My-Test-SASE-FT

1. Which authentication method overrides any other previously configured user authentication on FortiSASE?. Local. SSO. RADIUS. MFA.

2. What is the role of ZTNA tags in the FortiSASE Secure Internet Access (SIA) and Secure Private Access (SPA) use cases?. ZTNA tags are created to isolate browser sessions in SIA and enforce data loss prevention in SPA for all devices. ZTNA tags determine device posture for non-web traffic protocols and are applied only in agentless deployments for SIA. ZTNA tags determine device posture for endpoints running FortiClient and are used to grant or deny access in SIA or SPA based on that posture. ZTNA tags are applied to unmanaged endpoints without FortiClient to secure HTTP and HTTPS traffic in SIA and SPA.

3. Refer to the exhibits. Jumpbox and Windows-AD are endpoints from the same remote location. Jumpbox can access the internet through FortiSASE, while Windows-AD can no longer access the internet. Based on the information in the exhibits, which reason explains the outage on Windows-AD? (Choose one answer). The device security posture for Windows-AD has changed. The FortiClient version installed on Windows-AD does not match the expected version on FortiSASE. Windows-AD is excluded from FortiSASE management. The remote VPN user on Windows-AD no longer matches any VPN policy.

4. Refer to the exhibit. An organization must inspect all the endpoint internet traffic on FortiSASE, and exclude Google Maps traffic from the FortiSASE tunnel and redirect it to the endpoint physical interface. Which configuration must you apply to achieve this requirement? (Choose one answer). Add the Google Maps URL in the zero trust network access (ZTNA) TCP access proxy forwarding rule. Configure a steering bypass tunnel firewall policy using Google Maps FQDN to exclude and redirect the traffic. Exempt Google Maps in URL filtering in the web filter profile. Add the Google Maps URL as a steering bypass destination in the endpoint profile.

5. * Drag and Drop Question * When configuring the DLP rule in FortiSASE using Regex format, what would be the correct order for the configuration steps?. DLP Rule. DLP Dictionary. DLP Data Pattern. DLP Sensor. DLP Profile.

6. Refer to the exhibits. A FortiSASE administrator has configured an antivirus profile in the security profile group and applied it to the internet access policy. Remote users are still able to download the eicar.com-zip file from https://eicar.org Which configuration on FortiSASE is allowing users to perform the download? (Choose one answer). Deep inspection is not enabled. Application control is exempting all the browser traffic. Web filter is allowing the URL. Intrusion prevention is disabled.

7. Refer to the exhibit. Which two prerequisites must be met to use the feature shown in the exhibit? (Choose two answers). The secure private access (SPA) feature must be configured in FortiSASE. The relevant FortiGate ZTNA application gateway must be configured. FortiClient must be installed on the user's device to access the private application. The proxy and proxy user single sign-on (SSO) features must be configured in FortiSASE.

8. A customer configured the On/off-net detection rule to disable FortiSASE VPN auto-connect when users are inside the corporate network. The rule is set to Connects with a known public IP using the company’s public IP address. However, when the users are on the corporate network, the FortiSASE VPN still auto-connects. The customer has confirmed that traffic is going to the internet with the correct IP address. Which configuration is causing the issue? (Choose one answer). The On-net rule set configuration is incorrect. Allow local LAN access when endpoint is on-net is disabled when it should be enabled. Exempt endpoint from FortiSASE auto-connect is disabled when it should be enabled. . Is connected to a known DNS server should be enabled and configured.

9. How does FortiSASE Secure Private Access (SPA) facilitate connectivity to private resources in a hub-and-spoke network? (Choose one answer). SPA establishes direct links to spokes without IPsec or BGP and uses an easy configuration key to secure web traffic for remote users. SPA applies source network address translation (SNAT) for remote user traffic and uses IKEv1 for IPsec tunnels to connect to standalone hubs without BGP support. SPA connects to private resources using HTTP and HTTPS protocols and relies on FortiClient for agentless access to SD-WAN deployments. SPA connects a FortiSASE POP to a FortiGate hub or SD-WAN deployment using IPsec and BGP for dynamic route exchange with an easy configuration key for simplified setup on FortiOS.

10. For monitoring potentially unwanted applications on endpoints, which information is available on the FortiSASE software installations page? (Choose two answers). The endpoint the software is installed on. The license status of the software. The vendor of the software. The usage frequency of the software.

