FortiSASE-AI Flashcards
Some Q&As (38 cards)
What are the challenges of Work-From-Anywhere?
• Inconsistent security
• Lack of visibility and control
• Performance issues
These challenges arise from the reliance on corporate VPNs and data centers in hybrid work models.
Define inconsistent security in the context of remote work.
Users have varying levels of access security based on their ‘trust profile’ with remote workers deemed ‘untrusted’ requiring VPN access.
This creates vulnerabilities for endpoint devices not secured by corporate policies.
What does SASE stand for?
Secure Access Service Edge
SASE combines networking and security services in a unified architecture.
List the essential components of SASE.
• Secure web gateway (SWG)
• Firewall-as-a-Service (FwaaS)
• Zero trust network access (ZTNA)
• Cloud access security broker (CASB)
These components work together to provide secure access and protect sensitive data.
Explain the zero-trust security posture.
The principle of ‘never trust, always verify’, ensuring continuous authentication and authorization of users and devices.
This approach is fundamental to SASE architecture.
What is the primary objective of Fortinet’s SASE offering?
To provide global protection for users, enabling secure access to any application from any location.
SSE and SD-WAN serve as critical security gatekeepers.
What use cases does FortiSASE provide secure access for?
• Secure Internet Access (SIA)
• Secure Private Access (SPA)
• Secure SaaS Access (SSA)
Each use case addresses specific security needs for remote users.
What features does FortiSASE support?
• FWaaS
• SWG
• ZTNA
• CASB
• DLP
These features are essential for comprehensive security in remote access scenarios.
What is the function of FortiCASB?
To provide cloud-based and API-based features for deep inspection of SaaS applications.
This includes monitoring, analysis, and reporting capabilities.
What is the role of Digital Experience Monitoring (DEM)?
To assist administrators in troubleshooting remote user connectivity slowness and enhancing health check visibility.
This reduces resolution times and ensures a positive user experience.
Where are FortiSASE POPs deployed?
Across Fortinet-owned data centers, colocation data centers, and Google Cloud Platform.
This deployment strategy enhances global presence and service delivery.
What is required to provision FortiSASE?
A FortiCloud account and registration of the FortiSASE contract on Fortinet’s support site.
Each FortiCloud account can host only one FortiSASE instance.
How can IAM users manage access to the FortiSASE portal?
By creating permission profiles that define their level of portal access and permissions.
IAM can be accessed through Fortinet’s support portal.
What is the purpose of multi-tenancy in MSSP?
To manage multiple organizations from a single management console efficiently.
This allows MSSPs to streamline operations across different clients.
What are the licensing tiers for FortiSASE?
• Standard: 50-99 Users
• Advance: 100-199 Users
• Comprehensive: 200+ Users
Each tier offers different features and capabilities.
What does the SPA add-on license allow?
Enables connectivity to private applications for remote users and branch locations.
Requires a separate license for each FortiGate HA cluster member.
What is the function of edge devices in FortiSASE?
They provide secure internet access and require a FortiSASE subscription license.
Supported on specific models like FortiExtender and FortiBranchSASE.
True or False: Each user can use up to three devices with user-based licenses in FortiSASE.
True
This is applicable for both agent-based and proxy-based modes.
What is the maximum number of FortiGate hubs supported?
12
What is required for each edge device to operate?
A FortiSASE subscription license
What must edge devices and FortiSASE be registered under?
The same FortiCloud account
What provisioning method is used for FortiExtender, FortiBranchSASE, and FortiAP?
FortiZTP
What does FortiSASE provide to remote branches connected to edge devices?
Secure internet access
Which edge device is recommended for micro-branch deployments?
FortiBranchSASE
