● FCSS - FortiSASE 24 Administrator Exam Materials
Please note that the exam "FCSS - FortiSASE 24 Administrator Exam" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 7 - FortiSASE 25 Enterprise Administrator Exam"
The new exam version is available on Brave-Dumps and can be purchased.
It has been replaced by the exam "NSE 7 - FortiSASE 25 Enterprise Administrator Exam"
The new exam version is available on Brave-Dumps and can be purchased.
Question #31
Question #32
An organization wants to block all video and audio application traffic but grant access to videos from CNN
Which application override action must you configure in the Application Control with Inline-CASB?
(Choose one answer)
- A. Allow
- B. Pass
- C. Permit
- D. Exempt
Question #33
Which policy type is used to control traffic between the FortiClient endpoint to FortiSASE for secure internet access? (Choose one answer)
- A. VPN policy
- B. thin edge policy
- C. private access policy
- D. secure web gateway (SWG) policy
Question #34
Refer to the exhibit.
The daily report for application usage shows an unusually high number of unknown applications by category.
What are two possible explanations for this?
(Choose two answers)
- A. Certificate inspection is not being used to scan application traffic.
- B. The inline-CASB application control profile does not have application categories set to Monitor.
- C. Zero trust network access (ZTNA) tags are not being used to tag the correct users.
- D. Deep inspection is not being used to scan traffic.
Question #35
When you configure FortiSASE Secure Private Access (SPA) with SD-WAN integration, you must establish a routing adjacency between FortiSASE and the FortiGate SD-WAN hub. Which routing protocol must you use? (Choose one answer)
- A. BGP
- B. IS-IS
- C. OSPF
- D. EIGRP
Question #36
Which two deployment methods are used to connect a FortiExtender as a FortiSASE LAN extension? (Choose two answers)
- A. Connect FortiExtender to FortiSASE using FortiZTP
- B. Enable Control and Provisioning Wireless Access Points (CAPWAP) access on the FortiSASE portal.
- C. Enter the FortiSASE domain name in the FortiExtender GUI as a static discovery server
- D. Configure an IPsec tunnel on FortiSASE to connect to FortiExtender.
Question #37
An organization needs to resolve internal hostnames using its internal rather than public DNS servers for remotely connected endpoints.
Which two components must be configured on FortiSASE to achieve this?
(Choose two answers)
- A. SSL deep inspection
- B. Split DNS rules
- C. Split tunneling destinations
- D. DNS filter
Question #38
Which secure internet access (SIA) use case minimizes individual workstation or device setup, because you do not need to install FortiClient on endpoints or configure explicit web proxy settings on web browser-based end points? (Choose one answer)
- A. SIA for inline-CASB users
- B. SIA for agentless remote users
- C. SIA for SSLVPN remote users
- D. SIA for site-based remote users
Question #39
Which two additional components does FortiSASE use for application control to act as an inline-CASB? (Choose two answers)
- A. intrusion prevention system (IPS)
- B. SSL deep inspection
- C. DNS filter
- D. Web filter with inline-CASB
Question #40
Which statement describes the FortiGuard forensics analysis feature on FortiSASE? (Choose one answer)
- A. It can help troubleshoot user-to-application performance issues
- B. It can help customers identify and mitigate potential risks to their network.
- C. It can monitor endpoint resources in real-time.
- D. It is a 24x7x365 monitoring service of your FortiSASE environment
Which FortiSASE feature ensures least-privileged user access to all applications? (Choose one answer)