Refer to the exhibit showing a FortiSOAR playbook.
You are investigating a suspicious e-mail alert on FortiSOAR, and after reviewing the executed playbook, you can see that it requires intervention.
What should be your next step?
The exhibited playbook requires intervention, which means that the playbook has reached a point where it needs a human operator to take action. The next step should be to go to the Incident Response tasks dashboard and run the pending actions. This will allow you to see the pending actions that need to be taken and to take those actions.
The other options are not correct. Option B will only show you the notification icon, but it will not allow you to run the pending input action. Option C will run the Mark Drive by Download playbook action, but this is not the correct action to take in this case. Option D is not a valid option.
Here are some additional details about pending actions in FortiSOAR:
Pending actions are actions that need to be taken by a human operator.
Pending actions are displayed in the Incident Response tasks dashboard.
Pending actions can be run by clicking on the action in the dashboard.
Review the following FortiGate-6000 configuration excerpt:
Based on the configuration, which statement is correct regarding SNAT source port partitioning behavior?
The configuration excerpt shows that the SNAT source port partitioning behavior is set to dynamic. This means that the FortiGate will dynamically distribute SNAT source ports to operating FPCs or FPMs. This ensures that active sessions are not interrupted if an FPC or FPM goes down.
The other options are incorrect. Option B is incorrect because the default SNAT configuration is static. Option C is incorrect because the configuration excerpt does not specify that SNAT source ports are statically distributed. Option D is incorrect because the SNAT source ports are not evenly distributed across chassis slots.
Here are some additional details about SNAT source port partitioning behavior:
SNAT source port partitioning behavior can be set todynamicorstatic.
The default SNAT configuration isstatic.
Dynamic SNAT source port partitioning ensures that active sessions are not interrupted if an FPC or FPM goes down.
Static SNAT source port partitioning can improve performance by reducing the number of SNAT lookups.
You want to use the MTA adapter feature on FortiSandbox in an HA-Cluster. Which statement about this solution is true?
An administrator has configured a FortiGate device to authenticate SSL VPN users using digital certificates. A FortiAuthenticator is the certificate authority (CA) and the Online Certificate Status Protocol (OCSP) server.
Part of the FortiGate configuration is shown below:
Based on this configuration, which two statements are true? (Choose two.)
Bis correct because the OCSP check of the certificate can be combined with a certificate revocation list (CRL). This means that the FortiGate will check the OCSP server to see if the certificate has been revoked, and it will also check the CRL to see if the certificate has been revoked.
Dis correct because if the OCSP server is unreachable, authentication will succeed if the certificate matches the CA. This is because the FortiGate will fall back to using the CRL if the OCSP server is unreachable.
The other options are incorrect. Option A is incorrect because OCSP checks can go to other OCSP servers, not just the FortiAuthenticator. Option C is incorrect because OCSP certificate responses can be cached by the FortiGate.
References:
Configuring SSL VPN authentication using digital certificates | FortiGate / FortiOS 7.2.0 - Fortinet Document Library
Online Certificate Status Protocol (OCSP) | FortiGate / FortiOS 7.2.0 - Fortinet Document Library
Certificate Revocation Lists (CRLs) | FortiGate / FortiOS 7.2.0 - Fortinet Document Library
Refer to the exhibit.
The exhibit shows two error messages from a FortiGate root Security Fabric device when you try to configure a new connection to a FortiClient EMS Server.
Referring to the exhibit, which two actions will fix these errors? (Choose two.)
Ais correct because the error message 'The CRL is not accessible' indicates that the root FortiGate cannot access the CRL for the FortiClient EMS server. Verifying that the CRL is accessible will fix this error.
Dis correct because the error message 'The FortiClient EMS server is not authorized' indicates that the root FortiGate is not authorized to connect to the FortiClient EMS server. Authorizing the root FortiGate on the FortiClient EMS server will fix this error.
The other options are incorrect. Option B is incorrect because exporting and importing the FortiClient EMS server certificate to the root FortiGate will not fix the CRL error. Option C is incorrect because installing a new known CA on the Win2K16-EMS server will not fix the authorization error.
References:
Troubleshooting FortiClient EMS connectivity | FortiClient / FortiOS 7.0.0 - Fortinet Document Library
Authorizing FortiGates with FortiClient EMS | FortiClient / FortiOS 6.4.8 - Fortinet Document Library
Viki
2 months agoRikki
2 months agoCarolynn
2 months agoJolene
2 months agoPaul
2 months agoMitsue
3 months ago