Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Fortinet Exam FCP_FCT_AD-7.2 Topic 4 Question 10 Discussion

Actual exam question for Fortinet's FCP_FCT_AD-7.2 exam
Question #: 10
Topic #: 4
[All FCP_FCT_AD-7.2 Questions]

Refer to the exhibits.

Based on the FortiGate Security Fabric settings shown in the exhibits, what must an administrator do on the EMS server to successfully quarantine an endpoint. when it is detected as a compromised host (loC)?

Show Suggested Answer Hide Answer
Suggested Answer: A

Based on the FortiClient logs shown in the exhibit:

The first log entry shows the application 'firefox.exe' trying to access a destination IP, with the threat identified as 'Twitter.'

The action taken by the application firewall is 'blocked' with the event type 'appfirewall.'

This indicates that the application firewall has blocked access to Twitter.

Reference

FortiClient EMS 7.2 Study Guide, Application Firewall Logs Section

Fortinet Documentation on Interpreting FortiClient Logs


by Golda at Jul 16, 2024, 03:08 AM

Limited Time Offer

25%

Off

Get Premium FCP_FCT_AD-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Casie
1 months ago
Enabling FQDN on EMS? Is that like setting up a dating profile for your server? 'Looking for a compatible FortiGate to quarantine with.'
upvoted 0 times
Gearldine
23 days ago
Yeah, it's more about making sure the endpoint can be properly identified and managed.
upvoted 0 times
...
Stacey
25 days ago
I think enabling FQDN on EMS is more about identifying the endpoint by its fully qualified domain name.
upvoted 0 times
...
Meaghan
29 days ago
Haha, that's a funny way to think about it!
upvoted 0 times
...
...
Trevor
2 months ago
D is the way to go! SSH is the secret sauce for quarantining those pesky compromised hosts. Gotta love a good ol' terminal session.
upvoted 0 times
...
Keshia
2 months ago
I bet the answer is B. Enabling FQDN on EMS sounds like the key to making this work. Who needs SSH when you've got FQDN, am I right?
upvoted 0 times
Giuseppe
9 days ago
I'm not sure, but enabling FQDN on EMS does sound like a good idea. It could be the key to making it work.
upvoted 0 times
...
Whitney
10 days ago
I agree with you, C sounds like the correct option to successfully quarantine an endpoint.
upvoted 0 times
...
Josephine
1 months ago
I think the answer is C. Authorizing FortiGate on FortiAnalyzer seems like the right step to take.
upvoted 0 times
...
...
Leatha
2 months ago
Hmm, I'm not sure about this one. Enabling remote HTTPS access to EMS seems like a good option, but I'm curious about the other choices too.
upvoted 0 times
...
Clay
2 months ago
I think the answer is C. The FortiGate needs to be authorized on the FortiAnalyzer to successfully quarantine the endpoint.
upvoted 0 times
Wilburn
14 hours ago
I see your point. Let's go with option C then.
upvoted 0 times
...
Annice
3 days ago
I don't think so. Enabling FQDN on EMS might be more relevant for this scenario.
upvoted 0 times
...
Arlette
4 days ago
But what about option A? Could enabling remote HTTPS access also help in quarantining the endpoint?
upvoted 0 times
...
Quiana
1 months ago
I agree, option C seems to be the correct choice.
upvoted 0 times
...
...
Freeman
2 months ago
But enabling remote HTTPS access would allow for secure communication, which is essential for quarantining an endpoint.
upvoted 0 times
...
Johna
2 months ago
I disagree, I believe the correct answer is D) The administrator must enable SSH access to EMS.
upvoted 0 times
...
Freeman
2 months ago
I think the answer is A) The administrator must enable remote HTTPS access to EMS.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77