FCP – FortiAnalyzer Analyst 7.4 — Question 18

When managing incidents on FortiAnalyzer, what must an analyst be aware of?

Answer options

• A. The status of the incident is always linked to the status of the attached event.
• B. Incidents must be acknowledged before they can be analyzed.
• C. Severity incidents rated with the level High have an initial service-level agreement (SLA) response time of 1 hour.
• D. You can manually attach generated reports to incidents.

Correct answer: D

Explanation

The correct answer is D because FortiAnalyzer allows users to manually attach reports to incidents for better documentation and tracking. Option A is incorrect as the incident's status may not always correlate directly with the event's status. Option B is also inaccurate since acknowledgment is not a prerequisite for analysis in FortiAnalyzer. Option C is misleading because while High severity incidents may have a specific SLA, the focus of the question is on report attachment.