ExamGecko
Search Search Login
Home Home / Fortinet / FCP_FAZ_AN-7.4
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You created a playbook on FortiAnalyzer that uses a FortiOS connector. When configuring the FortiGate side, which type of trigger must be used so that the actions in an automation stich are available in the FortiOS connector?
Exhibit. What is the purpose of using the Chart Builder feature On FortiAnalyzer?
Which statement about sending notifications with incident updates is true?
Which statement correctly describes one Difference between templates and reports?
What is the purpose of playbook trigger variables?
What happens when the indicator of compromise (IOC) engine on FortiAnalyzer finds web logs that match blacklisted IP addresses?
You are trying to configure a task in the playbook editor to run a report. However, when you try to select the desired playbook, you do to see it listed. What is the reason?
Which statement about the FortiSIEM management extension is correct?
Exhibit. What does the data point at 12:20 indicate?
Which log will generate an event with the status Contained?

Question 29 - FCP_FAZ_AN-7.4 discussion

Report
Export

As part of your analysis, you discover that an incident is a false positive.

You change the incident status to Closed: False Positive.

Which statement about your update is true?

A.

The audit history log will be updated.

Answers
A.

The audit history log will be updated.

B.

The corresponding event will be marked as mitigated.

Answers
B.

The corresponding event will be marked as mitigated.

C.

The incident will be deleted.

Answers
C.

The incident will be deleted.

D.

The incident number will be changed

Answers
D.

The incident number will be changed

Suggested answer: A

Explanation:

When an incident in FortiAnalyzer is identified as a false positive and its status is updated to 'Closed: False Positive,' certain records and logs are updated to reflect this change.

Option A - The Audit History Log Will Be Updated:

FortiAnalyzer maintains an audit history log that records changes to incidents, including updates to their status. When an incident status is marked as 'Closed: False Positive,' this action is logged in the audit history to ensure traceability of changes. This log provides accountability and a record of how incidents have been handled over time.

Conclusion: Correct.

Option B - The Corresponding Event Will Be Marked as Mitigated:

Changing an incident to 'Closed: False Positive' does not affect the status of the original event itself. Marking an incident as a false positive signifies that it does not represent a real threat, but it does not imply that the event has been mitigated.

Conclusion: Incorrect.

Option C - The Incident Will Be Deleted:

Marking an incident as 'Closed: False Positive' does not delete the incident from FortiAnalyzer. Instead, it updates the status to reflect that it is not a real threat, allowing for historical analysis and preventing similar false positives in the future. Deletion would typically only occur manually or by a different administrative action.

Conclusion: Incorrect.

Option D - The Incident Number Will Be Changed:

The incident number is a unique identifier and does not change when the status of the incident is updated. This identifier remains constant throughout the incident's lifecycle for tracking and reference purposes.

Conclusion: Incorrect.

Conclusion:

Correct Answe r : A. The audit history log will be updated.

This is the most accurate answer, as the update to 'Closed: False Positive' is recorded in FortiAnalyzer's audit history log for accountability and tracking purposes.

FortiAnalyzer 7.4.1 documentation on incident management and audit history logging.

Show Answer
asked 27/11/2024
Anna Panagiotidou
34 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms