ExamGecko
Search Search Login
Home Home / Fortinet / FCP_FAZ_AN-7.4
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You created a playbook on FortiAnalyzer that uses a FortiOS connector. When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stich are available in the FortiOS connector?
Exhibit. What is the purpose of using the Chart Builder feature On FortiAnalyzer?
Which statement about sending notifications with incident updates is true?
Which statement correctly describes one Difference between templates and reports?
What is the purpose of playbook trigger variables?
What happens when the indicator of compromise (IOC) engine on FortiAnalyzer finds web logs that match blacklisted IP addresses?
You are trying to configure a task in the playbook editor to run a report. However, when you try to select the desired playbook, you do to see it listed. What is the reason?
Which statement about the FortiSIEM management extension is correct?
Exhibit. What does the data point at 12:20 indicate?
Which log will generate an event with the status Contained?

Question 4 - FCP_FAZ_AN-7.4 discussion

Report
Export

Which log will generate an event with the status Unhandled?

A.

An AV log with action=quarantine.

Answers
A.

An AV log with action=quarantine.

B.

An IPS log with action=pass.

Answers
B.

An IPS log with action=pass.

C.

A WebFilter log will action=dropped.

Answers
C.

A WebFilter log will action=dropped.

D.

An AppControl log with action=blocked.

Answers
D.

An AppControl log with action=blocked.

Suggested answer: B

Explanation:

In FortiOS 7.4.1 and FortiAnalyzer 7.4.1, the 'Unhandled' status in logs typically signifies that the FortiGate encountered a security event but did not take any specific action to block or alter it. This usually occurs in the context of Intrusion Prevention System (IPS) logs.

IPS logs with action=pass: When the IPS engine inspects traffic and determines that it does not match any known attack signatures or violate any configured policies, it assigns the action 'pass'. Since no action is taken to block or modify this traffic, the status is logged as 'Unhandled.'

Let's look at why the other options are incorrect:

An AV log with action=quarantine: Antivirus (AV) logs with the action 'quarantine' indicate that a file was detected as malicious and moved to quarantine. This is a definitive action, so the status wouldn't be 'Unhandled.'

A WebFilter log will action=dropped: WebFilter logs with the action 'dropped' indicate that web traffic was blocked according to the configured web filtering policies. Again, this is a specific action taken, not an 'Unhandled' event.

An AppControl log with action=blocked: Application Control logs with the action 'blocked' mean that an application was denied access based on the defined application control rules. This is also a clear action, not 'Unhandled.'

Show Answer
asked 27/11/2024
Arkadiusz Skopinski
40 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms