Fortinet Exam NSE8_812 Topic 1 Question 32 Discussion

Actual exam question for Fortinet's NSE8_812 exam

Question #: 32
Topic #: 1

Refer to the exhibit showing a FortiSOAR playbook.

You are investigating a suspicious e-mail alert on FortiSOAR, and after reviewing the executed playbook, you can see that it requires intervention.

What should be your next step?

AGo to the Incident Response tasks dashboard and run the pending actions

BClick on the notification icon on FortiSOAR GUI and run the pending input action

CRun the Mark Drive by Download playbook action

DReply to the e-mail with the requested Playbook action

Show Suggested Answer

Suggested Answer: A

The exhibited playbook requires intervention, which means that the playbook has reached a point where it needs a human operator to take action. The next step should be to go to the Incident Response tasks dashboard and run the pending actions. This will allow you to see the pending actions that need to be taken and to take those actions.

The other options are not correct. Option B will only show you the notification icon, but it will not allow you to run the pending input action. Option C will run the Mark Drive by Download playbook action, but this is not the correct action to take in this case. Option D is not a valid option.

Here are some additional details about pending actions in FortiSOAR:

Pending actions are actions that need to be taken by a human operator.

Pending actions are displayed in the Incident Response tasks dashboard.

Pending actions can be run by clicking on the action in the dashboard.

by Carman at Sep 18, 2024, 05:03 PM

Limited Time Offer

25%

26 days ago

I think the next step should be A) Go to the Incident Response tasks dashboard and run the pending actions.

upvoted 0 times

...