Fortinet Exam FCSS_ADA_AR-6.7 Topic 3 Question 3 Discussion

Actual exam question for Fortinet's FCSS_ADA_AR-6.7 exam

Question #: 3
Topic #: 3

[All FCSS_ADA_AR-6.7 Questions]

Refer to the exhibit.

An administrator wants to remediate the incident from FortiSIEM shown in the exhibit.

What option is available to the administrator?

AQuarantine IP FortiClient

BRun the block domain Windows DNS

CRun the block MAC FortiOS

DRun the block IP FortiOS 5.4
The incident shown in the exhibit indicates that a firewall detected malware but could not remediate it. The firewall identified the EICAR_TEST_FILE virus and logged the source IP (10.0.3.10) as the origin of the threat.
To remediate this, the administrator should take action at the network level, specifically using FortiOS to block the source IP address. The option 'Run the block IP FortiOS 5.4' provides the ability to block traffic from the infected IP at the firewall level, effectively preventing further threats from that source.

Show Suggested Answer

Suggested Answer: D

by Shawna at Apr 03, 2025, 08:47 AM

Limited Time Offer

25%

Off

Get Premium FCSS_ADA_AR-6.7 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Jacquelyne

6 days ago

I'm not sure, but I think option D makes sense. It's important to take action at the network level to remediate the incident.

upvoted 0 times

...

Verda

9 days ago

I agree with Dusti. Blocking the source IP at the firewall level is the best way to prevent further threats from that source.

upvoted 0 times

...

Dusti

26 days ago

I think the answer is D) Run the block IP FortiOS 5.4 because it allows the administrator to block the infected IP at the firewall level.

upvoted 0 times

...