Exam NSE4_FGT_AD-7.6 Topic 1 Question 90 Discussion
Actual exam question for Fortinet's NSE4_FGT_AD-7.6 exam
Question #: 90
Topic #: 1
Question #: 90
Topic #: 1
An administrator wants to address shadow IT visibility challenges and prevent users from sending sensitive files outside the organization without proper approval. Which FortiSASE method should the administrator implement to achieve these goals? (Choose one answer)
Suggested Answer: C Vote an answer
"FortiSASE provides secure access to remote users for the following use cases:
* SIA enables secure web browsing for remote users to protect from known and unknown threats
* SPA enables explicit application access under a zero-trust access or with SD-WAN integration to ensure secure application access
* SSA addresses shadow IT visibility challenges and safeguards data loss prevention "
"FortiCASB provides cloud-based and API-based features to enable deep inspection of SaaS applications to enable detailed monitoring, analysis, and reporting features... Data loss prevention (DLP) helps to identify, monitor, and protect organizational data at rest and in motion. " Technical Deep Dive:
The correct answer is C. Secure SaaS access (SSA) .
The question gives two very specific requirements:
* Shadow IT visibility
* Prevent sensitive files from leaving the organization without approval The study guide maps both directly to SSA . In FortiSASE, SSA aligns with SaaS governance and CASB- style controls. That is the right architecture when you need visibility into sanctioned and unsanctioned SaaS usage, plus DLP controls for uploads, sharing, and file movement.
Why the other options are wrong:
* SIA focuses on securing internet browsing and remote web traffic.
* SPA is for explicit zero-trust access to private applications.
* SSD-WAN is not the FortiSASE method for SaaS visibility/DLP control.
In practice, SSA is the choice because it combines SaaS visibility, activity monitoring, and DLP-style enforcement . That lets an administrator detect shadow SaaS usage and apply controls such as blocking uploads, monitoring sharing events, or restricting file transfers based on policy. This is a CASB-oriented use case, not just generic web security.
* SIA enables secure web browsing for remote users to protect from known and unknown threats
* SPA enables explicit application access under a zero-trust access or with SD-WAN integration to ensure secure application access
* SSA addresses shadow IT visibility challenges and safeguards data loss prevention "
"FortiCASB provides cloud-based and API-based features to enable deep inspection of SaaS applications to enable detailed monitoring, analysis, and reporting features... Data loss prevention (DLP) helps to identify, monitor, and protect organizational data at rest and in motion. " Technical Deep Dive:
The correct answer is C. Secure SaaS access (SSA) .
The question gives two very specific requirements:
* Shadow IT visibility
* Prevent sensitive files from leaving the organization without approval The study guide maps both directly to SSA . In FortiSASE, SSA aligns with SaaS governance and CASB- style controls. That is the right architecture when you need visibility into sanctioned and unsanctioned SaaS usage, plus DLP controls for uploads, sharing, and file movement.
Why the other options are wrong:
* SIA focuses on securing internet browsing and remote web traffic.
* SPA is for explicit zero-trust access to private applications.
* SSD-WAN is not the FortiSASE method for SaaS visibility/DLP control.
In practice, SSA is the choice because it combines SaaS visibility, activity monitoring, and DLP-style enforcement . That lets an administrator detect shadow SaaS usage and apply controls such as blocking uploads, monitoring sharing events, or restricting file transfers based on policy. This is a CASB-oriented use case, not just generic web security.
by Ernest at Jul 16, 2026, 04:20 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).