Practice Free NSE7_SSE_AD-25 Exam Online Questions
Refer to the exhibit.
Which two prerequisites must be met to use the feature shown in the exhibit? (Choose two.)
- A . The secure private access (SPA) feature must be configured in FortiSASE.
- B . The relevant FortiGate ZTNA application gateway must be configured.
- C . The proxy and proxy user single sign-on (SSO) features must be configured in FortiSASE.
- D . FortiClient must be installed on the user’s device to access the private application.
Which authentication method overrides any other previously configured user authentication on FortiSASE?
- A . MFA
- B . SSO
- C . RADIUS
- D . Local
Refer to the exhibits.
A FortiSASE administrator has configured an antivirus profile in the security profile group and applied it to the internet access policy. Remote users are still able to download the eicar.com-zip file from https://eicar.org.
Which configuration on FortiSASE is allowing users to perform the download?
- A . Application control is exempting all the browser traffic.
- B . Web filter is allowing the URL.
- C . Intrusion prevention is disabled.
- D . Deep inspection is not enabled.
You have configured FortiSASE Secure Private Access (SPA) deployment.
Which statement is true about traffic flows? (Choose two.)
- A . When using zero trust network access (ZTNA) traffic goes from an end point directly to a ZTNA access proxy.
- B . when using SD-WAN private access, traffic goes from an endpoint to a FortiSASE POP, and then to an SPA hub
- C . When using zero trust network access, traffic goes from an endpoint to a FortiSASE POP, and then to a ZTNA access proxy
- D . When using SD-WAN private access, traffic goes from an endpoint directly to an SPA hub.
A FortiSASE customer has been enforcing always-on VPN for their remote-users running FortiClient.
What option can be enabled under the customer’s Endpoint Profile to allow them access different resources located in the same L2 network?
- A . Endpoint Sandbox protection for VPN users
- B . Network Lockdown for endpoints with VPN enabled
- C . Endpoint Anti-Virus protection in the Endpoint Profile for VPN
- D . Allow local LAN Access in the user Endpoint Profile before they get connected to the VPN
Which two statements about the Hub Selection Method in FortiSASE Secure Private Access (SPA) are correct? (Choose two.)
- A . When using BGP MED; FortiSASE selects the hub with the lowest MED value only if it also meets the configured SI_A thresholds.
- B . When using Hub Health and Priority, FortiSASE selects the highest priority hub that meets the configured SLA thresholds.
- C . When using SLA thresholds, administrators can customize latency, jitter, and packet loss for each security POP.
- D . When using Hub Health and Priority, all hubs with the same priority are always selected regardless of SLA results.
Refer to the exhibits.
Jumpbox and Windows-AD are endpoints from the same remote location. Jumpbox can access the internet through FortiSASE, while Windows-AD can no longer access the internet.
Based on the information in the exhibits, which reason explains the outage on Windows-AD?
- A . The remote VPN user on Windows-AD no longer matches any VPN policy.
- B . The device security posture for Windows-AD has changed.
- C . Windows-AD is excluded from FortiSASE management.
- D . The FortiClient version installed on Windows-AD does not match the expected version on FortiSASE.
Refer to the exhibit.
The daily report for application usage for internet traffic shows an unusually high number of unknown applications by category.
What are two possible explanations for this? (Choose two.)
- A . Certificate inspection is not being used to scan application traffic.
- B . Deep inspection is not being used to scan traffic.
- C . The private access policy must be to set to log Security Events.
- D . The inline-CASB application control profile does not have application categories set to Monitor
Refer to the exhibit.
An SPA service connection is experiencing connectivity problems.
Which configuration setting should the administrator verify and correct first?
- A . Network overlay ID
- B . Remote Gateway
- C . Authentication Method
- D . BGP Peer IP
What is the role of ZTNA tags in the FortiSASE Secure Internet Access (SIA) and Secure Private Access (SPA) use cases?
- A . ZTNA tags determine device posture for non-web traffic protocols and are applied only in agentless deployments for SIA.
- B . ZTNA tags are created to isolate browser sessions in SIA and enforce data loss prevention in SPA for all devices.
- C . ZTNA tags are applied to unmanaged endpoints without FortiClient to secure HTTP and HTTPS traffic in SIA and SPA.
- D . ZTNA tags determine device posture for endpoints running FortiClient and are used to grant or deny access in SIA or SPA based on that posture.