ExamGecko
Search Search Login
Home Home / Fortinet / FCP_FAZ_AN-7.4
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You created a playbook on FortiAnalyzer that uses a FortiOS connector. When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stich are available in the FortiOS connector?
Exhibit. What is the purpose of using the Chart Builder feature On FortiAnalyzer?
Which statement about sending notifications with incident updates is true?
Which statement correctly describes one Difference between templates and reports?
What is the purpose of playbook trigger variables?
What happens when the indicator of compromise (IOC) engine on FortiAnalyzer finds web logs that match blacklisted IP addresses?
You are trying to configure a task in the playbook editor to run a report. However, when you try to select the desired playbook, you do to see it listed. What is the reason?
Which statement about the FortiSIEM management extension is correct?
Exhibit. What does the data point at 12:20 indicate?
Which log will generate an event with the status Contained?

Question 18 - FCP_FAZ_AN-7.4 discussion

Report
Export

Exhibit.

Assume these are all the events that exist on the FortiAnalyzer device.

How many events will be added to the incident created after running this playbook?

A.

Eleven events will be added.

Answers
A.

Eleven events will be added.

B.

Seven events will be added

Answers
B.

Seven events will be added

C.

No events will be added.

Answers
C.

No events will be added.

D.

Four events will be added.

Answers
D.

Four events will be added.

Suggested answer: D

Explanation:

In the exhibit, we see a playbook in FortiAnalyzer designed to retrieve events based on specific criteria, create an incident, and attach relevant data to that incident. The 'Get Event' task configuration specifies filters to match any of the following conditions:

Severity = High

Event Type = Web Filter

Tag = Malware

Analysis of Events:

In the FortiAnalyzer Event Monitor list:

We need to identify events that meet any one of the specified conditions (since the filter is set to 'Match Any Condition').

Events Matching Criteria:

Severity = High:

There are two events with 'High' severity, both with the 'Event Type' IPS.

Event Type = Web Filter:

There are two events with the 'Event Type' Web Filter. One has a 'Medium' severity, and the other has a 'Low' severity.

Tag = Malware:

There are two events tagged with 'Malware,' both with the 'Event Type' Antivirus and 'Medium' severity.

After filtering based on these criteria, there are four distinct events:

Two from the 'Severity = High' filter.

One from the 'Event Type = Web Filter' filter.

One from the 'Tag = Malware' filter.

Conclusion:

Correct Answe r : D. Four events will be added.

This answer matches the conditions set in the playbook filter configuration and the events listed in the Event Monitor.

FortiAnalyzer 7.4.1 documentation on event filtering, playbook configuration, and incident management criteria.

Show Answer
asked 27/11/2024
Armindo Malafaia Neto
35 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms