Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam NSE5_FAZ-7.2 Topic 3 Question 12 Discussion

Actual exam question for Fortinet's NSE5_FAZ-7.2 exam
Question #: 12
Topic #: 3
[All NSE5_FAZ-7.2 Questions]

Which log will generate an event with the status Contained?

Show Suggested Answer Hide Answer
Suggested Answer: C

Contribute your Thoughts:

Leigha
8 months ago
Yeah, I agree. I'm going to go with B) WebFilter log with action=dropped. It just feels more intuitive to me that a 'Contained' event would be associated with a dropped action, rather than a quarantine.
upvoted 0 times
...
Carmen
8 months ago
You know, I was thinking the same thing. The WebFilter log with action=dropped could also be a valid answer. This exam is really trying to trip us up with these subtle differences.
upvoted 0 times
...
Lucy
8 months ago
I'm not so sure about that. Wouldn't a WebFilter log with action=dropped also generate a 'Contained' event? The question doesn't specify the type of log, just that it should generate a 'Contained' event.
upvoted 0 times
...
Leota
8 months ago
Hmm, this is a tricky one. I think the answer is C) An AV log with action=quarantine. That would generate a 'Contained' event, right? The other options don't seem to fit the description.
upvoted 0 times
Lina
7 months ago
Not right now, but I'll keep that in mind. Thanks again!
upvoted 0 times
...
Kelvin
7 months ago
You're welcome! Do you have any other questions?
upvoted 0 times
...
Lonny
8 months ago
Oh, I see. Thanks for clarifying!
upvoted 0 times
...
Luis
8 months ago
Yes, that's correct. An AppControl log with action=blocked will generate an event with the status Contained.
upvoted 0 times
...
Flo
8 months ago
Could it be D) An AppControl log with action=blocked?
upvoted 0 times
...
Sheridan
8 months ago
No, that's not correct. Think about the different log types and their actions.
upvoted 0 times
...
Charlie
8 months ago
I think the answer is C) An AV log with action=quarantine.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77