FCSS_SASE_AD-25 FCSS - FortiSASE 25 Administrator Question and Answers

The “Automatically patch vulnerabilities” option is disabled in the endpoint profile. Additionally, the Vulnerability Dashboard shows the patching status as “Manual patching required.” This means an administrator must manually initiate the patching process remotely using FortiSASE.

SD-WAN allows efficient and secure routing of traffic from users to corporate applications, while ZTNA enables secure access control and verification for users connecting to internal resources, both of which are essential for Secure Private Access (SPA) in FortiSASE.

FortiSASE inline-CASB operates in the traffic path to provide real-time visibility and control over data in motion as it is transmitted to and from cloud applications.

Single Sign-On (SSO) overrides any other previously configured user authentication method on FortiSASE, taking precedence for user authentication.

The SSL inspection mode is set to certificate inspection, which only inspects SSL/TLS headers and does not allow full scanning of encrypted content. Without full (deep) inspection, the antivirus profile cannot scan or block malicious files (like eicar.com-zip) delivered over HTTPS, allowing the download to proceed.

The usernames appear as random character strings because log anonymization is enabled in FortiSASE, which hashes sensitive user information such as usernames to protect privacy while still allowing log analysis.

In FortiSASE, Single Sign-On (SSO) takes precedence and overrides other configured user authentication methods, ensuring a centralized and streamlined authentication process across services.

Deploying FortiSASE with FortiGate ZTNA access proxy enables efficient access to private applications with reduced latency and supports both agentless and agent-based ZTNA methods for flexible access control.

Application control with inline-CASB allows FortiSASE to inspect and control application behavior at a granular level. This enables the organization to block login attempts to personal or non-corporate Microsoft Office 365 accounts, ensuring that only approved cloud resources are accessed.

Once the configured log retention period expires, FortiSASE automatically deletes the older logs to free up storage and maintain compliance with retention policies.

Deploying FortiAP enables secure internet access for unmanaged personal devices in small branch offices with minimal configuration by automatically directing traffic through FortiSASE, eliminating the need for endpoint installation or complex setup.