Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam FCP_FCT_AD-7.2 Topic 4 Question 10 Discussion

Actual exam question for Fortinet's FCP_FCT_AD-7.2 exam
Question #: 10
Topic #: 4
[All FCP_FCT_AD-7.2 Questions]

Refer to the exhibits.

Based on the FortiGate Security Fabric settings shown in the exhibits, what must an administrator do on the EMS server to successfully quarantine an endpoint. when it is detected as a compromised host (loC)?

Show Suggested Answer Hide Answer
Suggested Answer: A

Based on the FortiClient logs shown in the exhibit:

The first log entry shows the application 'firefox.exe' trying to access a destination IP, with the threat identified as 'Twitter.'

The action taken by the application firewall is 'blocked' with the event type 'appfirewall.'

This indicates that the application firewall has blocked access to Twitter.

Reference

FortiClient EMS 7.2 Study Guide, Application Firewall Logs Section

Fortinet Documentation on Interpreting FortiClient Logs


by Golda at Jul 16, 2024, 03:08 AM

Limited Time Offer

25%

Off

Get Premium FCP_FCT_AD-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Casie
1 months ago
Enabling FQDN on EMS? Is that like setting up a dating profile for your server? 'Looking for a compatible FortiGate to quarantine with.'
upvoted 0 times
Gearldine
9 days ago
Yeah, it's more about making sure the endpoint can be properly identified and managed.
upvoted 0 times
...
Stacey
11 days ago
I think enabling FQDN on EMS is more about identifying the endpoint by its fully qualified domain name.
upvoted 0 times
...
Meaghan
15 days ago
Haha, that's a funny way to think about it!
upvoted 0 times
...
...
Trevor
1 months ago
D is the way to go! SSH is the secret sauce for quarantining those pesky compromised hosts. Gotta love a good ol' terminal session.
upvoted 0 times
...
Keshia
1 months ago
I bet the answer is B. Enabling FQDN on EMS sounds like the key to making this work. Who needs SSH when you've got FQDN, am I right?
upvoted 0 times
Josephine
21 days ago
I think the answer is C. Authorizing FortiGate on FortiAnalyzer seems like the right step to take.
upvoted 0 times
...
...
Leatha
1 months ago
Hmm, I'm not sure about this one. Enabling remote HTTPS access to EMS seems like a good option, but I'm curious about the other choices too.
upvoted 0 times
...
Clay
1 months ago
I think the answer is C. The FortiGate needs to be authorized on the FortiAnalyzer to successfully quarantine the endpoint.
upvoted 0 times
Quiana
17 days ago
I agree, option C seems to be the correct choice.
upvoted 0 times
...
...
Freeman
2 months ago
But enabling remote HTTPS access would allow for secure communication, which is essential for quarantining an endpoint.
upvoted 0 times
...
Johna
2 months ago
I disagree, I believe the correct answer is D) The administrator must enable SSH access to EMS.
upvoted 0 times
...
Freeman
2 months ago
I think the answer is A) The administrator must enable remote HTTPS access to EMS.
upvoted 0 times
...

Save Cancel