11. A customer needs to implement device posture checks for their remote endpoints while accessing the protected server. They also want the TCP traffic between the remote endpoints and the protected servers to be processed by FortiGate. In this scenario, which two setups will achieve these requirements? (Choose two answers). Configure ZTNA tags on FortiGate. Configure FortiGate as a zero trust network access (ZTNA) access proxy. Configure ZTNA servers and ZTNA policies on FortiGate. Configure private access policies on FortiSASE with ZTNA.

12. A FortiSASE customer has been enforcing always-on VPN for their remote users running FortiClient. What option can be enabled under the customer’s Endpoint Profile to allow them access different resources located in the same L2 network? (Choose one answer). Allow local LAN Access in the user Endpoint Profile before they get connected to the VPN. Endpoint Sandbox protection for VPN users. Endpoint Anti-Virus protection in the Endpoint Profile for VPN. Network Lockdown for endpoints with VPN enabled.

13. Which three traffic flows are supported by FortiSASE Secure Private Access (SPA)? (Choose three answers). From private resources to FortiSASE agent-based users. From private resources to the internet. From agent-based users to private resources behind the Fortinet SD-WAN. From private resources to other private resources (SPA to SPA). From thin branches/branch on-ramp to private resources behind the Fortinet SD-WAN.

14. What are two benefits of deploying secure private access with SD-WAN? (Choose two answers). ZTNA posture check performed by the hub FortiGate. Support of both TCP and UDP applications. A direct access proxy tunnel from FortiClient to the on-premises FortiGate. Inline security inspection by FortiSASE.

15. How does FortiSASE address the market trends of multicloud and Software-as-a-Service (SaaS) adoption, hybrid workforce, and zero trust? (Choose one answer). It focuses solely on securing on-premises networks, ignoring cloud and remote work challenges. It prioritizes legacy VPN connections for hybrid workforces, bypassing modern cloud and zero-trust security measures. It provides visibility and control for multicloud and SaaS environments, ensures secure and seamless access for hybrid workforces, and implements zero-trust principles. It supports only zero-trust frameworks without addressing multicloud or hybrid workforce needs.

16. Which service is included in a secure access service edge (SASE) solution, but not in a security service edge (SSE) solution? (Choose one answer). SWG. SD-WAN. CASB. ZTNA.

17. You are configuring FortiSASE SSL deep inspection. What is required for FortiSASE to inspect encrypted traffic? (Choose one answer). FortiSASE uses a third-party CA certificate without importing it to client machines, and SSL deep inspection supports only web filtering and application control. FortiSASE acts as a root CA without needing a certificate, and SSL deep inspection is used only for split DNS and video filtering. FortiSASE requires an external CA to issue certificates to client machines, and SSL deep inspection supports only antivirus and file filter. FortiSASE acts as a certificate authority (CA) with a self-signed or internal CA certificate, requiring the root CA certificate to be imported into client machines.

18. What is required to enable the MSSP feature on FortiSASE? (Choose one answer). Multi-tenancy must be enabled on the FortiSASE portal. MSSP user accounts and permissions must be configured on the FortiSASE portal. The MSSP add-on license must be applied to FortiSASE. Role-based access control (RBAC) must be assigned to identity and access management (IAM) users using the FortiCloud IAM portal.

19. Which two statements about FortiSASE Geofencing with regional compliance are true? (Choose two answers). You can configure regional compliance on the security POP or the on-premises device, not both. If no regional compliance rule is configured, the connection is made to the closest security POP. A regional compliance rule can connect only to an on-premises device or only to a security POP. The connection order for a regional compliance rule is always the security POP first, followed by the on-premises device.

20. Refer to the exhibit. The daily report for application usage for internet traffic shows an unusually high number of unknown applications by category. What are two possible explanations for this? (Choose two answers). The inline-CASB application control profile does not have application categories set to Monitor. Certificate inspection is not being used to scan application traffic. The private access policy must be set to log Security Events. Deep inspection is not being used to scan traffic.

21. Which two statements about the Hub Selection Method in FortiSASE Secure Private Access (SPA) are correct? (Choose two answers). When using Hub Health and Priority, FortiSASE selects the highest priority hub that meets the configured SLA thresholds. When using BGP MED, FortiSASE selects the hub with the lowest MED value only if it also meets the configured SLA thresholds. When using SLA thresholds, administrators can customize latency, jitter, and packet loss for each security POP. When using Hub Health and Priority, all hubs with the same priority are always selected regardless of SLA results.

