During FortiSASE provisioning, how many security points of presence (POPs) need to be configured by the FortiSASE administrator?
Correct Answer:B
Refer to the exhibit.
To allow access, which web tiller configuration must you change on FortiSASE?
Correct Answer:B
What are two advantages of using zero-trust tags? (Choose two.)
Correct Answer:AB
Zero-trust tags are critical in implementing zero-trust network access (ZTNA) policies. Here are the two key advantages of using zero-trust tags:
✑ Access Control (Allow or Deny):
✑ Determining Security Posture:
References:
✑ FortiOS 7.2 Administration Guide: Provides detailed information on configuring and using zero-trust tags for access control and security posture assessment.
✑ FortiSASE 23.2 Documentation: Explains how zero-trust tags are implemented and used within the FortiSASE environment for enhancing security and compliance.
Refer to the exhibit.
A company has a requirement to inspect all the endpoint internet traffic on FortiSASE, and exclude Google Maps traffic from the FortiSASE VPN tunnel and redirect it to the endpoint physical Interface.
Which configuration must you apply to achieve this requirement?
Correct Answer:C
To meet the requirement of inspecting all endpoint internet traffic on FortiSASE while excluding Google Maps traffic from the FortiSASE VPN tunnel and redirecting it to the endpoint's physical interface, you should configure split tunneling. Split tunneling allows specific traffic to bypass the VPN tunnel and be routed directly through the endpoint's local interface.
✑ Split Tunneling Configuration:
✑ Implementation Steps:
References:
✑ FortiOS 7.2 Administration Guide: Provides details on split tunneling configuration.
✑ FortiSASE 23.2 Documentation: Explains how to set up and manage split tunneling for specific destinations.
Which statement applies to a single sign-on (SSO) deployment on FortiSASE?
Correct Answer:D
In aSingle Sign-On (SSO)deployment on FortiSASE,SSO users can be imported into FortiSASE and added to user groups. This allows administrators to manage SSO users within FortiSASE, enabling them to apply policies, permissions, and group-based access controls. By integrating SSO with FortiSASE, organizations can streamline user authentication and simplify access management while maintaining security. Here??s why the other options are incorrect:
✑ A. SSO overrides any other previously configured user authentication:This is incorrect because SSO does not automatically override other authentication methods. FortiSASE supports multiple authentication mechanisms, and SSO is just one of them. Administrators can configure fallback authentication methods if needed.
✑ B. SSO identity providers can be integrated using public and private access
types:While FortiSASE supports integration with various identity providers (e.g., SAML, LDAP, OAuth), the concept of "public and private access types" is not applicable to SSO configurations.
✑ C. SSO is recommended only for agent-based deployments:This is incorrect
because SSO can be used in both agent-based and agentless deployments. It is not limited to environments where agents are installed.
References:
✑ Fortinet FCSS FortiSASE Documentation - Single Sign-On (SSO) Integration
✑ FortiSASE Administration Guide - User Authentication and SSO
================