View all questions & answers for the NSE 5 - FortiAnalyzer 7.4 Analyst Exam Materials exam


Question 14 Discussion

Refer to the exhibit. Which statement about the event displayed is correct? (Choose one answer)

  • A. An incident was created from this event.
  • B. The security risk was blocked or dropped.
  • C. The risk source is isolated.
  • D. The security event risk is considered open.
Correct Answer: B

Brave-Dump Clients Votes

B 100%

Comments



Ibrahim Eldesoki 2025-04-06 21:48:46

Selected Answers: B


Unhandled: The security event risk is not mitigated or contained, so it is considered open.
For example, an IPS/AV log with action=pass will have the event status Unhandled.
Botnet and IoC events are also considered Unhandled.

Contained: The risk source is isolated.
For example, an AV log with action=quarantine will have the event status Contained.

Mitigated: The security risk is mitigated by being blocked or dropped.
For example, an IPS/AV log with action=block/drop will have the event status Mitigated.

(Blank): Other scenarios.
For example, both allow and block actions can be seen in logs associated with that event.