View all questions & answers for the NSE 5 - FortiAnalyzer 7.4 Analyst Exam Materials exam


Question 5 Discussion

Which log will generate an event with the status Unhandled? (Choose one answer)

  • A. A WebFilter log with action=dropped.
  • B. An IPS log with action=pass.
  • C. An AppControl log with action=blocked.
  • D. An AV log with action=quarantine.
Correct Answer: B

Brave-Dump Clients Votes

B 100%

Comments



Ibrahim Eldesoki 2025-04-06 14:45:28

Selected Answers: B


with the status Unhandled answer yes B,
Events in FortiAnalyzer can be in one of four statuses. The current status will determine if more actions need to be taken by the security team or not.

The possible statuses are:

Unhandled: The security event risk is not mitigated or contained, so it is considered open.
For example, an IPS/AV log with action=pass will have the event status Unhandled.
Botnet and IoC events are also considered Unhandled.

Contained: The risk source is isolated.
For example, an AV log with action=quarantine will have the event status Contained.

Mitigated: The security risk is mitigated by being blocked or dropped.
For example, an IPS/AV log with action=block/drop will have the event status Mitigated.

(Blank): Other scenarios.
For example, both allow and block actions can be seen in logs associated with that event.