FCP – FortiAnalyzer Analyst 7.4 — Question 13

Which log will generate an event with the status Contained?

Answer options

• A. An IPS log with action=pass.
• B. An AV log with action=quarantine.
• C. A WebFilter log with action=dropped.
• D. An AppControl log with action=blocked.

Correct answer: B

Explanation

The correct answer is B, as an AV log with action=quarantine indicates that the threat has been contained. The other options do not represent containment; for example, action=pass means no action was taken, while action=dropped and action=blocked indicate that the request was denied but do not signify that a threat was contained.