Download Valid Fortinet FCP_FAZ_AN-7.6 Dumps for Best Preparation
Exam : FCP_FAZ_AN-7.6
Title : Fortinet NSE 5 -
FortiAnalyzer 7.6 Analyst
https://www.passcert.com/FCP_FAZ_AN-7.6.html
1/9
, Download Valid Fortinet FCP_FAZ_AN-7.6 Dumps for Best Preparation
1.Which log will generate an event with the status Unhandled?
A. An AV log with action=quarantine.
B. An IPS log with action=pass.
C. A WebFilter log will action=dropped.
D. An AppControl log with action=blocked.
Answer: B
Explanation:
In FortiOS 7.4.1 and FortiAnalyzer 7.4.1, the "Unhandled" status in logs typically signifies that the
FortiGate encountered a security event but did not take any specific action to block or alter it. This usually
occurs in the context of Intrusion Prevention System (IPS) logs.
IPS logs with action=pass: When the IPS engine inspects traffic and determines that it does not match
any known attack signatures or violate any configured policies, it assigns the action "pass". Since no
action is taken to block or modify this traffic, the status is logged as "Unhandled."
Let's look at why the other options are incorrect:
An AV log with action=quarantine: Antivirus (AV) logs with the action "quarantine" indicate that a file was
detected as malicious and moved to quarantine. This is a definitive action, so the status wouldn't be
"Unhandled."
A WebFilter log will action=dropped: WebFilter logs with the action "dropped" indicate that web traffic was
blocked according to the configured web filtering policies. Again, this is a specific action taken, not an
"Unhandled" event.
An AppControl log with action=blocked: Application Control logs with the action "blocked" mean that an
application was denied access based on the defined application control rules. This is also a clear action,
not "Unhandled."
2.Exhibit.
Which statement about the event displayed is correct?
A. The risk source is isolated.
B. The security risk was blocked or dropped.
C. The security event risk is considered open.
D. An incident was created from this event.
Answer: C
3.Which statement describes archive logs on FortiAnalyzer?
A. Logs that are indexed and stored in the SQL database
B. Logs a FortiAnalyzer administrator can access in FortiView
C. Logs compressed and saved in files with the .gz extension
D. Logs previously collected from devices that are offline
Answer: C
Explanation:
In FortiAnalyzer, archive logs refer to logs that have been compressed and stored to save space. This
process involves compressing the raw log files into the .gz format, which is a common compression
2/9
Exam : FCP_FAZ_AN-7.6
Title : Fortinet NSE 5 -
FortiAnalyzer 7.6 Analyst
https://www.passcert.com/FCP_FAZ_AN-7.6.html
1/9
, Download Valid Fortinet FCP_FAZ_AN-7.6 Dumps for Best Preparation
1.Which log will generate an event with the status Unhandled?
A. An AV log with action=quarantine.
B. An IPS log with action=pass.
C. A WebFilter log will action=dropped.
D. An AppControl log with action=blocked.
Answer: B
Explanation:
In FortiOS 7.4.1 and FortiAnalyzer 7.4.1, the "Unhandled" status in logs typically signifies that the
FortiGate encountered a security event but did not take any specific action to block or alter it. This usually
occurs in the context of Intrusion Prevention System (IPS) logs.
IPS logs with action=pass: When the IPS engine inspects traffic and determines that it does not match
any known attack signatures or violate any configured policies, it assigns the action "pass". Since no
action is taken to block or modify this traffic, the status is logged as "Unhandled."
Let's look at why the other options are incorrect:
An AV log with action=quarantine: Antivirus (AV) logs with the action "quarantine" indicate that a file was
detected as malicious and moved to quarantine. This is a definitive action, so the status wouldn't be
"Unhandled."
A WebFilter log will action=dropped: WebFilter logs with the action "dropped" indicate that web traffic was
blocked according to the configured web filtering policies. Again, this is a specific action taken, not an
"Unhandled" event.
An AppControl log with action=blocked: Application Control logs with the action "blocked" mean that an
application was denied access based on the defined application control rules. This is also a clear action,
not "Unhandled."
2.Exhibit.
Which statement about the event displayed is correct?
A. The risk source is isolated.
B. The security risk was blocked or dropped.
C. The security event risk is considered open.
D. An incident was created from this event.
Answer: C
3.Which statement describes archive logs on FortiAnalyzer?
A. Logs that are indexed and stored in the SQL database
B. Logs a FortiAnalyzer administrator can access in FortiView
C. Logs compressed and saved in files with the .gz extension
D. Logs previously collected from devices that are offline
Answer: C
Explanation:
In FortiAnalyzer, archive logs refer to logs that have been compressed and stored to save space. This
process involves compressing the raw log files into the .gz format, which is a common compression
2/9
