Which three statements are true about a persistent agent? (Choose three.)
Agent is downloaded and run from captive portal
Supports advanced custom scans and software inventory.
Can apply supplicant configuration to a host
Deployed by a login/logout script and is not installed on the endpoint
Can be used for automatic registration and authentication
A persistent agent is an application that works on Windows, macOS, or Linux hosts to identify them to FortiNAC Manager and scan them for compliance with an endpoint compliance policy. A persistent agent can support advanced custom scans and software inventory, apply supplicant configuration to a host, and be used for automatic registration and authentication. References :=
What are two functions of NGFW in a ZTA deployment? (Choose two.)
Acts as segmentation gateway
Endpoint vulnerability management
Device discovery and profiling
Packet Inspection
NGFW stands for Next-Generation Firewall, which is a network security device that provides advanced features beyond the traditional firewall, such as application awareness, identity awareness, threat prevention, and integration with other security tools. ZTA stands for Zero Trust Architecture, which is a security model that requires strict verification of the identity and context of every request before granting access to network resources. ZTA assumes that no device or user can be trusted by default, even if they are connected to a corporate network or have been previously verified.
In a ZTA deployment, NGFW can perform two functions:
References: =
Some possible references for the answer and explanation are:
What is a Next-Generation Firewall (NGFW)? | Fortinet : What is Zero Trust Network Access (ZTNA)? | Fortinet : Zero Trust Architecture Explained: A Step-by-Step Approach : The Most Common NGFW Deployment Scenarios : Sample Configuration for Post vWAN Deployment
What are the three core principles of ZTA? (Choose three.)
Verity
Be compliant
Certify
Minimal access
Assume breach
Zero Trust Architecture (ZTA) is a security model that follows the philosophy of “never trust, always verify” and does not assume any implicit trust for any entity within or outside the network perimeter. ZTA is based on a set of core principles that guide its implementation and operation. According to the NIST SP 800-207, the three core principles of ZTA are:
A. Verify and authenticate. This principle emphasizes the importance of strong identification and authentication for all types of principals, including users, devices, and machines. ZTA requires continuous verification of identities and authentication status throughout a session, ideally on each request. It does not rely solely on traditional network location or controls. This includes implementing modern strong multi-factor authentication (MFA) and evaluating additional environmental and contextual signals during authentication processes.
D. Least privilege access. This principle involves granting principals the minimum level of access required to perform their tasks. By adopting the principle of least privilege access, organizations can enforce granular access controls, so that principals have access only to the resources necessary to fulfill their roles and responsibilities. This includes implementing just-in-time access provisioning, role-based access controls (RBAC), and regular access reviews to minimize the surface area and the risk of unauthorized access.
E. Assume breach. This principle assumes that the network is always compromised and that attackers can exploit any vulnerability or weakness. Therefore, ZTA adopts a proactive and defensive posture that aims to prevent, detect, and respond to threats in real-time. This includes implementing micro-segmentation, end-to-end encryption, and continuous monitoring and analytics to restrict unnecessary pathways, protect sensitive data, and identify anomalies and potential security events.
References :=
Which statement is true about FortiClient EMS in a ZTNA deployment?
Uses endpoint information to grant or deny access to the network
Provides network and user identity authentication services
Generates and installs client certificates on managed endpoints
Acts as ZTNA access proxy for managed endpoints
In a ZTNA (Zero Trust Network Access) deployment, FortiClient EMS:
The other options do not accurately represent the role of FortiClient EMS in ZTNA:
References:
An administrator has to configure LDAP authentication tor ZTNA HTTPS access proxy Which authentication scheme can the administrator apply1?
Basic
Form-based
Digest
NTLM
LDAP (Lightweight Directory Access Protocol) authentication for ZTNA (Zero Trust Network Access) HTTPS access proxy is effectively implemented using a Form-based authentication scheme. This approach allows for a secure, interactive, and user-friendly means of capturing credentials. Form-based authentication presents a web form to the user, enabling them to enter their credentials (username and password), which are then processed for authentication against the LDAP directory. This method is widely used for web-based applications, making it a suitable choice for HTTPS access proxy setups in a ZTNA framework.References:FortiGate Security 7.2 Study Guide, LDAP Authentication configuration sections.
Exhibit.

An administrator has to provide on-fabric clients with access to FortiAnalyzer using ZTNA tags
Which two conditions must be met to achieve this task? (Choose two.)
The on-fabric client should have FortiGate as its default gateway
The ZTNA server must be configured on FortiGate
The ZTNArule must be configured on FortiClient
The IP/MAC based firewall policy must be configured on FortiGate
For on-fabric clients to access FortiAnalyzer using ZTNA tags, the following conditions must be met:
References :=
TESTED 16 Jul 2026
