● FCSS - FortiSASE 25 Administrator Exam Materials

Please note that the exam "FCSS - FortiSASE 25 Administrator Exam" is no longer offered by Fortinet and is not available for booking through Pearson VUE.
It has been replaced by the exam " NSE 7 - FortiSASE 25 Enterprise Administrator."

The new exam version is available on Brave-Dumps and can be purchased.

❌ Please do not order: FCSS - FortiSASE 25 Administrator Exam
✅ Please order: NSE 7 - FortiSASE 25 Enterprise Administrator



Question #1
Comment Image Comment Image Comment Image

Which two are required to enable central management on FortiSASE? (Choose two answers)

  • A. FortiSASE connector configured on FortiManager.
  • B. FortiManager and FortiSASE registered under the same FortiCloud account.
  • C. The FortiManager IP address in the FortiSASE central management configuration.
  • D. FortiSASE central management entitlement applied to FortiManager.

Question #2
Comment Image Comment Image Comment Image

In a FortiSASE secure web gateway (SWG) deployment, which two features protect against web-based threats?
☐ (Choose two answers)

  • A. SSL deep inspection for encrypted web traffic
  • B. malware protection with sandboxing capabilities
  • C. web application firewall (WAF) for web applications
  • D. intrusion prevention system (IPS) for web traffic

Question #3
Comment Image Comment Image Comment Image

Refer to the exhibits.

A FortiSASE administrator has configured an antivirus profile in the security profile group and applied it to the internet access policy. Remote users are still able to download the eicar.com.zip file from https://eicar.org.

Which configuration on FortiSASE is allowing users to perform the download? (Choose one answer)

  • A. Web filter is allowing the URL.
  • B. Deep inspection is not enabled.
  • C. Application control is exempting all the browser traffic.
  • D. Intrusion prevention is disabled.

Question #4
Comment Image Comment Image Comment Image

A company must provide access to a web server through FortiSASE secure private access for contractors

What is the recommended method to provide access? (Choose one answer)

  • A. Configure a TCP access proxy forwarding rule and push it to the contractor FortiClient endpoint.
  • B. Update the DNS records on the endpoint to access private applications.
  • C. Publish the web server URL on a bookmark portal and share it with contractors.
  • D. Update the PAC file with the web server URL and share it with contractors.

Question #5
Comment Image Comment Image Comment Image

Refer to the exhibit

Based on the configuration shown, in which two ways will FortiSASE process sessions that require FortiSandbox inspection? (Choose two answers)

  • A. Only endpoints assigned a profile for sandbox detection will be processed by the sandbox feature.
  • B. FortiClient quarantines only infected files that FortiSandbox detects as medium level.
  • C. All files executed on a USB drive will be sent to FortiSandbox for analysis.
  • D. All files will be sent to a on-premises FortiSandbox for inspection.

Question #6
Comment Image Comment Image Comment Image

An administrator must restrict endpoints from certain countries from connecting to FortiSASE.

Which configuration can achieve this? (Choose one answer)

  • A. Configure a network lockdown policy on the endpoint profiles.
  • B. Configure a geography address object as the source for a deny policy.
  • C. Configure geofencing to restrict access from the required countries.
  • D. Configure source IP anchoring to restrict access from the specified countries.

Question #7
Comment Image Comment Image Comment Image

What is the benefit of SD-WAN on-ramp deployment with FortiSASE? (Choose one answer)

  • A. To provide access to private applications using the bookmark portal
  • B. To provide device compliance checks using ZTNA tags
  • C. To secure internet traffic for branch users
  • D. To manage branch location endpoints

Question #8
Comment Image Comment Image Comment Image

Refer to the exhibits.

Jumpbox and Windows-AD are endpoints from the same remote location. Jumpbox can access the internet through FortiSASE, while Windows-AD can no longer access the internet.

Based on the information in the exhibits, which reason explains the outage on Windows-AD? (Choose one answer)

  • A. Windows-AD is excluded from FortiSASE management.
  • B. The FortiClient version installed on Windows-AD does not match the expected version on FortiSASE.
  • C. The device posture for Windows-AD has changed.
  • D. The remote VPN user on Windows-AD no longer matches any VPN policy.

Question #9
Comment Image Comment Image Comment Image

Which description of the FortiSASE inline-CASB component is true? (Choose one answer)

  • A. It has limited visibility when data is transmitted.
  • B. It detects data in motion.
  • C. It is placed outside the traffic path.
  • D. It relies on API to integrate with cloud services.

Question #10
Comment Image Comment Image Comment Image

Which authentication method overrides any other previously configured user authentication on FortiSASE? (Choose one answer)

  • A. MFA
  • B. Local
  • C. RADIUS
  • D. SSO