View all questions & answers for the FCSS - FortiSASE 25 Administrator Exam Materials exam


Question 29 Discussion

A customer wants to upgrade their legacy on-premises proxy to a cloud-based proxy for a hybrid network. Which two FortiSASE features would help the customer achieve this outcome? (Choose two answers)

  • A. secure web gateway (SWG)
  • B. zero trust network access (ZTNA)
  • C. sandbox cloud
  • D. inline-CASB
Correct Answer: A,B

Brave-Dump Clients Votes

AD 100%

Comments



Taz 2025-10-31 13:18:41

Selected Answers: A, D


! Think Answer here is wrong !

It should be A and D


For a customer looking to upgrade their legacy on-premises proxy to a cloud-based proxy for a hybrid network, the combination of Secure Web Gateway (SWG) and Inline Cloud Access Security Broker (CASB) features in FortiSASE will provide the necessary capabilities.


Secure Web Gateway (SWG):

SWG provides comprehensive web security by inspecting and filtering web traffic to protect against web-based threats.
It ensures that all web traffic, whether originating from on-premises or remote locations, is inspected and secured by the cloud-based proxy.


Inline Cloud Access Security Broker (CASB):


CASB enhances security by providing visibility and control over cloud applications and services.
Inline CASB integrates with SWG to enforce security policies for cloud application usage, preventing unauthorized access and data leakage.
  • Taz 2025-11-01 13:25:06
    FortiSASE_23_Administrator_Study_Guide-Online pg 34 and 119 Its offer the same protection but cloud based.
  • Taz 2025-11-01 13:25:09
    FortiSASE_23_Administrator_Study_Guide-Online pg 34 and 119 Its offer the same protection but cloud based.

Mohamed 2025-11-06 22:25:29

Selected Answers: A, D


AD makes more sense please correct
Let’s carefully go through this. The scenario is:

Customer wants to upgrade a legacy on-premises proxy

Goal: Move to a cloud-based proxy for a hybrid network

Step 1: Understand the Goal

A legacy proxy is usually used for:

Controlling and securing web traffic

Monitoring users’ access to the internet

Enforcing policies (allow/block)

A cloud-based proxy provides the same functionality in the cloud, typically through:

Secure Web Gateway (SWG) – filters and secures web traffic

Cloud Access Security Broker (CASB) – controls access to cloud apps

Other FortiSASE features like ZTNA or sandboxing complement security but do not replace a web proxy.

Step 2: Option Analysis

A. Secure Web Gateway (SWG) ✅

SWG is the core feature of a cloud-based proxy.

Protects users on any network, whether branch, remote, or hybrid.

✅ Correct.

B. Zero Trust Network Access (ZTNA)

ZTNA provides secure access to internal apps, not general web traffic.

❌ Not directly replacing a legacy web proxy.

C. Sandbox Cloud

Cloud sandboxing analyzes suspicious files and URLs, but it’s just one layer of protection, not a full proxy.

❌ Not sufficient to replace a proxy.

D. Inline-CASB ✅

CASB monitors and enforces policies on cloud/SaaS apps.

When deployed inline with SWG, it acts as a cloud-based proxy for SaaS apps.

✅ Correct.

✅ Correct Answers:

A. Secure Web Gateway (SWG)
D. Inline-CASB

💡 Tip:

Think “cloud-based proxy = SWG + optional CASB”.

ZTNA and sandboxing are additional security features, not replacement proxies.