nse5_faz-72 Exam QuestionsBrowse all questions from this exam
Go to Exam

nse5_faz-72 Exam - Question 30

Refer to the exhibit.

Which statement is correct regarding the event displayed?

Show Answer
Correct Answer: A

The exhibit shows an entry indicating web traffic to a Command and Control (C&C) server from the IP address 10.0.3.20. The event status is marked as 'Unhandled,' which implies that the security risk from this event has not been mitigated, contained, or resolved. Therefore, this means that the security event risk is still open.

Discussion

3 comments
Sign in to comment
DaniSerbOption: A
Nov 15, 2023

Unhandled: The security event risk is not mitigated or contained, so it is considered open. For example, an IPS/AV log with action=pass will have the event status Unhandled. Botnet and IoC events are also considered Unhandled. Reference: FortiAnalyzer Analyst Study Guide for FortiAnalyzer 7.2

Thomas_2020Option: A
Dec 24, 2023

A is Correct, Page 206 Faz 7.0

Halmonte0780Option: A
May 19, 2024

FortiAnalyzer Analyst Study Guide for FortiAnalyzer 7.2 page 111