Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Fortinet Exam NSE5_FAZ-7.2 Topic 3 Question 12 Discussion

Actual exam question for Fortinet's NSE5_FAZ-7.2 exam
Question #: 12
Topic #: 3
[All NSE5_FAZ-7.2 Questions]

Which log will generate an event with the status Contained?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Alishia at Jan 27, 2024, 01:05 AM

Limited Time Offer

25%

Off

Get Premium NSE5_FAZ-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Leigha
24 days ago
Yeah, I agree. I'm going to go with B) WebFilter log with action=dropped. It just feels more intuitive to me that a 'Contained' event would be associated with a dropped action, rather than a quarantine.
upvoted 0 times
...
Carmen
25 days ago
You know, I was thinking the same thing. The WebFilter log with action=dropped could also be a valid answer. This exam is really trying to trip us up with these subtle differences.
upvoted 0 times
...
Lucy
26 days ago
I'm not so sure about that. Wouldn't a WebFilter log with action=dropped also generate a 'Contained' event? The question doesn't specify the type of log, just that it should generate a 'Contained' event.
upvoted 0 times
...
Leota
27 days ago
Hmm, this is a tricky one. I think the answer is C) An AV log with action=quarantine. That would generate a 'Contained' event, right? The other options don't seem to fit the description.
upvoted 0 times
Lina
6 days ago
Not right now, but I'll keep that in mind. Thanks again!
upvoted 0 times
...
Kelvin
7 days ago
You're welcome! Do you have any other questions?
upvoted 0 times
...
Lonny
8 days ago
Oh, I see. Thanks for clarifying!
upvoted 0 times
...
Luis
9 days ago
Yes, that's correct. An AppControl log with action=blocked will generate an event with the status Contained.
upvoted 0 times
...
Flo
10 days ago
Could it be D) An AppControl log with action=blocked?
upvoted 0 times
...
Sheridan
11 days ago
No, that's not correct. Think about the different log types and their actions.
upvoted 0 times
...
Charlie
12 days ago
I think the answer is C) An AV log with action=quarantine.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77