ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam FCP_FCT_AD-7.2 All Questions

View all questions & answers for the FCP_FCT_AD-7.2 exam
Go to Exam

Exam FCP_FCT_AD-7.2 topic 1 question 17 discussion

Actual exam question from Fortinet's FCP_FCT_AD-7.2
Question #: 17
Topic #: 1
[All FCP_FCT_AD-7.2 Questions]

Which security fabric component sends a notification to quarantine an endpoint after IOC detection in the automation process?

  • A. FortiAnalyzer
  • B. FortiGate
  • C. FortiClient EMS
  • D. FortiClient
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by vinceandroyd at Aug. 6, 2024, 1:17 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
powermaster_777
2 days, 17 hours ago
Selected Answer: B
Answer is B. Page 129 of FortiClient EMS study guide
upvoted 1 times
...
TIGERZ44
3 months ago
Selected Answer: B
Page 129 of study guide 1.FortiClient sends logs to FortiAnalyzer. 2.FortiAnalyzer discovers IOCs in the logs and notifies FortiGate. 3.FortiGate identifies if FortiClient is a connected endpoint, and if it has FortiClient EMS as a Fabric Connector that FortiClient is connected to. With this information, FortiGate sends a notification to FortiClient EMS to quarantine the endpoint. 4.FortiClient EMS searches for the endpoint and sends a quarantine message to it. 5.The endpoint receives the quarantine message and quarantines itself, blocking all network traffic. The endpoint notifies FortiGate and EMS of the status change.
upvoted 2 times
...
vinceandroyd
4 months, 3 weeks ago
Selected Answer: B
B. FortiGate
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago