FCSS_SASE_AD-25 Questions and Answers

When first accessing the FortiSASE portal, the administrator must select data center locations for endpoint management, logging, and sandbox services to ensure optimized performance and compliance with data residency requirements.

SD-WAN allows efficient and secure routing of traffic from users to corporate applications, while ZTNA enables secure access control and verification for users connecting to internal resources, both of which are essential for Secure Private Access (SPA) in FortiSASE.

Deploying FortiAP enables secure internet access for unmanaged personal devices in small branch offices with minimal configuration by automatically directing traffic through FortiSASE, eliminating the need for endpoint installation or complex setup.

To exclude specific internet traffic (such as Google Maps) from being tunneled through FortiSASE and instead direct it out the local endpoint interface, you must configure it as a steering bypass destination in the FortiClient endpoint profile. This ensures traffic matching the URL bypasses the FortiSASE tunnel.

When FortiClient is integrated with FortiSASE, it enables vulnerability management and device posture checks, allowing for advanced endpoint compliance enforcement - capabilities not available in standalone secure web gateway (SWG) deployments.

In FortiSASE, Single Sign-On (SSO) takes precedence and overrides other configured user authentication methods, ensuring a centralized and streamlined authentication process across services.

Single Sign-On (SSO) overrides any other previously configured user authentication method on FortiSASE, taking precedence for user authentication.

The usernames appear as random character strings because log anonymization is enabled in FortiSASE, which hashes sensitive user information such as usernames to protect privacy while still allowing log analysis.

FortiSASE uses ZTNA tags to assess the endpoint’s security posture. If the posture is non-compliant based on predefined rules, FortiSASE enforces network lockdown to restrict access accordingly.

The bookmark portal is the recommended method for providing contractors access to private web applications through FortiSASE Secure Private Access, as it offers a user-friendly, secure, and controlled access mechanism without requiring full network connectivity.