Which information does FortiSASE use to bring network lockdown into effect on an endpoint? (Choose one answer)

A. Zero-day malware detection on endpoint
B. The number of critical vulnerabilities detected on the endpoint
C. The connection status of the tunnel to FortiSASE
D. The security posture of the endpoint based on ZTNA tags

Correct Answer: C

Brave-Dump Clients Votes

C 100%

Comments

javaughn Bryan 2025-11-28 21:50:18

Selected Answers: C

When you configure network lockdown, when an endpoint goes off net, the grace period configured by the FortiSASE administrator comes into effect. During the grace period, an endpoint can continue to access the LAN and the internet without restrictions. If the endpoint does not connect to the FortiSASE tunnel by the end of the grace period, the endpoint cannot access the LAN and the internet. It can still access IP addresses and applications that the FortiSASE administrator has configured as exempt destinations, and it can connect to the tunnel to regain internet access. You can also configure the exemption of captive portals if your network requires user authentication. The administrator can configure a limit for the number of times the end user can attempt to enter valid credentials to connect to the FortiSASE tunnel. Once the user reaches the limit, the endpoint is in network lockdown. FortiClient exits from network lockdown when the endpoints are determined to be on the network again or when a tunnel is established.

PAGE 88 | NSE7 SASE ENTERPRISE GUIDE