaged devices? (Choose two.)
AIt secures internet access both on and off the network.
BIt uses zero trust network access (ZTNA) tags to perform device compliance checks.
CIt eliminates the requirement for an on-premises firewall.
DIt simplifies management and provisioning.
Refer to the exhibits.
A FortiSASE administrator has configured FortiSASE as a spoke to a FortiGate hub. The tunnel is up to the FortiGate hub. However, the remote FortiClient is not able to access the web server hosted behind the FortiGate hub.
Based on the exhibits, what is the reason for the access failure?
AA private access policy has denied the traffic because of failed compliance
BThe hub is not advertising the required routes.
CThe hub firewall policy does not include the FortiClient address range.
DThe server subnet BGP route was not received on FortiSASE.
An organization must block user attempts to log in to non-company resources while using Microsoft Office 365 to prevent users from accessing unapproved cloud resources.
Which FortiSASE feature can you implement to meet this requirement?
Aapplication control with inline-CASB
Bdata loss prevention (DLP) with Microsoft Purview Information Protection (MPIP)
Cweb filter with inline-CASB
DDNS filter with domain filter
Refer to the exhibits.
How will the application vulnerabilities be patched, based on the exhibits provided?
AThe vulnerability will be patched automatically based on the endpoint profile configuration.
BThe vulnerability will be patched by installing the patch from the vendor’s website.
CThe end user will patch the vulnerabilities using the FortiClient software.
DAn administrator will patch the vulnerability remotely using FortiSASE.
What are two benefits of deploying secure private access with SD-WAN? (Choose two.)
Aa direct access proxy tunnel from FortiClient to the on-premises FortiGate
BZTNA posture check performed by the hub FortiGate
Csupport of both TCP and UDP applications
Dinline security inspection by FortiSASE
Which two of the following can release the network lockdown on the endpoint applied by FortiSASE? (Choose two.)
AWhen the endpoint connects to the FortiSASE tunnel
BWhen the endpoint is determined as on-net
CWhen the endpoint is rebooted
DWhen the endpoint is determined as compliant using ZTNA tags
Which information can an administrator monitor using reports generated on FortiSASE?
Asanctioned and unsanctioned Software-as-a-Service (SaaS) applications usage
BFortiClient vulnerability assessment
CSD-WAN performance
DFortiSASE administrator and system events
Which information does FortiSASE use to bring network lockdown into effect on an endpoint?
AZero-day malware detection on endpoint
BThe number of critical vulnerabilities detected on the endpoint
CThe security posture of the endpoint based on ZTNA tags
DThe connection status of the tunnel to FortiSASE
A customer wants to ensure secure access for private applications for their users by replacing their VPN.
Which two SASE technologies can you use to accomplish this task? (Choose two.)
Azero trust network access (ZTNA)
Bsecure SD-WAN
Csecure web gateway (SWG) and cloud access security broker (CASB)
DSD-WAN on-ramp
In the Secure Private Access (SPA) use case, which two FortiSASE features facilitate access to corporate applications? (Choose two.)
Acloud access security broker (CASB)
BSD-WAN
Czero trust network access (ZTNA)
Dthin edge
In a FortiSASE secure web gateway (SWG) deployment, which two features protect against web-based threats? (Choose two.)
ASSL deep inspection for encrypted web traffic
Bmalware protection with sandboxing capabilities
Cweb application firewall (WAF) for web applications
Dintrusion prevention system (IPS) for web traffic
An administrator must restrict endpoints from certain countries from connecting to FortiSASE.
Which configuration can achieve this?
AConfigure a network lockdown policy on the endpoint profiles.
BConfigure a geography address object as the source for a deny policy.
CConfigure geofencing to restrict access from the required countries.
DConfigure source IP anchoring to restrict access from the specified countries.
Refer to the exhibit.
Based on the configuration shown, in which two ways will FortiSASE process sessions that require FortiSandbox inspection? (Choose two.)
AOnly endpoints assigned a profile for sandbox detection will be processed by the sandbox feature.
BFortiClient quarantines only infected files that FortiSandbox detects as medium level.
CAll files executed on a USB drive will be sent to FortiSandbox for analysis.
DAll files will be sent to a on-premises FortiSandbox for inspection.
What is the benefit of SD-WAN on-ramp deployment with FortiSASE?
ATo provide access to private applications using the bookmark portal
BTo provide device compliance checks using ZTNA tags
CTo secure internet traffic for branch users
DTo manage branch location endpoints
Refer to the exhibits.
A FortiSASE administrator has configured an antivirus profile in the security profile group and applied it to the internet access policy. Remote users are still able to download the eicar.com-zip file from https://eicar.org.
Which configuration on FortiSASE is allowing users to perform the download?
AWeb filter is allowing the URL.
BDeep inspection is not enabled.
CApplication control is exempting all the browser traffic.
DIntrusion prevention is disabled.
Which secure internet access (SIA) use case minimizes individual endpoint configuration?