22. Your organization is currently using FortiSASE for its cybersecurity. They have recently hired a contractor who will work from the HQ office and who needs temporary internet access in order to set up a web-based point of sale (POS) system. How can you provide secure internet access to the contractor using FortiSASE? (Choose one answer). Use a proxy auto-configuration (PAC) file and provide secure web gateway (SWG) service as an explicit web proxy. Use a tunnel policy with a contractors user group as the source on FortiSASE to provide internet access. Use zero trust network access (ZTNA) and tag the client as an unmanaged endpoint. Use the self-registration portal on FortiSASE to grant internet access.

23. Refer to the exhibit. Which type of information or actions are available to a FortiSASE administrator from the following output? (Choose one answer). Administrators can view and configure endpoint profiles and ZTNA tags. Administrators can view and configure automatic patching of endpoints, and first detected date for applications. Administrators can view latest application version available and push updates to managed endpoints. Administrators can view application details, such as vendor, version, and installation dates to identify unwanted or outdated software.

24. What is the purpose of the grace period for off-net endpoints in the FortiSASE Network Lockdown feature? (Choose one answer). To allow users to attempt VPN reconnection before restrictions are applied. To bypass security policies for specific applications. To permanently block network access for non-compliant endpoints. To automatically reset the FortiClient configuration.

25. Refer to the exhibit. A customer wants to fine-tune network assignments on FortiSASE, so they modified the IPAM configuration as shown in the exhibit. After this configuration, the customer started having connectivity problems and noticed that devices are using excluded ranges. What could be causing the unexpected behavior and connectivity problems? (Choose two answers). The pool must include at least one /20 per security POP for the IPAM to work correctly. The pool must include at least one /16 per Instance for the IPAM to work correctly. The pool must include at least one /20 per Instance for the IPAM to work correctly. The customer excluded too many networks from the pool.

26. Refer to the exhibit. A customer wants to fine-tune network assignments on FortiSASE, so they modified the IPAM configuration as shown in the exhibit. After this configuration, the customer started having connectivity problems and noticed that devices are using excluded ranges. What could be causing the unexpected behavior and connectivity problems? (Choose two answers). The pool must include at least one /20 per security POP for the IPAM to work correctly. The pool must include at least one /16 per Instance for the IPAM to work correctly. The pool must include at least one /20 per Instance for the IPAM to work correctly. The customer excluded too many networks from the pool.

27. You are designing a new network, and the cybersecurity policy mandates that all remote users working from home must always be connected and protected. Which FortiSASE component facilitates this always-on security measure? (Choose one answer). Unified FortiClient. SDWAN on-ramp. Secure web gateway. Thin-branch SASE extension.

28. Which statement best describes the Digital Experience Monitor (DEM) feature on FortiSASE? (Choose one answer). It monitors the FortiSASE POP health based on ping probes. It is used for performing device compliance checks on endpoints. It provides end-to-end network visibility from all the FortiSASE security PoPs to a specific SaaS application. It gathers all the vulnerability information from all the FortiClient endpoints.

29. Refer to the exhibit. An SPA service connection is experiencing connectivity problems. Which configuration setting should the administrator verify and correct first? (Choose one answer). Remote Gateway. BGP Peer IP. Network overlay ID. Authentication Method.

30. A Fortinet customer is considering integrating FortiManager with FortiSASE. What are two prerequisites they should consider? (Choose two answers). Adding a FortiManager connection add-on license to FortiSASE. Placing FortiManager in the same FortiCloud account as FortiSASE. Reducing the number of FortiSASE PoPs that support FortiManager. Running a FortiManager version that is supported by FortiSASE.

31. Refer to the exhibit. Based on the configuration shown, in which two ways will FortiSASE process sessions that require FortiSandbox inspection? (Choose two answers). All files will be sent to an on-premises FortiSandbox for inspection. FortiClient quarantines only infected files that FortiSandbox detects as medium level. All files executed on a USB drive will be sent to FortiSandbox for analysis. Only endpoints assigned a profile for sandbox detection will be processed by the sandbox feature.

32. What can be configured on FortiSASE as an additional layer of security for FortiClient registration? (Choose one answer). Security posture tags. User verification. Device identification. Application inventory.

