Which information does FortiSASE use to bring network lockdown into effect on an endpoint? (Choose one answer)

A. Zero-day malware detection on endpoint
B. he number of critical vulnerabilities detected on the endpoint
C. The security posture of the endpoint based on ZTNA tags
D. The connection status of the tunnel to FortiSASE

Correct Answer: D

Brave-Dump Clients Votes

D 50%

C 50%

Comments

Jo 2025-07-29 22:59:30

Selected Answers: D

D-

When you configure network lockdown, when an endpoint goes off net, the grace period configured by the FortiSASE administrator comes into effect. During the grace period, an endpoint can continue to access the LAN and the internet without restrictions. If the endpoint does not connect to the FortiSASE tunnel by the end of the grace period, the endpoint cannot access the LAN and the internet. It can still access IP addresses and applications that the FortiSASE administrator has configured as exempt destinations, and it can connect to the tunnel to regain internet access. You can also configure the exemption of captive portals if your network requires user authentication. The administrator can configure a limit for the number of times the end user can attempt to enter valid credentials to connect to the FortiSASE tunnel. Once the user reaches the limit, the endpoint is in network lockdown. FortiClient exits from network lockdown, when the endpoints are determined to be on net again or when a VPN connection is established

Page 135

Taz 2025-10-31 12:20:44

Selected Answers: C

Explanation:
FortiSASE uses ZTNA tags to assess the endpoint’s security posture. If the posture is non-compliant based on predefined rules, FortiSASE enforces network lockdown to restrict access accordingly.

Taz 2025-11-07 12:03:53

Selected Answers: C

he information FortiSASE uses to bring network lockdown into effect on an endpoint is C. The security posture of the endpoint based on ZTNA tags.
Explanation:
Zero Trust Network Access (ZTNA) is a key feature of FortiSASE. It operates on the principle of "never trust, always verify," meaning the security posture of an endpoint (based on its ZTNA tags and other security factors) is continuously assessed. If an endpoint is deemed to be in a risky or non-compliant state, FortiSASE can implement a network lockdown, restricting its access to sensitive resources.
Why other options are incorrect:
A. Zero-day malware detection on endpoint: While detecting zero-day malware is important for endpoint security, it's not the primary factor determining when to apply a network lockdown. A lockdown might be triggered even if no zero-day malware is detected, but other security risks are present.
B. The number of critical vulnerabilities detected on the endpoint: Having vulnerabilities is certainly a security concern, but the number alone doesn't necessarily dictate a network lockdown. The severity of the vulnerabilities and the endpoint's overall security posture are more relevant factors.
D. The connection status of the tunnel to FortiSASE: The connection status to FortiSASE is important for maintaining secure communication, but it doesn't directly determine when to implement a lockdown. A lockdown can be applied regardless of the tunnel connection status if the endpoint's security posture warrants it.

Ahmed Ezzat ([email protected]) 2025-11-20 21:10:41

Selected Answers: D

D is the correct answe as Jo mentioned