Module 5 ZTNA

Question 1

Where do endpoints get device certificates from?

Answer 1

From FortiSASE CA when it first connects.

Question 2

What does the FortiSASE CA use to sign the cert?

Answer 2

FortiClient unique ID
Certificate serial number
and FortiSASE. EMS SN

Question 3

How does FortiGate connect to EMS?

Answer 3

FortiClient EMS cloud fabric connector

Question 4

Do you have to register FortiSASE and Fortigate under the same FortiCloud account?

Answer 4

Yes

Question 5

True or false you do not have to install the FortiSASE EMS server cert onto FTG

Answer 5

False

Question 6

True or false you must authorize FTG in FortiSASE

Answer 6

True

Question 7

What operating Systems Can have a Tagging rule applied to them?

Answer 7

Windows,
MacOS
Linux.
iOS
Andriod

Question 8

Is ZTNA visible on FTG by default?

Answer 8

No

Question 9

What command do you enter to enable ZTNA on entry-level models?

Answer 9

Config system global
set prox-and-explicit-proxy enable

Question 11

What is the default routing design method for FortiSASE

Answer 11

BGP per overlay
IBGP session terminates on tunnel ip add

Must config mode-cfg on hub

Question 12

What are the two routing design methods supported by SASE

Answer 12

BGP per overlay
BGP on loop back

Question 13

Can you mix and match bgp routing designs?

Answer 13

No, all must be the same

Question 14

What are the two hub selection methods

Answer 14

Hub health and priority
BGP-MED

Question 15

What is the hub health and priority hub selection method

Answer 15

Health check receives

Latency <120ms
Jitter threshold 55ms
Packet los 1%

Sase selects the highest priority hub, that meets the lowest cost sla

Question 16

Explain BGP MED hub selection

Answer 16

Discriminates amount multiple exit or entry points to the same AS

Lower the MED the more preferred the path

Question 17

What is the highest priority for hubs?

Answer 17

P1!