Fortinet Exam FCP_FCT_AD-7.2 Topic 2 Question 26 Discussion

Actual exam question for Fortinet's FCP_FCT_AD-7.2 exam

Question #: 26
Topic #: 2

[All FCP_FCT_AD-7.2 Questions]

Refer to the exhibit.

Based on the FortiClient tog details shown in the exhibit, which two statements ace true? (Choose two.)

AThe filename Is Unconfirmed 899290.crdovnload.

BThe file status is Quarantined

CThe filename is sent to FortiSandbox for further inspection.

DThe file location is \??\D:\Users\.

Show Suggested Answer

Suggested Answer: D

Based on the FortiClient logs shown in the exhibit:

The first log entry shows the application 'firefox.exe' trying to access a destination IP, with the threat identified as 'Twitter.'

The action taken by the application firewall is 'blocked' with the event type 'appfirewall.'

This indicates that the application firewall has blocked access to Twitter.

Reference

FortiClient EMS 7.2 Study Guide, Application Firewall Logs Section

Fortinet Documentation on Interpreting FortiClient Logs

by Caren at Mar 23, 2025, 04:17 PM

Limited Time Offer

25%

Off

Contribute your Thoughts:

Submit Cancel

1 days ago

Sending it to FortiSandbox for further inspection is a good call. Can't be too careful when it comes to potential malware, you know?

upvoted 0 times

...

3 days ago

The filename looks a bit sketchy, but I'm not sure if it's actually unconfirmed. And quarantining the file is a smart move, just to be safe.

upvoted 0 times

...

4 days ago

I agree with you, Lizette. The file status is Quarantined and the filename is sent to FortiSandbox for further inspection.

upvoted 0 times

...

6 days ago

I think the correct answers are B and C.

upvoted 0 times

...