Free Preparation Discussions
MENU
Fortinet FCP_FAZ_AN-7.4 Exam - Topic 2 Question 23 Discussion
Topic #: 2
Which log will generate an event with the status Unhandled?
In FortiOS 7.4.1 and FortiAnalyzer 7.4.1, the 'Unhandled' status in logs typically signifies that the FortiGate encountered a security event but did not take any specific action to block or alter it. This usually occurs in the context of Intrusion Prevention System (IPS) logs.
IPS logs with action=pass: When the IPS engine inspects traffic and determines that it does not match any known attack signatures or violate any configured policies, it assigns the action 'pass'. Since no action is taken to block or modify this traffic, the status is logged as 'Unhandled.'
Let's look at why the other options are incorrect:
An AV log with action=quarantine: Antivirus (AV) logs with the action 'quarantine' indicate that a file was detected as malicious and moved to quarantine. This is a definitive action, so the status wouldn't be 'Unhandled.'
A WebFilter log will action=dropped: WebFilter logs with the action 'dropped' indicate that web traffic was blocked according to the configured web filtering policies. Again, this is a specific action taken, not an 'Unhandled' event.
An AppControl log with action=blocked: Application Control logs with the action 'blocked' mean that an application was denied access based on the defined application control rules. This is also a clear action, not 'Unhandled.'
Staci
8 hours agoMarshall
6 days agoKelvin
11 days agoMagdalene
16 days agoDalene
21 days agoJunita
26 days agoPearlene
1 month agoLenita
1 month agoBeula
1 month agoRosalia
2 months agoArlyne
2 months agoJerilyn
2 months agoReena
2 months agoGeraldine
2 months agoGolda
3 months agoGladys
3 months agoCorinne
3 months agoCorrinne
3 months agoRebecka
2 months ago