33. Which two settings are automatically pushed from FortiSASE to FortiClient in a new FortiSASE deployment with default settings? (Choose two answers). FortiSASE certificate authority (CA) certificate. Tunnel profile. Real-time protection. Zero trust network access (ZTNA) tags.

34. An administrator must restrict endpoints from certain countries from connecting to FortiSASE. Which configuration can achieve this? (Choose one answer). A network lockdown policy on the endpoint profiles. Source IP anchoring to restrict access from the specified countries. A geography address object as the source for a deny policy. Geofencing to restrict access from the required countries.

35. You have configured FortiSASE Secure Private Access (SPA) deployment. Which statement is true about traffic flows? (Choose two answers). When using SD-WAN private access, traffic goes from an endpoint directly to an SPA hub. When using zero trust network access, traffic goes from an endpoint to a FortiSASE POP, and then to a ZTNA access proxy. When using zero trust network access (ZTNA) traffic goes from an endpoint directly to a ZTNA access proxy. When using SD-WAN private access, traffic goes from an endpoint to a FortiSASE POP, and then to an SPA hub.

36. Your FortiSASE customer has a small branch office in which ten users will be using their personal laptops and mobile devices to access the internet. Which deployment should they use to secure their internet access with minimal configuration? (Choose one answer). FortiClient endpoint agent to secure internet access. FortiAP to secure internet access. SD-WAN on-ramp to secure internet access. FortiGate as a LAN extension to secure internet access.

37. What is the purpose of security posture tagging in ZTNA? (Choose one answer). To assign usernames to different devices for security logs. To ensure that all devices and users are monitored continuously. To provide granular access control based on the compliance status of devices and users. To categorize devices and users based on their role in the organization.

38. Refer to the exhibits. A FortiSASE administrator has configured FortiSASE as a spoke to a FortiGate hub. The tunnel is up to the FortiGate hub. However, the remote FortiClient is not able to access the web server hosted behind the FortiGate hub. What is the reason for the access failure? (Choose one answer). The hub is not advertising the required routes. A private access policy has denied the traffic because of failed compliance. The hub firewall policy does not include the FortiClient address range. The server subnet BGP route was not received on FortiSASE.

39. What action must a FortiSASE customer take to restrict organization SaaS access to only FortiSASE-connected users? (Choose one answer). Implement a CNAPP solution to allowlist the users under the FortiSASE egress IP. Implement ZTNA for their private apps and allow list them under SaaS portals or grant them conditional access. Connect FortiSASE to an SPA hub for private access to an allowlisted connecting IP. Retrieve the PoPs of the users' public IP addresses from the FortiSASE region IP list and whitelist the IP under SaaS portals, or grant them conditional access.

40. What happens to the logs on FortiSASE that are older than the configured log retention period? (Choose one answer). The logs are deleted from FortiSASE. The logs are compressed and archived. The logs are backed up on FortiCloud. The logs are indexed and can be stored in a SQL database.

41. An existing Fortinet SD-WAN customer is reviewing the FortiSASE ordering guide to identify which add-on is needed to allow future FortiSASE remote users to reach private resources. Which add-on should the customer consider to allow private access? (Choose one answer). FortiSASE Global add-on. FortiSASE Branch On-Ramp add-on. FortiSASE SPA add-on. FortiSASE Dedicated Public IP Address add-on.

42. What is the maximum number of Secure Private Access (SPA) service connections (SPA hubs) supported in the SPA use case? (Choose one answer). 8. 12. 4. 16.

43. A company must provide access to a web server through FortiSASE secure private access for contractors. What is the recommended method to provide access? (Choose one answer). Configure a TCP access proxy forwarding rule and push it to the contractor FortiClient endpoint. Publish the web server URL on a bookmark portal and share it with contractors. Update the PAC file with the web server URL and share it with contractors. Update the DNS records on the endpoint to access private applications.

44. One user has reported connectivity issues connectivity; no other users have reported problems. Which tool can the administrator use to identify the problem? (Choose one answer). Mobile device management (MDM) service to troubleshoot the connectivity issue. Digital experience monitoring (DEM) to the performance metrics of the remote computer. Forensics service to obtain detailed information about the user's remote computer performance. SOC-as-a-Service (SOCaaS) to get information about the user's remote computer.

45. What are the key differences between the FortiSASE BGP per overlay and BGP on loopback routing design methods? (Choose one answer). BGP per overlay can use separate iBGP sessions for each spoke-to-hub tunnel with mode-cfg enabled for IP address assignment, while BGP on loopback uses a single iBGP session per hub terminating on a loopback interface to simplify configuration and reduce advertised routes. BGP per overlay establishes a single iBGP session per hub on a loopback interface, while BGP on loopback requires mode-cfg for IP address assignment and uses multiple iBGP sessions per tunnel. BGP per overlay is used for loopback interfaces to reduce routes, while BGP on loopback is the default method requiring separate iBGP sessions for each spoke. BGP per overlay simplifies hub configuration without mode-cfg, while BGP on loopback establishes multiple iBGP sessions for each tunnel to increase advertised routes.

46. Which information does FortiSASE use to bring network lockdown into effect on an endpoint? (Choose one answer). Zero-day malware detection on endpoint. The number of critical vulnerabilities detected on the endpoint. The connection status of the tunnel to FortiSASE. The security posture of the endpoint based on ZTNA tags.

47. Refer to the exhibits. How will the application vulnerabilities be patched, based on the exhibits provided? (Choose one answer). An administrator will patch the vulnerability remotely using FortiSASE. The end user will patch the vulnerabilities using the FortiClient software. The vulnerability will be patched by installing the patch from the vendor's website. The vulnerability will be patched automatically based on the endpoint profile configuration.

48. Which two benefits come from integrating SoCaaS with FortiSASE? (Choose two answers). Eliminates the need of endpoint projection software. Continuous threat monitoring of all connected endpoints. Centralized visibility of all threat events. Provides bandwidth usage analytics.

49. Refer to the exhibits. An endpoint is assigned an IP address of 192.168.13.101/24. Which action will be run on the endpoint? (Choose one answer). The endpoint will be able to bypass the on-net rule because it is connecting from a known subnet. The endpoint will be detected as off-net. The endpoint will be exempted from auto-connect to the FortiSASE tunnel. The endpoint will automatically connect to the FortiSASE tunnel.

50. In the Secure Private Access (SPA) use case, which two FortiSASE features facilitate access to corporate applications? (Choose two answers). SD-WAN. zero trust network access (ZTNA). thin edge. cloud access security broker (CASB).

51. What are the two key features and benefits of Fortinet SOCaaS when integrated with FortiSASE? (Choose two answers). Fortinet SOCaaS offers monitoring only during standard business hours, uses AI without human analysis, and provides annual reports without dashboards or FortiSASE integration. Fortinet SOCaaS monitors only remote users, does not support log forwarding, and provides threat notifications without response guidance or expert meetings. Fortinet SOCaaS allows for consistent security monitoring through log forwarding, offers rapid threat notifications and response guidance, and includes intuitive dashboards. ortinet SOCaaS provides 24x7x365 cloud-based monitoring by Fortinet experts using AI, machine learning, and human analysis. Fortinet SOCaaS is a standalone service that monitors only FortiGate environments, provides automated patching without human analysis, and does not integrate with FortiSASE.

52. What is the purpose of the web content filtering feature in a FortiSASE web filter profile? (Choose one answer). It blocks only websites with predefined categories and does not support custom words or patterns. It automatically filters web content at the global level and cannot be adjusted for individual web filter profiles. It blocks all websites containing specific words or patterns globally across all profiles without customization. It blocks all websites containing specific words or patterns globally across all profiles without customization.

53. Refer to the exhibit. Which two statements about the onboarding process shown in the exhibit are true? (Choose two answers). The user must manually select which FortiSASE components to install during the FortiClient setup. Depending on the installer used, the invitation code step may be skipped. The invitation code must always be entered manually after installing FortiClient. This is an email from the FortiSASE platform to an end user.

54. How does FortiSASE hide user information when viewing and analyzing logs? (Choose one answer). By compressing log data. By hashing log data. By tokenization in log data. By deleting log data.

55. A customer wants to ensure secure access for private applications for their users by replacing their VPN. Which two SASE technologies can you use to accomplish this task? (Choose two answers). secure web gateway (SWG) and cloud access security broker (CASB). SD-WAN on-ramp. secure SD-WAN. zero trust network access (ZTNA).

56. An organization must block user attempts to log in to non-company resources while using Microsoft Office 365 to prevent users from accessing unapproved cloud resources. Which FortiSASE feature can you implement to meet this requirement? (Choose one answer). data loss prevention (DLP) with Microsoft Purview Information Protection (MPIP). DNS filter with domain filter. application control with inline-CASB. web filter with inline-CASB.

