View all questions & answers for the FCSS - FortiSASE 25 Administrator Exam Materials exam


Question 17 Discussion

Which two settings are automatically pushed from FortiSASE to FortiClient in a new FortiSASE deployment with default settings? (Choose two answers)

  • A. zero trust network access (ZTNA) tags
  • B. tunnel profile
  • C. FortiSASE certificate authority (CA) certificate
  • D. real-time protection
Correct Answer: B,C

Brave-Dump Clients Votes

AC 100%

Comments



Taz 2025-10-31 12:28:05

Selected Answers: A, C


The two settings automatically pushed from FortiSASE to FortiClient in a new deployment are the FortiSASE CA certificate and ZTNA tags. These are pushed automatically to establish a secure connection and enable policy enforcement for Zero Trust Network Access.
  • Taz 2025-10-31 12:32:00
    Not clear which one would be true needs more discussions --> BC Explanation: In a default FortiSASE deployment, the tunnel profile (for secure connectivity) and the FortiSASE CA certificate (for SSL inspection and trusted communication) are automatically pushed to FortiClient endpoints.

Taz 2025-11-02 13:09:55

Selected Answers: A, C


The two settings automatically pushed from FortiSASE to FortiClient in a new FortiSASE deployment with default settings are A. zero trust network access (ZTNA) tags and C. FortiSASE certificate authority (CA) certificate.

Explanation:


Zero Trust Network Access (ZTNA) tags: These tags are used to define access policies based on user or device attributes, ensuring only authorized users with the appropriate tags can access specific resources. FortiSASE automatically pushes these tags to FortiClient to enable ZTNA functionality.



FortiSASE certificate authority (CA) certificate: This certificate is necessary for secure communication between the FortiClient and FortiSASE. It is automatically pushed to the FortiClient during deployment to establish a trusted connection.

Why other options are incorrect:



Tunnel profile: While a tunnel profile is essential for secure communication, it is not automatically pushed from FortiSASE to FortiClient during initial deployment. The profile needs to be configured manually based on the specific network requirements.



Real-time protection: Real-time protection is a security feature on FortiClient that provides continuous protection against threats. While it is important for securing the endpoint, it is not automatically pushed from FortiSASE during deployment. This setting needs to be configured separately on the FortiClient.

Douglas Jordan 2025-11-06 17:26:41

Selected Answers: A, C


The two settings automatically pushed from FortiSASE to FortiClient in a new deployment are the FortiSASE CA certificate and ZTNA tags. These are pushed automatically to establish a secure connection and enable policy enforcement for Zero Trust Network Access.