U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet FCP_FAZ_AN-7.6 Exam - Topic 2 Question 14 Discussion

(How does FortiAnalyzer block indicators? (Choose one answer))
B) It uses a FortiManager connector to send the block list.
A) It uses an automation script to update FortiGate with the block list.
C) It uses a FortiClient EMS connector to send the block list.
D) It uses a webhook to allow FortiGate to send the block list.

Fortinet FCP_FAZ_AN-7.6 Exam - Topic 2 Question 14 Discussion

Actual exam question for Fortinet's FCP_FAZ_AN-7.6 exam
Question #: 14
Topic #: 2
[All FCP_FAZ_AN-7.6 Questions]

(How does FortiAnalyzer block indicators? (Choose one answer))

Show Suggested Answer Hide Answer
Suggested Answer: B

Comprehensive and Detailed Explanation From Exact Extract of knowledge of FortiAnalyzer 7.6 Study guide documents:

The FortiAnalyzer study guide states that blocking suspicious indicators is performed by integrating FortiAnalyzer with FortiManager (not by directly pushing a block list to FortiGate). Specifically: ''To use this feature, you must set up an authorized FortiManager connector for the FortiAnalyzer on the Fabric Connector page of FortiAnalyzer.''

It then explains the backend mechanism: ''In the back end, a playbook called Block_indicator runs every 5 minutes to send the information to FortiManager.'' After a successful run, ''the blocked indicator is pushed to the FortiManager External Resource list.'' From there, FortiManager can create threat feeds/security profiles/policy blocks and push policies to FortiGate as needed---however, the study guide clarifies: ''The Blocked status on FortiAnalyzer confirms that the list is updated on FortiManager, but it is not synced to FortiGate.''

Therefore, FortiAnalyzer blocks indicators by using a FortiManager connector and sending the block information to FortiManager (Option B).


Contribute your Thoughts:

0/2000 characters

Currently there are no comments in this discussion, be the first to comment!


Save Cancel