Exam NSE5_SSE_AD-7.6 Topic 4 Question 11 Discussion
Actual exam question for Fortinet's NSE5_SSE_AD-7.6 exam
Question #: 11
Topic #: 4
Question #: 11
Topic #: 4
How is the Geofencing feature used in FortiSASE? (Choose one answer)
Suggested Answer: A Vote an answer
According to theFortiSASE 7.6 Administration Guideand theFCP - FortiSASE 24/25 Administratorstudy materials, theGeofencingfeature is a security measure implemented at the edge of the FortiSASE cloud to control ingress connectivity based on the physical location of the user.
* Access Control by Location (Option A): Geofencing allows administrators toallow or block remote user connectionsto the FortiSASE Points of Presence (PoPs) based on the source country, region, or specific network infrastructure (e.g., AWS, Azure, GCP).
* Scope of Application: This feature is universal across all SASE connectivity methods. It applies to Agent-based users(FortiClient),Agentless users(SWG/PAC file), andEdge devices(FortiExtender
/FortiAP). If a user attempts to connect from a blacklisted country, the connection is dropped at the PoP level before the user can even attempt to authenticate.
* Use Case Example: An organization operating exclusively in North America might configure geofencing toblock all connections originating from outside the US and Canada. This significantly reduces the attack surface by preventing brute-force or unauthorized access attempts from high-risk regions or countries where the organization has no legitimate employees.
* Configuration Path: In the FortiSASE portal, this is managed underConfiguration > Geofencing.
From there, administrators can create an "Allow" or "Deny" list and select the relevant countries from a standardized global database.
Why other options are incorrect:
* Option B: While FortiSASE supportsTime-based schedulesfor firewall policies, geofencing is specifically an IP-to-Geography mapping tool for connection admission, not a time-of-day restriction tool.
* Option C: Encryption of data at rest on mobile devices is a function of anMDM (Mobile Device Management)solution or local OS features (like FileVault or BitLocker), not a SASE network geofencing feature.
* Option D: Monitoring web behavior and blocking non-work content is the role of theWeb Filterand Application Controlprofiles, which operate on the trafficafterthe connection is allowed by geofencing.
* Access Control by Location (Option A): Geofencing allows administrators toallow or block remote user connectionsto the FortiSASE Points of Presence (PoPs) based on the source country, region, or specific network infrastructure (e.g., AWS, Azure, GCP).
* Scope of Application: This feature is universal across all SASE connectivity methods. It applies to Agent-based users(FortiClient),Agentless users(SWG/PAC file), andEdge devices(FortiExtender
/FortiAP). If a user attempts to connect from a blacklisted country, the connection is dropped at the PoP level before the user can even attempt to authenticate.
* Use Case Example: An organization operating exclusively in North America might configure geofencing toblock all connections originating from outside the US and Canada. This significantly reduces the attack surface by preventing brute-force or unauthorized access attempts from high-risk regions or countries where the organization has no legitimate employees.
* Configuration Path: In the FortiSASE portal, this is managed underConfiguration > Geofencing.
From there, administrators can create an "Allow" or "Deny" list and select the relevant countries from a standardized global database.
Why other options are incorrect:
* Option B: While FortiSASE supportsTime-based schedulesfor firewall policies, geofencing is specifically an IP-to-Geography mapping tool for connection admission, not a time-of-day restriction tool.
* Option C: Encryption of data at rest on mobile devices is a function of anMDM (Mobile Device Management)solution or local OS features (like FileVault or BitLocker), not a SASE network geofencing feature.
* Option D: Monitoring web behavior and blocking non-work content is the role of theWeb Filterand Application Controlprofiles, which operate on the trafficafterthe connection is allowed by geofencing.
by Frederic at Jun 27, 2026, 07:57 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).