Fortinet NSE7_SSE_AD-25 시험

Question No : 1

Refer to the exhibit.



A customer needs to implement device posture checks for their remote endpoints while accessing the protected server. They also want the TCP traffic between the remote endpoints and the protected servers to be processed by FortiGate.
In this scenario, which two setups will achieve these requirements? (Choose two.)
A. Configure ZTNA servers and ZTNA policies on FortiGate.
B. Configure FortiGate as a zero trust network access (ZTNA) access proxy.
C. Configure ZTNA tags on FortiGate.
D. Configure private access policies on FortiSASE with ZTNA.

답을 확인하기

정답: A,B
Explanation:
To enforce device posture checks and ensure that TCP traffic flows through FortiGate, the FortiGate must act as a ZTNA access proxy and host the ZTNA servers and policies. This setup allows posture validation via FortiSASE while routing traffic securely to protected servers through FortiGate.

Question No : 2

An organization must block user attempts to log in to non-company resources while using Microsoft Office 365 to prevent users from accessing unapproved cloud resources.
Which FortiSASE feature can you implement to meet this requirement?

• A.application control with inline-CASB
• B.data loss prevention (DLP) with Microsoft Purview Information Protection (MPIP)
• C.web filter with inline-CASB
• D.DNS filter with domain filter

답을 확인하기

정답:

Question No : 3

Which two additional features does FortiClient integration provide with FortiSASE, when compared to secure web gateway (SWG) deployment? (Choose two.)

• A.vulnerability management
• B.device posture check
• C.inline-CASB protection
• D.SSL inspection

답을 확인하기

정답:
Explanation:
When FortiClient is integrated with FortiSASE, it enables vulnerability management and device posture checks, allowing for advanced endpoint compliance enforcement - capabilities not available in standalone secure web gateway (SWG) deployments.

Question No : 4

Which service is included in a secure access service edge (SASE) solution, but not in a security service edge (SSE) solution?

• A.ZTNA
• B.SD-WAN
• C.SWG
• D.CASB

답을 확인하기

정답:
Explanation:
SD-WAN is a networking component included in a SASE solution but not in an SSE solution. SSE focuses solely on security services (like ZTNA, SWG, and CASB), while SASE combines both networking (e.g., SD-WAN) and security into a unified cloud-delivered service.

Question No : 5

Which secure internet access (SIA) use case minimizes individual endpoint configuration?

• A.Agentless remote user internet access
• B.Site-based remote user internet access
• C.SIA using ZTNA
• D.SIA for FortiClient agent remote users

답을 확인하기

정답:
Explanation:
Site-based remote user internet access minimizes individual endpoint configuration by routing user traffic through a centralized FortiSASE connection point (such as a FortiAP or FortiGate), rather than requiring each device to be individually configured with the FortiClient agent.

Question No : 6

A customer wants to ensure secure access for private applications for their users by replacing their VPN.
Which two SASE technologies can you use to accomplish this task? (Choose two.)

• A.zero trust network access (ZTNA)
• B.secure SD-WAN
• C.secure web gateway (SWG) and cloud access security broker (CASB)
• D.SD-WAN on-ramp

답을 확인하기

정답:
Explanation:
ZTNA replaces traditional VPNs by enforcing identity- and posture-based access to private applications. SD-WAN on-ramp integrates with FortiSASE to securely route traffic from branch users to private applications over the SASE fabric, ensuring secure and optimized access.

Question No : 7

Refer to the exhibit.



While reviewing the traffic logs, the FortiSASE administrator notices that the usernames are showing random characters.
Why are the usernames showing random characters?

• A.Log anonymization is turned on to hash usernames.
• B.Special characters are used in usernames.
• C.Users are using a shared single sign-on SSO username.
• D.FortiSASE uses FortiClient unique identifiers for usernames.

답을 확인하기

정답:
Explanation:
The usernames appear as random character strings because log anonymization is enabled in FortiSASE, which hashes sensitive user information such as usernames to protect privacy while still allowing log analysis.

Question No : 8

How can digital experience monitoring (DEM) on an endpoint assist in diagnosing connectivity and network issues?

