A.  

secure web gateway (SWG)

B.  

zero trust network access (ZTNA)

C.  

cloud access security broker (CASB)

D.  

remote browser isolation (RBI)

A.  

Agentless remote user internet access

B.  

Site-based remote user internet access

C.  

SIA using ZTNA

D.  

SIA for FortiClient agent remote users

A.  

It secures internet access both on and off the network.

B.  

It uses zero trust network access (ZTNA) tags to perform device compliance checks.

C.  

It eliminates the requirement for an on-premises firewall.

D.  

It simplifies management and provisioning.

A.  

The endpoint will be exempted from auto-connect to the FortiSASE tunnel.

B.  

The endpoint will automatically connect to the FortiSASE tunnel.

C.  

The endpoint will be detected as off-net.

D.  

The endpoint will be able to bypass the on-net rule because it is connecting from a known subnet.

A.  

FortiSASE spoke devices do not support mode config.

B.  

The network overlay ID must match on FortiSASE and the hub.

C.  

The BGP router ID must match on the hub and FortiSASE.

D.  

Auto-discovery-sender must be disabled on IPsec phase1 settings.

A.  

Configure a network lockdown policy on the endpoint profiles.

B.  

Configure a geography address object as the source for a deny policy.

C.  

Configure geofencing to restrict access from the required countries.

D.  

Configure source IP anchoring to restrict access from the specified countries.

A.  

It provides end-to-end network visibility from all the FortiSASE security PoPs to a specific SaaS application.

B.  

It gathers all the vulnerability information from all the FortiClient endpoints.

C.  

It is used for performing device compliance checks on endpoints.

D.  

It monitors the FortiSASE POP health based on ping probes.

A.  

The vulnerability will be patched automatically based on the endpoint profile configuration.

B.  

The vulnerability will be patched by installing the patch from the vendor’s website.

C.  

The end user will patch the vulnerabilities using the FortiClient software.

D.  

An administrator will patch the vulnerability remotely using FortiSASE.

A.  

MFA

B.  

Local

C.  

RADIUS

D.  

SSO

A.  

zero trust network access (ZTNA)

B.  

secure SD-WAN

C.  

secure web gateway (SWG) and cloud access security broker (CASB)

D.  

SD-WAN on-ramp

A.  

Identity & access management (IAM)

B.  

Points of presence

C.  

Endpoint management

D.  

Logging

E.  

Sandbox

A.  

A private access policy has denied the traffic because of failed compliance

B.  

The hub is not advertising the required routes.

C.  

The hub firewall policy does not include the FortiClient address range.

D.  

The server subnet BGP route was not received on FortiSASE.

A.  

Objects support two-way synchronization.

B.  

Objects created on FortiSASE can be retrieved on FortiManager.

C.  

Objects that are only flow-based are supported.

D.  

Objects are considered read-only on FortiSASE.

A.  

By tokenization in log data

B.  

By masking log data

C.  

By compressing log data

D.  

By hashing log data

A.  

Configure a TCP access proxy forwarding rule and push it to the contractor FortiClient endpoint.

B.  

Update the DNS records on the endpoint to access private applications.

C.  

Publish the web server URL on a bookmark portal and share it with contractors.

D.  

Update the PAC file with the web server URL and share it with contractors.