Refer to the exhibits.
Based on the FortiGate Security Fabric settings shown in the exhibits, what must an administrator do on the EMS server to successfully quarantine an endpoint. when it is detected as a compromised host (loC)?
Based on the FortiClient logs shown in the exhibit:
The first log entry shows the application 'firefox.exe' trying to access a destination IP, with the threat identified as 'Twitter.'
The action taken by the application firewall is 'blocked' with the event type 'appfirewall.'
This indicates that the application firewall has blocked access to Twitter.
Reference
FortiClient EMS 7.2 Study Guide, Application Firewall Logs Section
Fortinet Documentation on Interpreting FortiClient Logs
Freeman
2 days ago