ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE7_OTS-6.4 All Questions

View all questions & answers for the NSE7_OTS-6.4 exam
Go to Exam

Exam NSE7_OTS-6.4 topic 1 question 18 discussion

Actual exam question from Fortinet's NSE7_OTS-6.4
Question #: 18
Topic #: 1
[All NSE7_OTS-6.4 Questions]

An OT administrator is defining an incident notification policy using FortiSIEM and would like to configure the system with a notification policy. If an incident occurs, the administrator would like to be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM.
Which step must the administrator take to achieve this task?

  • A. Configure a fabric connector with a notification policy on FortiSIEM to connect with FortiGate.
  • B. Create a notification policy and define a script/remediation on FortiSIEM.
  • C. Define a script/remediation on FortiManager and enable a notification rule on FortiSIEM.
  • D. Deploy a mitigation script on Active Directory and create a notification policy on FortiSIEM.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Ben1224 at Oct. 18, 2022, 6:40 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
azjlmpang
2 months, 2 weeks ago
Selected Answer: B
FortiSiem
upvoted 1 times
...
ali_red
8 months, 2 weeks ago
Selected Answer: B
should be B
upvoted 1 times
...
Spippolo
10 months, 2 weeks ago
Selected Answer: B
Remediation can be performed either on an ad-hoc basis (for example, the user selects an incident that has already occurred to remediate) or using a notification policy, where the system takes the remediation action when incident happens. First, make sure the remediation script for your scenario is defined. Check the existing remediation scripts in ADMIN > Settings > General > Notification > Remediation settings. If your device is not in the list, add the needed remediation script. Incidents can be mitigated by deploying a mitigation script. For example, you can block an IP in a firewall, or disable a user in active directory. Note that this type of incident mitigation from the incident page is somewhat ad hoc and must be manually setup by the user after the incident has triggered.
upvoted 2 times
...
303User
1 year ago
B. https://fusecommunity.fortinet.com/blogs/silviu/2022/04/12/fortisiempublishingscript
upvoted 1 times
...
pochmendoza
1 year, 2 months ago
Selected Answer: B
This should be B, study guide page 226
upvoted 3 times
...
Ben1224
1 year, 2 months ago
Should this not be B
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago