Fortinet Exam FCP_FCT_AD-7.2 Topic 4 Question 10 Discussion

Actual exam question for Fortinet's FCP_FCT_AD-7.2 exam

Question #: 10
Topic #: 4

Refer to the exhibits.

Based on the FortiGate Security Fabric settings shown in the exhibits, what must an administrator do on the EMS server to successfully quarantine an endpoint. when it is detected as a compromised host (loC)?

AThe administrator must enable remote HTTPS access to EMS.

BThe administrator must enable FQDN on EMS.

CThe administrator must authorize FortiGate on FortiAnalyzer.

DThe administrator must enable SSH access to EMS.

Show Suggested Answer

Suggested Answer: A

Based on the FortiClient logs shown in the exhibit:

The first log entry shows the application 'firefox.exe' trying to access a destination IP, with the threat identified as 'Twitter.'

The action taken by the application firewall is 'blocked' with the event type 'appfirewall.'

This indicates that the application firewall has blocked access to Twitter.

Reference

FortiClient EMS 7.2 Study Guide, Application Firewall Logs Section

Fortinet Documentation on Interpreting FortiClient Logs

by Golda at Jul 16, 2024, 03:08 AM

Limited Time Offer

25%

Off

Get Premium FCP_FCT_AD-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Freeman

2 days ago

I think the answer is A) The administrator must enable remote HTTPS access to EMS.

upvoted 0 times

...