Spring Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

Pass the Fortinet Fortinet Network Security Expert NSE7_SSE_AD-25 Questions and answers with CertsForce

Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions
Questions # 11:

Refer to the exhibits.

Question # 11

Question # 11

A FortiSASE administrator is trying to configure FortiSASE as a spoke to a FortiGate hub. The VPN tunnel does not establish

Based on the provided configuration, what configuration needs to be modified to bring the tunnel up?

Options:

A.

NAT needs to be enabled in the Spoke-to-Hub firewall policy.


B.

The BGP router ID needs to match on the hub and FortiSASE.


C.

FortiSASE spoke devices do not support mode config.


D.

The hub needs IKEv2 enabled in the IPsec phase 1 settings.


Expert Solution
Questions # 12:

What are two advantages of using zero-trust tags? (Choose two.)

Options:

A.

Zero-trust tags can be used to allow or deny access to network resources


B.

Zero-trust tags can determine the security posture of an endpoint.


C.

Zero-trust tags can be used to create multiple endpoint profiles which can be applied to different endpoints


D.

Zero-trust tags can be used to allow secure web gateway (SWG) access


Expert Solution
Questions # 13:

Refer to the exhibit.

Question # 13

Which two statements about the onboarding process shown in the exhibit are true? (Choose two answers)

Options:

A.

The user must manually select which FortiSASE components to install during the FortiClient setup.


B.

Depending on the installer used, the invitation code step may be skipped.


C.

The invitation code must always be entered manually after installing FortiClient.


D.

This is an email from the FortiSASE platform to an end user.


Expert Solution
Questions # 14:

An organization needs to resolve internal hostnames using its internal rather than public DNS servers for remotely connected endpoints. Which two components must be configured on FortiSASE to achieve this? (Choose two.)

Options:

A.

SSL deep inspection


B.

Split DNS rules


C.

Split tunnelling destinations


D.

DNS filter


Expert Solution
Questions # 15:

How does FortiSASE Secure Private Access (SPA) facilitate connectivity to private resources in a hub-and-spoke network? (Choose one answer)

Options:

A.

SPA establishes direct links to spokes without IPsec or BGP and uses an easy configuration key to secure web traffic for remote users.


B.

SPA applies source network address translation (SNAT) for remote user traffic and uses IKEv1 for IPsec tunnels to connect to standalone hubs without BGP support.


C.

SPA connects to private resources using HTTP and HTTPS protocols and relies on FortiClient for agentless access to SD-WAN deployments.


D.

SPA connects a FortiSASE POP to a FortiGate hub or SD-WAN deployment using IPsec and BGP for dynamic route exchange with an easy configuration key for simplified setup on FortiOS.1


Expert Solution
Questions # 16:

Refer to the exhibits.

Question # 16

How will the application vulnerabilities be patched, based on the exhibits provided? (Choose one answer)

Options:

A.

An administrator will patch the vulnerability remotely using FortiSASE.


B.

The end user will patch the vulnerabilities using the FortiClient software.


C.

The vulnerability will be patched by installing the patch from the vendor's website.


D.

The vulnerability will be patched automatically based on the endpoint profile configuration.


Expert Solution
Questions # 17:

Refer to the exhibit.

Question # 17

The daily report for application usage shows an unusually high number of unknown applications by category.

What are two possible explanations for this? (Choose two.)

Options:

A.

Certificate inspection is not being used to scan application traffic.


B.

The inline-CASB application control profile does not have application categories set to Monitor


C.

Zero trust network access (ZTNA) tags are not being used to tag the correct users.


D.

Deep inspection is not being used to scan traffic.


Expert Solution
Questions # 18:

Refer to the exhibit.

In the user connection monitor, the FortiSASE administrator notices the user name is showing random characters. Which configuration change must the administrator make to get proper user information?

Options:

A.

Turn off log anonymization on FortiSASE.


B.

Add more endpoint licenses on FortiSASE.


C.

Configure the username using FortiSASE naming convention.


D.

Change the deployment type from SWG to VPN.


Expert Solution
Questions # 19:

What are two benefits of deploying secure private access (SPA) with SD-WAN? (Choose two answers)

Options:

A.

ZTNA posture check performed by the hub FortiGate


B.

Support of both TCP and UDP applications


C.

A direct access proxy tunnel from FortiClient to the on-premises FortiGate


D.

Inline security inspection by FortiSASE


Expert Solution
Questions # 20:

A FortiSASE administrator is receiving reports that some users have travelled overseas and cannot establish their agent-based VPN tunnels, although they can authenticate with their SSO credentials to access O365 and SFDC directly. The administrator reviewed the firewall policies and ZTNA tags of some users and could not find anything unusual. Which action can the administrator take to resolve this problem? (Choose one answer)

Options:

A.

Create a dedicated firewall policy for the users.


B.

Instruct the users to restart their laptops and log in again.


C.

Ensure that the countries the users are visiting are not listed under the Deny list in the Geofencing settings.


D.

Instruct the users to install the updated version of the agent-based client.


Expert Solution
Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions