Exam NSE5_SSE_AD-7.6 Topic 3 Question 6 Discussion

According to theFortiSASE 7.6 Architecture GuideandAdministration Guide, theSite-based remote user internet accessuse case is the only deployment model that completely eliminates the need for individual endpoint configuration.
* Centralized Enforcement: In a site-based deployment, a "thin edge" device (such as aFortiExtender or aFortiGatein LAN extension mode) is installed at the remote site. This device establishes a secure tunnel to the FortiSASE Point of Presence (PoP).
* Zero Endpoint Configuration: Because the traffic redirection happens at the network gateway level, individual devices (laptops, IoT devices, mobile phones) behind the site-based device do not require any specialized software or settings. They simply connect to the local network as they would normally, and their traffic is automatically secured by the SASE cloud.
* Comparison with Other Modes:
* Agent-based (Option B): Requires the installation and maintenance ofFortiClientsoftware on every device, often managed via MDM tools.
* Agentless (Option A): While it doesn't need an agent, it typically requires the configuration of Explicit Web Proxysettings or the distribution of aPAC (Proxy Auto-Configuration) filevia GPO or SCCM to each device's browser.
* ZTNA (Option D): Generally requires an endpoint agent (FortiClient) to perform posture checks and identity verification, involving significant endpoint-level configuration.
Why other options are incorrect:
* Option A: Agentless mode is often confused with being "configuration-free," but it still requires endpoints to be pointed toward the FortiSASE proxy.
* Option B: This is the most configuration-intensive mode, requiring full software lifecycles for every endpoint.
* Option D: ZTNA is an access methodology that adds configuration complexity (tags, certificates, posture checks) rather than minimizing it.