57. A school has deployed an agent-based FortiSASE solution for blocking student access to the internet during class time and allowing internet access only during the lunch break. What would be the recommended method to enforce this policy? (Choose one answer). Configure the off-net/on-net network setting. Enable a PAC file on the existing FortiClient agent. Create a scheduled firewall policy with an appropriate security profile that is active only during the lunch break. Allowing the students to manually disconnect their VPN tunnel.

58. How can local users be authenticated on FortiSASE? (Choose one answer). Only RADIUS and SAML for SSO, with local users requiring an external authentication server. Local database, RADIUS, LDAP, and SAML for SSO, with local users authenticating directly with FortiSASE. LDAP and local database only, with local users authenticating through a third-party service. SAML and RADIUS, with local users authenticating via an external SSO provider.

59. What are two benefits of deploying FortiSASE with FortiGate ZTNA access proxy? (Choose two answers). The on-premises FortiGate performs a device posture check. It is ideal for latency-sensitive applications. It supports both agentless ZTNA and agent-based ZTNA. It offers data center redundancy.

60. Which two statements about on-ramp tunnels on FortiSASE are correct? (Choose two answers). SSL deep inspection for site-based users is fully functional without installing the FortiSASE certificate authority certificate. Only FortiExtender and FortiAP devices are supported for on-ramp tunnels. A branch device can connect to two or more on-ramp locations. The branch on-ramp and secure private access (SPA) features share the same BGP configuration.

61. Which two are required to enable central management on FortiSASE? (Choose two answers). FortiSASE connector configured on FortiManager. FortiManager and FortiSASE registered under the same FortiCloud account. FortiSASE central management entitlement applied to FortiManager. The FortiManager IP address in the FortiSASE central management configuration.

62. How many connections and how much bandwidth are supported by FortiSASE Branch On Ramp? (Choose one answer). Up to 2,000 connections with a shared bandwidth of 10 Gbps. Up to 1,000 connections with a shared bandwidth of 1 Gbps. Up to 5,000 connections with a shared bandwidth of 10 Gbps. Up to 2,000 connections with a shared bandwidth of 1 Gbps.

63. A customer wants to assign the endpoint profiles based on Entra ID computer groups. What should they configure? (Choose one answer). The Domains settings on FortiSASE for Microsoft Entra ID. LDAP authentication. The SSO settings on FortiSASE for Microsoft Entra ID. Entra ID for endpoint profiles.

64. A FortiSASE administrator is receiving reports that some users have travelled overseas and cannot establish their agent-based VPN tunnels, although they can authenticate with their SSO credentials to access O365 and SFDC directly. The administrator reviewed the firewall policies and ZTNA tags of some users and could not find anything unusual. Which action can the administrator take to resolve this problem? (Choose one answer). Create a dedicated firewall policy for the users. Instruct the users to restart their laptops and log in again. Ensure that the countries the users are visiting are not listed under the Deny list in the Geofencing settings. Instruct the users to install the updated version of the agent-based client.

65. How does FortiSASE Secure Private Access (SPA) facilitate connectivity to private resources in a hub-and-spoke network? (Choose one answer). SPA applies source network address translation (SNAT) for remote user traffic and uses IKEv1 for IPsec tunnels to connect to standalone hubs without BGP support. SPA connects to private resources using HTTP and HTTPS protocols and relies on FortiClient for agentless access to SD-WAN deployments. SPA establishes direct links to spokes without IPsec or BGP and uses an easy configuration key to secure web traffic for remote users. SPA connects a FortiSASE POP to a FortiGate hub or SD-WAN deployment using IPsec and BGP for dynamic route exchange with an easy configuration key for simplified setup on FortiOS.

66. Refer to the exhibit. An endpoint profile configured by a customer is shown. A workstation user reports that after installing and connecting the FortiSASE client, they no longer have access to their local home network printers. The customer On-net rule set is mapped to the office public IP address. What the customer needs to enable so the user can use the local network printer at home? (Choose one answer). The customer should increase the Grace period to allow the user to print immediately after booting the computer. The customer should enable Allow local LAN access when endpoint is off-net. The customer must create a new firewall policy to give the user access to the local subnet. The customer should disable Lockdown endpoint when off-net.