Free Preparation Discussions
MENU
Fortinet NSE6_OTS_AR-7.6 Exam - Topic 3 Question 2 Discussion
Topic #: 3
Refer to the exhibits.
A partial Basic Event Handler page on FortiAnalyzer and the creation of a trigger in a FortiGate device are shown. To improve the protection of your OT network, you want to automate the handling of compromised devices notified through FortiAnalyzer. You have configured an event handler named Alert_trigger as shown in the exhibit. When you create the trigger on the FortiGate device, the Event handler name field does not provide the Alert_trigger option. What two actions must you perform to make the Alert_trigger option available? (Choose two answers)
The correct answers are C and D.
Option C is correct because the study guide explains that when ''a handler generates an event with the automation stitch option enabled, FortiAnalyzer sends a notification'' and, in the Security Fabric workflow, ''FortiAnalyzer parses the logs and notifies the root FortiGate.'' This means FortiGate must first have the FortiAnalyzer connection configured so it can consume FortiAnalyzer event handlers and use them in automation. The wizard message in the exhibit also points to this requirement by indicating that a FortiAnalyzer connection must be configured.
Option D is also correct because the study guide explicitly says that in this automation flow ''the root FortiGate triggers the action'' and shows ''Stitches configured on root FortiGate.'' Therefore, if you want the FortiAnalyzer event handler to appear and be usable for automation, the trigger must be configured on the root FortiGate, not on an arbitrary downstream FortiGate.
Option A is incorrect because + Create is only a GUI control and does not solve the missing-event-handler visibility problem. Option B is not identified in the study guide as the requirement for making a FortiAnalyzer event handler available in the FortiGate automation trigger list.
Diane
5 days ago