New Year Sale ! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam NSE8_812 Topic 1 Question 32 Discussion

Actual exam question for Fortinet's NSE8_812 exam
Question #: 32
Topic #: 1
[All NSE8_812 Questions]

Refer to the exhibit showing a FortiSOAR playbook.

You are investigating a suspicious e-mail alert on FortiSOAR, and after reviewing the executed playbook, you can see that it requires intervention.

What should be your next step?

Show Suggested Answer Hide Answer
Suggested Answer: A

The exhibited playbook requires intervention, which means that the playbook has reached a point where it needs a human operator to take action. The next step should be to go to the Incident Response tasks dashboard and run the pending actions. This will allow you to see the pending actions that need to be taken and to take those actions.

The other options are not correct. Option B will only show you the notification icon, but it will not allow you to run the pending input action. Option C will run the Mark Drive by Download playbook action, but this is not the correct action to take in this case. Option D is not a valid option.

Here are some additional details about pending actions in FortiSOAR:

Pending actions are actions that need to be taken by a human operator.

Pending actions are displayed in the Incident Response tasks dashboard.

Pending actions can be run by clicking on the action in the dashboard.


Contribute your Thoughts:

Billy
2 months ago
Running the pending actions? That's a no-brainer. Unless, of course, you're a brain-brainer. Then it might be a bit of a head-scratcher.
upvoted 0 times
...
Rosalind
2 months ago
Reply to the email? What is this, the Pony Express? We're in the 21st century, folks. FortiSOAR's got this.
upvoted 0 times
Daniel
29 days ago
C) Run the Mark Drive by Download playbook action
upvoted 0 times
...
Alise
1 months ago
B) Click on the notification icon on FortiSOAR GUI and run the pending input action
upvoted 0 times
...
Cherri
2 months ago
A) Go to the Incident Response tasks dashboard and run the pending actions
upvoted 0 times
...
...
Truman
2 months ago
Mark Drive by Download? Nah, that's not quite what we're after. Let's stick to the Incident Response tasks.
upvoted 0 times
Clarinda
1 months ago
C) Run the Mark Drive by Download playbook action
upvoted 0 times
...
Lilli
2 months ago
B) Click on the notification icon on FortiSOAR GUI and run the pending input action
upvoted 0 times
...
Merilyn
2 months ago
A) Go to the Incident Response tasks dashboard and run the pending actions
upvoted 0 times
...
...
Lezlie
3 months ago
Ah, the notification icon, of course! That's the quickest way to get those pending actions running.
upvoted 0 times
...
Yuette
3 months ago
Hmm, looks like we need to intervene. I'm thinking the Incident Response tasks dashboard is the way to go here.
upvoted 0 times
Rodolfo
1 months ago
User4: No, let's stick to the Incident Response tasks dashboard for now.
upvoted 0 times
...
Brice
2 months ago
Should we also check the notification icon on FortiSOAR GUI?
upvoted 0 times
...
Willard
2 months ago
Sounds good, let's run the pending actions there.
upvoted 0 times
...
Mertie
2 months ago
C) Run the Mark Drive by Download playbook action
upvoted 0 times
...
Cordelia
2 months ago
B) Click on the notification icon on FortiSOAR GUI and run the pending input action
upvoted 0 times
...
Charlesetta
2 months ago
I agree, let's go to the Incident Response tasks dashboard.
upvoted 0 times
...
Raul
2 months ago
A) Go to the Incident Response tasks dashboard and run the pending actions
upvoted 0 times
...
...
Valentin
3 months ago
I would go with B) Click on the notification icon on FortiSOAR GUI and run the pending input action. It might provide more specific instructions.
upvoted 0 times
...
Olive
3 months ago
I agree with Afton. It makes sense to follow the playbook and take action on the pending tasks.
upvoted 0 times
...
Afton
3 months ago
I think the next step should be A) Go to the Incident Response tasks dashboard and run the pending actions.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77