Fortinet FCSS_SASE_AD-24 Practice Test - Questions Answers

List of questions
Question 1

Which event log subtype captures FortiSASE SSL VPN user creation?
Endpoint Events
VPN Events
User Events
Administrator Events
The event log subtype that captures FortiSASE SSL VPN user creation is User Events . This subtype is specifically designed to log activities related to user management, such as creating, modifying, or deleting user accounts. When an SSL VPN user is created, it falls under this category because it involves adding a new user to the system.
Here's why the other options are incorrect:
A . Endpoint Events: These logs pertain to activities related to endpoint devices, such as device registration, compliance checks, or security posture assessments. SSL VPN user creation is unrelated to endpoint events.
B . VPN Events: These logs capture activities related to VPN connections, such as session establishment, termination, or errors. While SSL VPN usage generates VPN events, the creation of a user account itself is not logged under this subtype.
D . Administrator Events: These logs track actions performed by administrators, such as configuration changes or policy updates. While an administrator might create the SSL VPN user, the specific event of user creation is categorized under User Events, not Administrator Events.
Fortinet FCSS FortiSASE Documentation - Event Logging and Subtypes
FortiSASE Administration Guide - Monitoring and Logging
Question 2

When deploying FortiSASE agent-based clients, which three features are available compared to an agentless solution? (Choose three.)
Vulnerability scan
SSL inspection
Anti-ransomware protection
Web filter
ZTNA tags
Question 3

Which FortiSASE feature ensures least-privileged user access to all applications?
secure web gateway (SWG)
SD-WAN
zero trust network access (ZTNA)
thin branch SASE extension
Zero Trust Network Access (ZTNA) is the FortiSASE feature that ensures least-privileged user access to all applications. ZTNA operates on the principle of 'never trust, always verify,' providing secure access based on the identity of users and devices, regardless of their location.
Zero Trust Network Access (ZTNA):
ZTNA ensures that only authenticated and authorized users and devices can access applications.
It applies the principle of least privilege by granting access only to the resources required by the user, minimizing the potential for unauthorized access.
Implementation:
ZTNA continuously verifies user and device trustworthiness and enforces granular access control policies.
This approach enhances security by reducing the attack surface and limiting lateral movement within the network.
FortiOS 7.2 Administration Guide: Provides detailed information on ZTNA and its role in ensuring least-privileged access.
FortiSASE 23.2 Documentation: Explains the implementation and benefits of ZTNA within the FortiSASE environment.
Question 4

Refer to the exhibits.
A FortiSASE administrator has configured an antivirus profile in the security profile group and applied it to the internet access policy. Remote users are still able to download the eicar.com-zip file from https://eicar.org. Traffic logs show traffic is allowed by the policy.
Which configuration on FortiSASE is allowing users to perform the download?
Web filter is allowing the traffic.
IPS is disabled in the security profile group.
The HTTPS protocol is not enabled in the antivirus profile.
Force certificate inspection is enabled in the policy.
https://community.fortinet.com/t5/FortiSASE/Technical-Tip-Force-Certificate-Inspection-option-in-FortiSASE/ta-p/302617
Question 5

An organization wants to block all video and audio application traffic but grant access to videos from CNN Which application override action must you configure in the Application Control with Inline-CASB?
Allow
Pass
Permit
Exempt
(https://docs.fortinet.com/document/fortisase/24.4.75/sia-agent-based-deployment-guide/568255/configuring-application-control-profile
Question 6

Refer to the exhibits.
When remote users connected to FortiSASE require access to internal resources on Branch-2. how will traffic be routed?
FortiSASE will use the SD-WAN capability and determine that traffic will be directed to HUB-2. which will then route traffic to Branch-2.
FortiSASE will use the AD VPN protocol and determine that traffic will be directed to Branch-2 directly, using a static route
FortiSASE will use the SD-WAN capability and determine that traffic will be directed to HUB-1, which will then route traffic to Branch-2.
FortiSASE will use the AD VPN protocol and determine that traffic will be directed to Branch-2 directly, using a dynamic route
Question 7

What are two advantages of using zero-trust tags? (Choose two.)
Zero-trust tags can be used to allow or deny access to network resources
Zero-trust tags can determine the security posture of an endpoint.
Zero-trust tags can be used to create multiple endpoint profiles which can be applied to different endpoints
Zero-trust tags can be used to allow secure web gateway (SWG) access
Zero-trust tags are critical in implementing zero-trust network access (ZTNA) policies. Here are the two key advantages of using zero-trust tags:
Access Control (Allow or Deny):
Zero-trust tags can be used to define policies that either allow or deny access to specific network resources based on the tag associated with the user or device.
This granular control ensures that only authorized users or devices with the appropriate tags can access sensitive resources, thereby enhancing security.
Determining Security Posture:
Zero-trust tags can be utilized to assess and determine the security posture of an endpoint.
Based on the assigned tags, FortiSASE can evaluate the device's compliance with security policies, such as antivirus status, patch levels, and configuration settings.
Devices that do not meet the required security posture can be restricted from accessing the network or given limited access.
FortiOS 7.2 Administration Guide: Provides detailed information on configuring and using zero-trust tags for access control and security posture assessment.
FortiSASE 23.2 Documentation: Explains how zero-trust tags are implemented and used within the FortiSASE environment for enhancing security and compliance.
Question 8

Refer to the exhibit.
In the user connection monitor, the FortiSASE administrator notices the user name is showing random characters. Which configuration change must the administrator make to get proper user information?
Question 9

Refer to the exhibit.
To allow access, which web tiller configuration must you change on FortiSASE?
Question 10

Which policy type is used to control traffic between the FortiClient endpoint to FortiSASE for secure internet access?
Question