55 Questions
What is the role of FortiGate in the Fortinet ZTNA solution?
Acts as a ZTNA access proxy
Which component collects information about managed endpoints in the Fortinet ZTNA solution?
FortiClient-EMS
What is the purpose of ZTNA tags in the Fortinet ZTNA solution?
To grant or deny access to the network
In the Fortinet ZTNA solution, which component uniquely identifies each endpoint by generating and installing client certificates?
FortiClient Endpoint
What does FortiClient-EMS do with the ZTNA tags it utilizes in the Fortinet ZTNA solution?
Monitors and manages endpoints for security postures
Which component maintains a continuous connection to FortiClient-EMS to synchronize endpoint information and ZTNA tags?
FortiOS
What CLI command can be used to view ZTNA logs?
execute log filter category 0
Which authentication methods can be used as matching criteria on the firewall policy for accessing the protected server FortiAnalyzer?
FSSO and LDAP
What determines whether an endpoint is marked as On-fabric in the example provided?
Matching the default gateway in the on-fabric ruleset
What are used as access control criteria for allowing endpoints to access the protected server FortiAnalyzer?
Zero-trust tagging rules of fabric status, OS version, and windows firewall state
What type of access control is used for the On-Fabric FortiClient based on the text?
IP and/or MAC-Based Access Control
Where can ZTNA logs be viewed using the GUI according to the text?
Log & Report, ZTNA Traffic
What is the purpose of a ZTNA rule?
Enforcing access control
Which authentication methods are supported by ZTNA?
Basic HTTP and SAML
What does the access proxy VIP represent in ZTNA?
Gateway for client HTTPS connections
What happens if a client certificate is empty on the access proxy policy by default?
The traffic is blocked
How does ZTNA support role-based access enforcement?
By defining ZTNA tags or tag groups
What does the active authentication method in ZTNA refer to?
Prompting users for authentication
In ZTNA, what does the authentication scheme define?
The method of authentication applied
What is the purpose of creating a ZTNA server or access proxy after syncing ZTNA tags with FortiGate?
Enforcing role-based access control
How does ZTNA TCP forwarding access proxy improve performance?
By reducing encryption overhead of a secure protocol
What should users do before connecting through a ZTNA TCP forwarding access proxy?
Create a ZTNA rule on FortiClient
What must be done to resolve the issue of the certificate not being trusted when configuring a new connection to the FortiClient-EMS server?
Export and install the root CA certificate on FortiGate
Where is the FortiClient-EMS certificate stored by default when installed on Windows?
Trusted Root Certification Authorities folder
What action must be taken to authorize FortiGate on FortiClient-EMS?
Log in to FortiClient-EMS or manually authorize through Administration
How does FortiGate synchronize ZTNA tags after connecting to FortiClient-EMS?
Automatically
How can you verify the connection status between FortiClient and FortiClient-EMS?
FortiClient console in ZERO TRUST TELEMETRY menu
Which port needs to be allowed through the corporate firewall to provide connectivity to remote FortiClient endpoints?
8013
What happens when you click the refresh button in FortiClient-EMS Certificate Management?
Revokes and updates the root CA
How does FortiClient manage individual client certificates?
Revoking compromised certificates automatically
How does FortiClient-EMS determine if an endpoint is on-fabric or off-fabric?
Based on telemetry data received
What information does FortiClient share with FortiClient-EMS during ZTNA telemetry?
User information, security posture, device information
What is required for a FortiClient endpoint to access applications on a protected server through ZTNA?
Matching certificate on FortiGate and passing verifications
What does FortiAuthenticator provide in terms of authentication services?
User identity authentication services
Which component is responsible for identifying itself to FortiGate using certificates received from FortiClient-EMS?
FortiClient endpoint
What occurs during the fifth step in the ZTNA flow when FortiGate provides access to an off-fabric client?
Device check for certificate verification
What is the primary advantage of ZTNA in terms of access control?
Role-based application access
How does ZTNA allow administrators to manage network access for users?
Through client device identification and zero-trust tags
What protocol does the ZTNA TCP forwarding access proxy remove the HTTPS stack for?
RDP
In ZTNA, what is typically encapsulated in the specified TCP port but not encrypted by the access proxy?
Telnet communication
When should users enable the encryption option for end-to-end protocols in ZTNA?
For insecure protocols
What does IP MAC-Based Access Control use to enhance security when endpoints are physically on the corporate network?
ZTNA tags
In ZTNA Topology, how does an off-fabric client typically access a protected server compared to an on-fabric client?
Via ZTNA proxy policy
What is the tagging outcome for an endpoint that has off-fabric status, Windows 10 OS, and Windows firewall enabled?
Remote Endpoint
Which entity typically marks an endpoint as off-fabric according to the Zero Trust Tagging rules?
Default gateways
What determines the security posture of an endpoint running FortiClient?
Zero-trust tags
Why does FortiOS only enforce compliance for directly connected endpoints?
To enhance security measures
What happens when a FortiClient endpoint satisfies all configured rules for a rule set?
It is assigned a different endpoint profile
Which component automatically syncs zero-trust tags between FortiOS and FortiClient-EMS for compliance checks?
FortiOS
In the context of FortiClient-EMS, what does ZTNA stand for?
Zero-Trust Network Access
Why are zero-trust tags created on FortiClient-EMS?
To determine the security posture of endpoints
What is required to enable Zero Trust Network Access (ZTNA) on FortiGate?
FortiClient-EMS connector
What does the Zero-Trust Tags Workflow involve?
Dynamic grouping based on tagging rules
Which statement accurately describes the interaction between FortiClient and FortiClient-EMS in relation to zero-trust tagging rules?
FortiClient checks endpoints using rules from FortiClient-EMS
What action can be taken regarding zero-trust tags that do not have any rules attached?
Delete the tags
Test your knowledge on configuring a Zero Trust Network Access (ZTNA) TCP forwarding access proxy without encryption, which involves using HTTP 101 response to switch protocols. Learn about the benefits of removing the HTTPS stack and improving performance by reducing encryption overhead.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free