An organization wants to block all video and audio application traffic but grant access to videos from CNN Which application override action must you configure in the Application Control with Inline-CASB?

1. A. Allow
2. B. Pass
3. C. Permit
4. D. Exempt

Correct Answer: A
(https://docs.fortinet.com/document/fortisase/24.4.75/sia-agent-based-deployment- guide/568255/configuring-application-control-profile

Which two components are part of onboarding a secure web gateway (SWG) endpoint? (Choose two)

1. A. FortiSASE CA certificate
2. B. proxy auto-configuration (PAC) file
3. C. FortiSASE invitation code
4. D. FortiClient installer

Correct Answer: AB
Onboarding a Secure Web Gateway (SWG) endpoint involves several components to ensure secure and effective integration with FortiSASE. Two key components are the FortiSASE CA certificate and the proxy auto-configuration (PAC) file.
✑ FortiSASE CA Certificate:
✑ Proxy Auto-Configuration (PAC) File:
References:
✑ FortiOS 7.2 Administration Guide: Details on onboarding endpoints and configuring SWG.
✑ FortiSASE 23.2 Documentation: Explains the components required for integrating endpoints with FortiSASE and the process for deploying the CA certificate and PAC file.

Which FortiSASE feature ensures least-privileged user access to all applications?

1. A. secure web gateway (SWG)
2. B. SD-WAN
3. C. zero trust network access (ZTNA)
4. D. thin branch SASE extension

Correct Answer: C
Zero Trust Network Access (ZTNA) is the FortiSASE feature that ensures least-privileged user access to all applications. ZTNA operates on the principle of "never
trust, always verify," providing secure access based on the identity of users and devices, regardless of their location.
✑ Zero Trust Network Access (ZTNA):
✑ Implementation:
References:
✑ FortiOS 7.2 Administration Guide: Provides detailed information on ZTNA and its role in ensuring least-privileged access.
✑ FortiSASE 23.2 Documentation: Explains the implementation and benefits of ZTNA within the FortiSASE environment.

During FortiSASE provisioning, how many security points of presence (POPs) need to be configured by the FortiSASE administrator?

1. A. 3
2. B. 4
3. C. 2
4. D. 1

Correct Answer: B

An organization needs to resolve internal hostnames using its internal rather than public DNS servers for remotely connected endpoints. Which two components must be configured on FortiSASE to achieve this? (Choose two.)

1. A. SSL deep inspection
2. B. Split DNS rules
3. C. Split tunnelling destinations
4. D. DNS filter

Correct Answer: AB
To resolve internal hostnames using internal DNS servers for remotely connected endpoints, the following two components must be configured on FortiSASE:
✑ Split DNS Rules:
✑ Split Tunneling Destinations:
References:
✑ FortiOS 7.2 Administration Guide: Provides details on configuring split DNS and split tunneling for VPN clients.
✑ FortiSASE 23.2 Documentation: Explains the implementation and configuration of split DNS and split tunneling for securely resolving internal hostnames.