NSE4 Question #539: Real Exam Question with Answer & Explanation

Question

An administrator has blocked Netflix login in a cloud access security inspection (CASI) profile. The administrator has also applied the CASI profile to a firewall policy. What else is required for the CASI profile to work properly?

Options

• AYou must enable logging for security events on the firewall policy.
• BYou must activate a FortiCloud account.
• CYou must apply an application control profile to the firewall policy.
• DYou must enable SSL inspection on the firewall policy.

Explanation

For a Cloud Access Security Inspection (CASI) profile to effectively block specific cloud application actions like Netflix login, an application control profile must be applied to the firewall policy.

Common mistakes.

• A. Logging for security events is important for monitoring and auditing but is not a functional requirement for the CASI profile itself to inspect and block traffic.
• B. Activating a FortiCloud account provides management and services but is not a prerequisite for the basic functionality of a CASI profile on the FortiGate appliance.
• D. While SSL inspection is typically necessary for deep inspection of encrypted traffic to detect granular application actions, the most direct profile dependency for the CASI logic to operate is the Application Control profile.

Concept tested. FortiGate CASI profile dependencies

Reference. https://docs.fortinet.com/document/fortigate/7.0.0/administration-guide/33924/casb-access-control

No community discussion yet for this question.