FCSS_SASE_AD-23 Free Practice Test

During FortiSASE provisioning, how many security points of presence (POPs) need to be configured by the FortiSASE administrator?

1. A. 3
2. B. 4
3. C. 2
4. D. 1

Correct Answer: D
During FortiSASE provisioning, the FortiSASE administrator needs to configure at least one security point of presence (PoP). A single PoP is sufficient to get started with FortiSASE, providing the necessary security services and connectivity for users.
✑ Security Point of Presence (PoP):
✑ Scalability:
References:
✑ FortiOS 7.2 Administration Guide: Provides details on the provisioning process for FortiSASE.
✑ FortiSASE 23.2 Documentation: Explains the configuration and role of security PoPs in the FortiSASE architecture.

You are designing a new network for Company X and one of the new cybersecurity policy requirements is that all remote user endpoints must always be connected and protected Which FortiSASE componentfacilitates this always-on security measure?

1. A. site-based deployment
2. B. thin-branch SASE extension
3. C. unified FortiClient
4. D. inline-CASB

Correct Answer: C
The unified FortiClient component of FortiSASE facilitates the always-on security measure required for ensuring that all remote user endpoints are always connected and protected.
✑ Unified FortiClient:
✑ Always-On Security:
References:
✑ FortiOS 7.2 Administration Guide: Provides information on configuring and managing FortiClient for endpoint security.
✑ FortiSASE 23.2 Documentation: Explains how FortiClient integrates with FortiSASE to deliver always-on security for remote endpoints.

Which two deployment methods are used to connect a FortiExtender as a FortiSASE LAN extension? (Choose two.)

1. A. Connect FortiExtender to FortiSASE using FortiZTP
2. B. Enable Control and Provisioning Wireless Access Points (CAPWAP) access on the FortiSASE portal.
3. C. Enter the FortiSASE domain name in the FortiExtender GUI as a static discovery server
4. D. Configure an IPsec tunnel on FortiSASE to connect to FortiExtender.

Correct Answer: AC
There are two deployment methods used to connect a FortiExtender as a FortiSASE LAN extension:
✑ Connect FortiExtender to FortiSASE using FortiZTP:
✑ Enter the FortiSASE domain name in the FortiExtender GUI as a static discovery server:
References:
✑ FortiOS 7.2 Administration Guide: Details on FortiExtender deployment methods and configurations.
✑ FortiSASE 23.2 Documentation: Explains how to connect and configure FortiExtender with FortiSASE using FortiZTP and static discovery.

To complete their day-to-day operations, remote users require access to a TCP-based application that is hosted on a private web server. Which FortiSASE deployment use case provides the most efficient and secure method for meeting the remote users' requirements?

1. A. SD-WAN private access
2. B. inline-CASB
3. C. zero trust network access (ZTNA) private access
4. D. next generation firewall (NGFW)

Correct Answer: C
Zero Trust Network Access (ZTNA) private access provides the most efficient and secure method for remote users to access a TCP-based application hosted on a private web server. ZTNA ensures that only authenticated and authorized users can access specific applications based on predefined policies, enhancing security and access control.
✑ Zero Trust Network Access (ZTNA):
✑ Secure and Efficient Access:
References:
✑ FortiOS 7.2 Administration Guide: Provides detailed information on ZTNA and its deployment use cases.
✑ FortiSASE 23.2 Documentation: Explains how ZTNA can be used to provide secure access to private applications for remote users.