A zero trust network access (ZTNA) private access use case is fundamentally defined by its core principles and scope. A primary tenet of ZTNA is "never trust, always verify," which mandates the continuous assessment of the connecting device's security posture before granting access. This makes statement A a core descriptor.

Furthermore, FortiSASE's ZTNA for private access functions as an application-level proxy. It is specifically designed to provide granular, secure access to private applications that use the TCP protocol. This defines the technical scope and capability of the use case, making statement C a correct description. Together, these two statements accurately outline the "what" and "how" of the ZTNA private access use case.

B. All FortiSASE user-based deployments are supported. This describes implementation compatibility rather than being a defining characteristic of the ZTNA use case itself. The use case is about the access model, not deployment methods.

D. Data center redundancy is offered. This is an infrastructure high-availability feature. While beneficial, it is not a fundamental component or descriptor of the ZTNA access control model or its use case.

1. FortiSASE Administration Guide: In the "ZTNA for private access" chapter

the guide details the workflow where FortiClient assesses the endpoint's security posture and applies ZTNA tags. This verification is a prerequisite for access. This supports option A.

2. FortiSASE Administration Guide: The "ZTNA for private access" section explicitly states

"FortiSASE ZTNA provides remote users with secure access to private applications. ZTNA provides better security than a traditional VPN solution by providing per-application access for TCP-based applications..." This directly supports option C.

3. FortiSASE Administration Guide: The "ZTNA rules" configuration section shows that rules are created for specific TCP ports and services

reinforcing that the use case is centered on TCP-based applications. This further supports option C.