Examice

Exam nse7_led-70 All QuestionsBrowse all questions from this exam

Question 21

Refer to the exhibit.

Examine the FortiGate configuration, FortiAnalyzer logs, and FortiGate widget shown in the exhibit.

An administrator is testing the Security Fabric quarantine automation. The administrator added FortiAnalyzer to the Security Fabric, and configured an automation stitch to automatically quarantine compromised devices. The test device (10.0.2.1) is connected to a managed FortiSwitch device.

After trying to access a malicious website from the test device, the administrator verifies that FortiAnalyzer has a log for the test connection. However, the device is not getting quarantined by FortiGate, as shown in the quarantine widget.

Which two scenarios are likely to cause this issue? (Choose two.)

The web filtering rating service is not working.

FortiAnalyzer does not have a valid threat detection services license.

The device does not have FortiClient installed.

FortiAnalyzer does not consider the malicious website an indicator of compromise (IOC).

Correct Answer: B, D

The primary purpose of the automation stitch is to quarantine compromised devices based on threat detection. Two scenarios that can prevent this from happening are FortiAnalyzer not having a valid threat detection services license and FortiAnalyzer not considering the malicious website an indicator of compromise (IOC). These issues would result in the FortiAnalyzer not flagging the threat accurately, thus not triggering the automated quarantine action.

Discussion

ArtbrutOptions: BD

study guide p. 289 / 290

ArtbrutOptions: BC

Have to correct myself - B and C and https://community.fortinet.com/t5/FortiClient/Technical-Tip-Quarantine-FortiClient-endpoints-automatically/ta-p/300128

cristianodavid

Hey, attention please. The origin interface is STUDENT to WAN, isn't ssl-vpn to WAN to use to Forticlient. study guide p. 289 / 290

BBell29128

Which study guide are you referencing?