A customer wants to ensure secure access for private applications for their users by replacing their VPN. Which two SASE technologies can you use to accomplish this task? (Choose two answers)

A. zero trust network access (ZTNA)
B. secure SD-WAN
C. secure web gateway (SWG) and cloud access security broker (CASB)
D. SD-WAN on-ramp

Correct Answer: A,B

Brave-Dump Clients Votes

AB 75%

AD 25%

Comments

leocopek 2025-07-12 05:07:55

Selected Answers: A, B

CASB is not for private applications !!!!

Mohamed laamouri 2025-10-25 13:44:31

Selected Answers: A, D

SD-WAN On-Ramp
You can configure a certified IPsec device for Branch On-ramp by setting up an IPsec tunnel between the certified IPsec device located at the branch and a FortiSASE Branch On-ramp location. In this use case, because the certified IPsec device is responsible for centralizing its remote users’ site connectivity to the FortiSASE firewall-as-a-service (FWaaS), the endpoints only need to be configured in their IP settings to forward traffic to the IPsec branch device as the default gateway.

For FortiSASE Mature, the FortiGate is the only supported IPsec device that you can use for Branch On-ramp.

Multiple IPsec branch devices can establish IPsec connections with the Branch On-ramp location.

Therefore, for this use case, individual workstation or device setup is minimized because FortiClient does not need to be installed on endpoints and web browser-based endpoints do not require explicit web proxy settings to be configured.
https://docs.fortinet.com/document/fortisase/latest/mature-administration-guide/213023/sd-wan-on-ramp

Taz 2025-11-01 14:11:09

Selected Answers: A, B

The correct answers are A. zero trust network access (ZTNA) and B. secure SD-WAN and cloud access security broker (CASB).

Explanation:

Zero Trust Network Access (ZTNA): This technology provides secure access to applications based on the user's identity, device posture, and risk level, regardless of their location on the network. It aligns perfectly with the goal of replacing a VPN by offering granular access control and eliminating the concept of a traditional network perimeter.

Secure SD-WAN (Secure Software-Defined Wide Area Network): While SD-WAN itself doesn't directly provide application access control, it can secure the network connections that users use to access applications. When combined with other SASE components like ZTNA and CASB, it creates a comprehensive security solution.
Why other options are incorrect:

SWC (Secure Web Gateway): While SWG is a component of SASE, it primarily focuses on securing web traffic and preventing access to malicious websites. It doesn't directly address secure access to private applications, which is the customer's primary concern in this scenario.

SD-WAN on-ramp: This refers to the connection point between a traditional WAN and an SD-WAN network. It's a network infrastructure component and doesn't provide the security features needed for secure application access.

Mohamed 2025-11-07 00:15:45

Selected Answers: A, B

By elimination A & B
Private app isn't a cloud app so no secure web gateway
Onramp is used for something else
Plus the question is derivated from AD23 which has A&B also https://www.examtopics.com/discussions/fortinet/view/303057-exam-fcss_sase_ad-23-topic-1-question-43-discussion/