NSE7_SSE_AD-25 Practice Questions

A.  

When using SD-WAN private access, traffic goes from an endpoint directly to an SPA hub.

B.  

When using zero trust network access, traffic goes from an endpoint to a FortiSASE POP, and then to a ZTNA access proxy.

C.  

When using zero trust network access (ZTNA) traffic goes from an endpoint directly to a ZTNA access proxy.

D.  

When using SD-WAN private access, traffic goes from an endpoint to a FortiSASE POP, and then to an SPA hub.

A.  

Zero-trust tags can be used to allow or deny access to network resources

B.  

Zero-trust tags can determine the security posture of an endpoint.

C.  

Zero-trust tags can be used to create multiple endpoint profiles which can be applied to different endpoints

D.  

Zero-trust tags can be used to allow secure web gateway (SWG) access

A.  

Add the FortiGate IP address in the secure private access configuration on FortiSAS

E.  

B.  

Use the FortiClient EMS cloud connector on the corporate FortiGate to connect to FortiSASE

C.  

Register FortiGate and FortiSASE under the same FortiCloud account.

D.  

Authorize the corporate FortiGate on FortiSASE as a ZTNA access proxy.

E.  

Apply the FortiSASE zero trust network access (ZTNA) license on the corporate FortiGate.

A.  

Mobile device management (MDM) service to troubleshoot the connectivity issue.

B.  

Digital experience monitoring (DEM) to evaluate the performance metrics of the remote computer.

C.  

Forensics service to obtain detailed information about the user's remote computer performance.

D.  

SOC-as-a-Service (SOCaaS) to get information about the user's remote computer.

A.  

The Secure Private Access (SPA) policy needs to allow PING service.

B.  

Quick mode selectors are restricting the subnet.

C.  

The BGP route is not received.

D.  

Network address translation (NAT) is not enabled on the spoke-to-hub policy.

A.  

BGP per overlay can use separate iBGP sessions for each spoke-to-hub tunnel with mode-cfg enabled for IP address assignment, while BGP on loopback uses a single iBGP session per hub terminating on a loopback interface to simplify configuration and reduce advertised routes.

B.  

BGP per overlay establishes a single iBGP session per hub on a loopback interface, while BGP on loopback requires mode-cfg for IP address assignment and uses multiple iBGP sessions per tunnel.

C.  

BGP per overlay is used for loopback interfaces to reduce routes, while BGP on loopback is the default method requiring separate iBGP sessions for each spoke.

D.  

BGP per overlay simplifies hub configuration without mode-cfg, while BGP on loopback establishes multiple iBGP sessions for each tunnel to increase advertised routes.

A.  

Exempt the Google Maps FQDN from the endpoint system proxy settings.

B.  

Configure a static route with the Google Maps FQDN on the endpoint to redirect traffic

C.  

Configure the Google Maps FQDN as a split tunneling destination on the FortiSASE endpoint profile.

D.  

Change the default DNS server configuration on FortiSASE to use the endpoint system DNS.

A.  

Allow local LAN Access in the user Endpoint Profile before they get connected to the VPN

B.  

Endpoint Sandbox protection for VPN users

C.  

Endpoint Anti-Virus protection in the Endpoint Profile for VPN

D.  

Network Lockdown for endpoints with VPN enabled

A.  

Digital experience monitoring is not configured.

B.  

Log allowed traffic is set to Security Events for all policies.

C.  

The web filter security profile is not set to Monitor

D.  

There are no security profile group applied to all policies.

A.  

FortiSASE acts as the SP, relies on an external IdP, and can use SAML group matching.

B.  

FortiSASE supports SAML login but cannot use SAML group matching.

C.  

FortiSASE acts as the IdP and can perform SAML group matching internally.

D.  

FortiSASE includes IdP functionality and uses it for SAML group matching.