Fortinet NSE4_FGT_AD-7.6 Exam - Topic 4 Question 11 Discussion

''FortiSASE provides secure access to remote users for the following use cases:

* SIA enables secure web browsing for remote users to protect from known and unknown threats

* SPA enables explicit application access under a zero-trust access or with SD-WAN integration to ensure secure application access

* SSA addresses shadow IT visibility challenges and safeguards data loss prevention''

''FortiCASB provides cloud-based and API-based features to enable deep inspection of SaaS applications to enable detailed monitoring, analysis, and reporting features... Data loss prevention (DLP) helps to identify, monitor, and protect organizational data at rest and in motion.''

Technical Deep Dive:

The correct answer is C. Secure SaaS access (SSA).

The question gives two very specific requirements:

Shadow IT visibility

Prevent sensitive files from leaving the organization without approval

The study guide maps both directly to SSA. In FortiSASE, SSA aligns with SaaS governance and CASB-style controls. That is the right architecture when you need visibility into sanctioned and unsanctioned SaaS usage, plus DLP controls for uploads, sharing, and file movement.

Why the other options are wrong:

SIA focuses on securing internet browsing and remote web traffic.

SPA is for explicit zero-trust access to private applications.

SSD-WAN is not the FortiSASE method for SaaS visibility/DLP control.

In practice, SSA is the choice because it combines SaaS visibility, activity monitoring, and DLP-style enforcement. That lets an administrator detect shadow SaaS usage and apply controls such as blocking uploads, monitoring sharing events, or restricting file transfers based on policy. This is a CASB-oriented use case, not just generic web security.