Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam NSE5_FAZ-7.2 Topic 4 Question 22 Discussion

Actual exam question for Fortinet's NSE5_FAZ-7.2 exam
Question #: 22
Topic #: 4
[All NSE5_FAZ-7.2 Questions]

Which log will generate an event with the status Contained?

Show Suggested Answer Hide Answer
Suggested Answer: C

Contribute your Thoughts:

Felicidad
5 months ago
Ha! You guys are hilarious. I bet half of you are just guessing. But I'll take my chances with C. Quarantine sounds like a good time to me.
upvoted 0 times
Aleisha
3 months ago
I agree with you, I'll choose C) An AV log with action=quarantine. Quarantine does sound like the right status.
upvoted 0 times
...
Rolande
3 months ago
I'll go with D) An AppControl log with action=blocked. Sounds like the right choice to me.
upvoted 0 times
...
Zachary
4 months ago
I'm going with B) A WebFilter log with action=dropped. That's gotta be it.
upvoted 0 times
...
Dulce
4 months ago
I think A) An IPS log with action=pass is the one that generates an event with the status Contained.
upvoted 0 times
...
Annette
4 months ago
I agree with you, C) An AV log with action=quarantine sounds like the right choice.
upvoted 0 times
...
Lachelle
4 months ago
I'm going with D) An AppControl log with action=blocked.
upvoted 0 times
...
Willodean
4 months ago
I think it's A) An IPS log with action=pass.
upvoted 0 times
...
Rebecka
4 months ago
I agree with you, C sounds like the most logical choice. Quarantine it is!
upvoted 0 times
...
Geraldine
4 months ago
I think D is the correct answer. Blocked sounds pretty final.
upvoted 0 times
...
Kanisha
4 months ago
I'm going with A. Pass seems like the right status.
upvoted 0 times
...
...
Viola
5 months ago
Nah, I think you're all missing the point. The AppControl log is where the magic happens. Blocked is the new black, am I right?
upvoted 0 times
Norah
4 months ago
I think the WebFilter log with action=dropped is also important, but AppControl log is definitely key.
upvoted 0 times
...
Lenita
4 months ago
I agree, AppControl log with action=blocked is where the real action is.
upvoted 0 times
...
...
Delisa
5 months ago
I agree with Ressie, the status Contained seems more likely to be generated by an IPS log with action=pass.
upvoted 0 times
...
Ressie
5 months ago
But the question specifically mentions the status Contained, which makes me think it's A.
upvoted 0 times
...
Denny
5 months ago
I disagree, I believe it's C) An AV log with action=quarantine.
upvoted 0 times
...
Tyisha
5 months ago
Dude, the WebFilter log is the real deal. Dropped connections are where the party's at.
upvoted 0 times
...
Mary
6 months ago
C'mon, everyone knows the AV log is where it's at for some Contained action. Quarantine all the way!
upvoted 0 times
Alfreda
5 months ago
No way, it's definitely the AV log with action=quarantine.
upvoted 0 times
...
Pearly
5 months ago
I think it's actually the IPS log with action=pass.
upvoted 0 times
...
...
Ressie
6 months ago
I think the answer is A) An IPS log with action=pass.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77