New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet FCSS_SASE_AD-25 Exam - Topic 2 Question 2 Discussion

Actual exam question for Fortinet's FCSS_SASE_AD-25 exam
Question #: 2
Topic #: 2
[All FCSS_SASE_AD-25 Questions]

An administrator must restrict endpoints from certain countries from connecting to FortiSASE.

Which configuration can achieve this?

Show Suggested Answer Hide Answer
Suggested Answer: C

Geofencing allows the administrator to restrict or allow access to FortiSASE services based on the geographic location of the endpoints, effectively blocking connections from specified countries.


by Sonia at Oct 06, 2025, 10:55 AM

Limited Time Offer

25%

Off

Get Premium FCSS_SASE_AD-25 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Thea
11 days ago
B is clear and easy to implement. I’d go with that.
upvoted 0 times
...
Gladys
16 days ago
I feel like C is the most secure method. It targets specific regions.
upvoted 0 times
...
Josefa
21 days ago
Option D is interesting, but I’m not sure about IP anchoring.
upvoted 0 times
...
Dianne
26 days ago
Option A could work, but it feels too broad.
upvoted 0 times
...
Janine
1 month ago
I prefer option C. Geofencing seems more effective for this.
upvoted 0 times
...
Ricki
1 month ago
I think option B is the best choice. Deny policy is straightforward.
upvoted 0 times
...
Tarra
1 month ago
D is interesting, but I’d stick with B or C.
upvoted 0 times
...
Gertude
2 months ago
Wait, can you really restrict by country like that?
upvoted 0 times
...
Rozella
2 months ago
A sounds too broad, not specific enough.
upvoted 0 times
...
Lyla
2 months ago
I feel like source IP anchoring is more about tracking than restricting. I’m leaning towards option C for this one.
upvoted 0 times
...
Cherrie
2 months ago
I think C makes more sense for geolocation.
upvoted 0 times
...
Diane
2 months ago
B is the way to go for denying access.
upvoted 0 times
...
Erinn
2 months ago
I’m a bit confused about the difference between geofencing and the geography address object. They seem similar, right?
upvoted 0 times
...
Veda
3 months ago
I remember practicing a question about deny policies, so option B sounds familiar. Maybe that’s the way to go?
upvoted 0 times
...
Kenneth
3 months ago
I think geofencing might be the right choice here, but I’m not entirely sure if it’s the only option.
upvoted 0 times
...
Velda
3 months ago
D) Configure source IP anchoring to restrict access from the specified countries.
upvoted 0 times
...
Wilda
4 months ago
C) Configure geofencing to restrict access from the required countries.
upvoted 0 times
...
Kanisha
4 months ago
B) Configure a geography address object as the source for a deny policy.
upvoted 0 times
...
Jeannetta
4 months ago
I think I'll go with option C. Geofencing seems like the most intuitive way to restrict access from specific countries, and it's probably the easiest to configure and maintain.
upvoted 0 times
...
Quiana
4 months ago
Source IP anchoring (option D) could also be a good solution, but I'm not as familiar with that feature, so I'm not sure if it's the best fit for this scenario.
upvoted 0 times
...
Josue
4 months ago
Hmm, I'm leaning towards option B. Configuring a geography address object as the source for a deny policy seems like it could work to achieve the goal of restricting access from certain countries.
upvoted 0 times
...
Yaeko
4 months ago
I'm a bit unsure about this one. The question is asking about restricting endpoints, so I'm not sure if the network lockdown policy on the endpoint profiles (option A) would be the right approach.
upvoted 0 times
...
Leanora
5 months ago
I think option C looks promising - configuring geofencing to restrict access from certain countries seems like the most straightforward approach here.
upvoted 0 times
Dorcas
8 hours ago
Option B could work too, but geofencing is more direct.
upvoted 0 times
...
Coleen
6 days ago
I agree, geofencing seems the easiest way to go.
upvoted 0 times
...
Tanja
3 months ago
I like option C as well, it’s clear and effective.
upvoted 0 times
...
...

Save Cancel