nse7_led-70 Exam QuestionsBrowse all questions from this exam
Go to Exam

nse7_led-70 Exam - Question 21

Refer to the exhibit.

Examine the FortiGate configuration, FortiAnalyzer logs, and FortiGate widget shown in the exhibit.

An administrator is testing the Security Fabric quarantine automation. The administrator added FortiAnalyzer to the Security Fabric, and configured an automation stitch to automatically quarantine compromised devices. The test device (10.0.2.1) is connected to a managed FortiSwitch device.

After trying to access a malicious website from the test device, the administrator verifies that FortiAnalyzer has a log for the test connection. However, the device is not getting quarantined by FortiGate, as shown in the quarantine widget.

Which two scenarios are likely to cause this issue? (Choose two.)

Show Answer
Correct Answer: BD

The primary purpose of the automation stitch is to quarantine compromised devices based on threat detection. Two scenarios that can prevent this from happening are FortiAnalyzer not having a valid threat detection services license and FortiAnalyzer not considering the malicious website an indicator of compromise (IOC). These issues would result in the FortiAnalyzer not flagging the threat accurately, thus not triggering the automated quarantine action.

Discussion

3 comments
Sign in to comment
ArtbrutOptions: BD
Mar 21, 2024

study guide p. 289 / 290

ArtbrutOptions: BC
Mar 29, 2024

Have to correct myself - B and C and https://community.fortinet.com/t5/FortiClient/Technical-Tip-Quarantine-FortiClient-endpoints-automatically/ta-p/300128

cristianodavid
May 12, 2024

Hey, attention please. The origin interface is STUDENT to WAN, isn't ssl-vpn to WAN to use to Forticlient. study guide p. 289 / 290

BBell29128
Jun 2, 2024

Which study guide are you referencing?