Page: 1
/ 6
Total 30 questions
Refer to the exhibit.
The daily report for application usage shows an unusually high number of unknown applications by category.
What are two possible explanations for this? (Choose two.)
- A. Certificate inspection is not being used to scan application traffic.
- B. The inline-CASB application control profile does not have application categories set to Monitor.
- C. Zero trust network access (ZTNA) tags are not being used to tag the correct users.
- D. Deep inspection is not being used to scan traffic.
Answer : AD
What are two advantages of using zero-trust tags? (Choose two.)
- A. Zero-trust tags can be used to allow or deny access to network resources.
- B. Zero-trust tags can determine the security posture of an endpoint.
- C. Zero-trust tags can be used to create multiple endpoint profiles which can be applied to different endpoints.
- D. Zero-trust tags can be used to allow secure web gateway (SWG) access.
Answer : AB
Refer to the exhibits.
A FortiSASE administrator is trying to configure FortiSASE as a spoke to a FortiGate hub. The VPN tunnel does not establish.
Based on the provided configuration, what configuration needs to be modified to bring the tunnel up?
- A. NAT needs to be enabled in the Spoke-to-Hub firewall policy.
- B. The BGP router ID needs to match on the hub and FortiSASE.
- C. FortiSASE spoke devices do not support mode config.
- D. The hub needs IKEv2 enabled in the IPsec phase 1 settings.
Answer : C
Refer to the exhibits.
When remote users connected to FortiSASE require access to internal resources on Branch-2, how will traffic be routed?
- A. FortiSASE will use the SD-WAN capability and determine that traffic will be directed to HUB-2, which will then route traffic to Branch-2.
- B. FortiSASE will use the AD VPN protocol and determine that traffic will be directed to Branch-2 directly, using a static route.
- C. FortiSASE will use the SD-WAN capability and determine that traffic will be directed to HUB-1, which will then route traffic to Branch-2.
- D. FortiSASE will use the AD VPN protocol and determine that traffic will be directed to Branch-2 directly, using a dynamic route.
Answer : C
Refer to the exhibits.
A FortiSASE administrator has configured an antivirus profile in the security profile group and applied it to the internet access policy. Remote users are still able to download the eicar.com-zip file from https://eicar.org. Traffic logs show traffic is allowed by the policy.
Which configuration on FortiSASE is allowing users to perform the download?
- A. Web filter is allowing the traffic.
- B. IPS is disabled in the security profile group.
- C. The HTTPS protocol is not enabled in the antivirus profile.
- D. Force certificate inspection is enabled in the policy.
Answer : A
31 days access 