Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location
Mob_nav_barsMENU

Fortinet Exam FCSS_SASE_AD-25 Topic 2 Question 2 Discussion

Actual exam question for Fortinet's FCSS_SASE_AD-25 exam
Question #: 2
Topic #: 2
[All FCSS_SASE_AD-25 Questions]

An administrator must restrict endpoints from certain countries from connecting to FortiSASE.

Which configuration can achieve this?

Show Suggested Answer Hide Answer
Suggested Answer: C

Geofencing allows the administrator to restrict or allow access to FortiSASE services based on the geographic location of the endpoints, effectively blocking connections from specified countries.


by Sonia at Oct 06, 2025, 11:55 AM

Limited Time Offer

25%

Off

Get Premium FCSS_SASE_AD-25 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Kanisha
5 days ago
B) Configure a geography address object as the source for a deny policy.
upvoted 0 times
...
Jeannetta
11 days ago
I think I'll go with option C. Geofencing seems like the most intuitive way to restrict access from specific countries, and it's probably the easiest to configure and maintain.
upvoted 0 times
...
Quiana
16 days ago
Source IP anchoring (option D) could also be a good solution, but I'm not as familiar with that feature, so I'm not sure if it's the best fit for this scenario.
upvoted 0 times
...
Josue
21 days ago
Hmm, I'm leaning towards option B. Configuring a geography address object as the source for a deny policy seems like it could work to achieve the goal of restricting access from certain countries.
upvoted 0 times
...
Yaeko
26 days ago
I'm a bit unsure about this one. The question is asking about restricting endpoints, so I'm not sure if the network lockdown policy on the endpoint profiles (option A) would be the right approach.
upvoted 0 times
...
Leanora
1 months ago
I think option C looks promising - configuring geofencing to restrict access from certain countries seems like the most straightforward approach here.
upvoted 0 times
...

Save Cancel