Exam FCP_FAZ_AN-7.4 Topic 3 Question 39 Discussion
Actual exam question for Fortinet's FCP_FAZ_AN-7.4 exam
Question #: 39
Topic #: 3
Question #: 39
Topic #: 3
Exhibit.

Which statement about the event displayed is correct?

Which statement about the event displayed is correct?
Suggested Answer: B Vote an answer
In FortiOS and FortiAnalyzer logging systems, when an event has a status of"Mitigated"in theEvent Status column, it typically indicates that the system took action to address the identified threat. In this case, theWeb Filterblocked the web request to a suspicious destination, and the event status "Mitigated" confirms that the action was successfully implemented to neutralize or block the security risk.
Let's review the answer options:
* Option A: The risk source is isolated.
* This is incorrect because "isolated" would imply that FortiGate took further steps to prevent the source device from communicating with the network. There is no indication of isolation in this event status.
* Option B: The security risk was blocked or dropped.
* This is correct. The"Mitigated"status, along with theWeb Filterevent type and the accompanying description, implies that the FortiGate or FortiAnalyzer successfully blocked or dropped the suspicious web request, which corresponds to the term "mitigated."
* Option C: The security event risk is considered open.
* This is incorrect because an open status would indicate that no action was taken, or the threat is still present. The "Mitigated" status indicates that the threat has been addressed.
* Option D: An incident was created from this event.
* This option is not correct or evident based on the given display. Although FortiAnalyzer or FortiGate could escalate certain events to incidents, this is not indicated here.
References:
* The FortiOS 7.4.1 and FortiAnalyzer 7.4.1 documentation specify that"Mitigated"status in logs means the identified threat was handled, usually by blocking or dropping the action associated with the event, particularly with Web Filter and Security Policy logs.
Let's review the answer options:
* Option A: The risk source is isolated.
* This is incorrect because "isolated" would imply that FortiGate took further steps to prevent the source device from communicating with the network. There is no indication of isolation in this event status.
* Option B: The security risk was blocked or dropped.
* This is correct. The"Mitigated"status, along with theWeb Filterevent type and the accompanying description, implies that the FortiGate or FortiAnalyzer successfully blocked or dropped the suspicious web request, which corresponds to the term "mitigated."
* Option C: The security event risk is considered open.
* This is incorrect because an open status would indicate that no action was taken, or the threat is still present. The "Mitigated" status indicates that the threat has been addressed.
* Option D: An incident was created from this event.
* This option is not correct or evident based on the given display. Although FortiAnalyzer or FortiGate could escalate certain events to incidents, this is not indicated here.
References:
* The FortiOS 7.4.1 and FortiAnalyzer 7.4.1 documentation specify that"Mitigated"status in logs means the identified threat was handled, usually by blocking or dropping the action associated with the event, particularly with Web Filter and Security Policy logs.
by Janet at May 31, 2025, 08:58 AM
Contact Us
If you have any question please leave me your email address, we will reply and send email to you in 12 hours.
Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday
Support: Contact now
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).