• A.FortiSASE runs a ping from the endpoint to calculate the TTL to the SaaS application.
• B.FortiSASE runs SNMP traps to the endpoint using the DEM agent to verify the SaaS application health status.
• C.FortiSASE runs a netstat from the endpoint to the SaaS application to see if ports are open.
• D.FortiSASE runs a trace job on the endpoint using the DEM agent to the Software-as-a-Service (SaaS) application.

답을 확인하기

정답:
Explanation:
The Digital Experience Monitoring (DEM) agent on the endpoint performs a trace route to the SaaS application to measure latency, packet loss, and hop-by-hop performance. This helps diagnose where in the path connectivity or performance issues are occurring.

Question No : 9

Which two purposes is the dedicated IP address used for in a FortiSASE deployment? (Choose two.)

• A.For user access control to FortiSASE
• B.For allocation and assignment of unique IP addresses to remote users
• C.For regulatory compliance
• D.For isolation and identification

답을 확인하기

정답:

Question No : 10

Refer to the exhibits.












A FortiSASE administrator has configured FortiSASE as a spoke to a FortiGate hub. The tunnel is up to the FortiGate hub. However, the remote FortiClient is not able to access the web server hosted behind the FortiGate hub.
Based on the exhibits, what is the reason for the access failure?

• A.A private access policy has denied the traffic because of failed compliance
• B.The hub is not advertising the required routes.
• C.The hub firewall policy does not include the FortiClient address range.
• D.The server subnet BGP route was not received on FortiSAS

답을 확인하기

정답:

Question No : 11

A customer wants to upgrade their legacy on-premises proxy to a cloud-based proxy for a hybrid network.
Which two FortiSASE features would help the customer achieve this outcome? (Choose two.)

• A.secure web gateway (SWG)
• B.zero trust network access (ZTNA)
• C.sandbox cloud
• D.inline-CASB

답을 확인하기

정답:
Explanation:
The secure web gateway (SWG) serves as the cloud-based proxy that inspects and controls web traffic, replacing the on-premises proxy. The inline-CASB provides additional visibility and control over cloud application usage, enhancing security in hybrid environments.

Question No : 12

How do security profile group objects behave when central management is enabled on FortiSASE?

• A.Objects support two-way synchronization.
• B.Objects created on FortiSASE can be retrieved on FortiManager.
• C.Objects that are only flow-based are supported.
• D.Objects are considered read-only on FortiSAS

답을 확인하기

정답:
Explanation:
When central management is enabled, security profile group objects are managed exclusively through FortiManager, making them read-only on the FortiSASE portal to ensure centralized policy control.

Question No : 13

How does FortiSASE hide user information when viewing and analyzing logs?

• A.By tokenization in log data
• B.By masking log data
• C.By compressing log data
• D.By hashing log data

답을 확인하기

정답:
Explanation:
FortiSASE hides user information in logs by using hashing, which anonymizes sensitive data such as usernames or IP addresses while still allowing for consistent tracking and analysis.

Question No : 14

In which two ways does FortiSASE help organizations ensure secure access for remote workers? (Choose two.)

• A.It secures traffic from endpoints to cloud applications.
• B.It uses the FortiCloud organizational units to assign endpoint profiles to remote workers.
• C.It uses the identity and access management (IAM) portal to validate the identities of remote workers.
• D.It offers zero trust network access (ZTNA) capabilities.

답을 확인하기

정답:
Explanation:
FortiSASE ensures secure access for remote workers by protecting traffic between endpoints and cloud applications and enforcing ZTNA policies that validate user identity and device posture before granting access to corporate resources.

Question No : 15

Which statement best describes the Digital Experience Monitor (DEM) feature on FortiSASE?

• A.It provides end-to-end network visibility from all the FortiSASE security PoPs to a specific SaaS application.
• B.It gathers all the vulnerability information from all the FortiClient endpoints.
• C.It is used for performing device compliance checks on endpoints.
• D.It monitors the FortiSASE POP health based on ping probes.

답을 확인하기

정답:
Explanation:
The Digital Experience Monitor (DEM) in FortiSASE measures and monitors network performance from the FortiSASE Points of Presence (PoPs) to specific SaaS or cloud applications, helping identify and troubleshoot performance issues across the service path.