Free Fortinet FCSS_SASE_AD-25 Practice Exam with Questions & Answers

FortiSASE uses ZTNA tags to assess the endpoint’s security posture. If the posture is non-compliant based on predefined rules, FortiSASE enforces network lockdown to restrict access accordingly.

The “Automatically patch vulnerabilities” option is disabled in the endpoint profile. Additionally, the Vulnerability Dashboard shows the patching status as “Manual patching required.” This means an administrator must manually initiate the patching process remotely using FortiSASE.

When FortiClient is integrated with FortiSASE, it enables vulnerability management and device posture checks, allowing for advanced endpoint compliance enforcement - capabilities not available in standalone secure web gateway (SWG) deployments.

Remote Browser Isolation (RBI) protects users by executing their web browsing sessions in a remote, secure container, preventing malicious content from reaching the local device.

To enable the MSSP feature on FortiSASE, you must use the FortiCloud IAM portal to assign RBAC permissions to users. This grants appropriate access to manage multiple tenants or customer accounts securely.

The FortiSASE software installations page shows which endpoints have specific software installed, allowing administrators to monitor potentially unwanted applications across the network.

FortiSASE hides user information in logs by using hashing, which anonymizes sensitive data such as usernames or IP addresses while still allowing for consistent tracking and analysis.

In FortiSASE, Single Sign-On (SSO) takes precedence and overrides other configured user authentication methods, ensuring a centralized and streamlined authentication process across services.

A PAC file is used to redirect client web traffic through the SWG, and FortiClient software is required to connect endpoints to the FortiSASE service for secure internet access (SIA).

The SSL inspection mode is set to certificate inspection, which only inspects SSL/TLS headers and does not allow full scanning of encrypted content. Without full (deep) inspection, the antivirus profile cannot scan or block malicious files (like eicar.com-zip) delivered over HTTPS, allowing the download to proceed.