Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam FCP_FCT_AD-7.2 Topic 1 Question 3 Discussion

Actual exam question for Fortinet's FCP_FCT_AD-7.2 exam
Question #: 3
Topic #: 1
[All FCP_FCT_AD-7.2 Questions]

Refer to the exhibits.

Based on the FortiGate Security Fabric settings shown in the exhibits, what must an administrator do on the EMS server to successfully quarantine an endpoint. when it is detected as a compromised host (loC)?

Show Suggested Answer Hide Answer
Suggested Answer: A

Based on the FortiGate Security Fabric settings shown in the exhibits, to successfully quarantine an endpoint when it is detected as a compromised host (IOC), the following step is required:

Enable Remote HTTPS Access to EMS: This setting allows FortiGate to communicate securely with FortiClient EMS over HTTPS. Remote HTTPS access is essential for the quarantine functionality to operate correctly, enabling the EMS server to receive and act upon the quarantine commands from FortiGate.

Therefore, the administrator must enable remote HTTPS access to EMS to allow the quarantine process to function properly.

Reference

FortiGate Infrastructure 7.2 Study Guide, Security Fabric and Integration with EMS Sections

Fortinet Documentation on Enabling Remote HTTPS Access to FortiClient EMS


Contribute your Thoughts:

Marta
5 months ago
You got that right, Elbert! This certification is no joke. Better study up on that FortiGate Security Fabric configuration if you want to pass.
upvoted 0 times
Geraldo
4 months ago
Make sure to review the FortiGate Security Fabric settings in the exhibits to be fully prepared.
upvoted 0 times
...
Boris
4 months ago
That's correct. SSH access is needed for the EMS server to quarantine an endpoint.
upvoted 0 times
...
Shawana
5 months ago
I think the administrator must enable SSH access to EMS for successful quarantine.
upvoted 0 times
...
Toshia
5 months ago
I know, this certification exam is no joke. I've been studying hard.
upvoted 0 times
...
...
Elbert
5 months ago
Haha, I bet the exam writers are having a field day coming up with these trick questions. Just when you think you've got it, they throw in another twist!
upvoted 0 times
...
Sol
5 months ago
That's a good point, Carmen. But I think the key here is the authorization on the FortiAnalyzer. Without that, the quarantine process won't work, no matter what else we do.
upvoted 0 times
...
Carmen
5 months ago
Hmm, I'm not sure about that. Shouldn't we also enable remote HTTPS access to the EMS server? I mean, how else is the FortiGate going to communicate with it?
upvoted 0 times
Marylin
5 months ago
Maybe enabling FQDN on EMS could also help in successfully quarantining an endpoint.
upvoted 0 times
...
Aileen
5 months ago
I think you're right. Enabling remote HTTPS access to the EMS server seems necessary for communication.
upvoted 0 times
...
...
Alishia
6 months ago
I agree with Nickolas. The exhibits show the FortiGate Security Fabric settings, and the question is asking about the actions required on the EMS server. Authorizing the FortiGate on the FortiAnalyzer seems like the logical step.
upvoted 0 times
Kenny
5 months ago
I agree, authorizing FortiGate on FortiAnalyzer seems like the right step.
upvoted 0 times
...
Mabel
5 months ago
I think enabling SSH access to EMS might also be necessary.
upvoted 0 times
...
...
Nickolas
6 months ago
The answer seems to be C. The FortiGate needs to be authorized on the FortiAnalyzer to successfully quarantine the endpoint.
upvoted 0 times
Malissa
5 months ago
That makes sense. Option C it is then.
upvoted 0 times
...
Yvette
6 months ago
Yes, I agree. FortiGate needs to be authorized on FortiAnalyzer for successful quarantine.
upvoted 0 times
...
Mariann
6 months ago
I think you're right, option C seems to be the correct one.
upvoted 0 times
...
...
Jesusita
6 months ago
I disagree, I believe the correct answer is D) The administrator must enable SSH access to EMS.
upvoted 0 times
...
Jacob
6 months ago
I think the answer is A) The administrator must enable remote HTTPS access to EMS.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77