FCP – FortiAnalyzer Analyst 7.6 — Question 16

When managing incidents on FortiAnalyzer, which fact must an analyst be aware of?

Answer options

• A. The status of the incident is always linked to the status of the attached event.
• B. A playbook can be run from the Incidents page.
• C. Incidents must be acknowledged before they can be analyzed.
• D. Indicators found on the Incidents page can be enriched only from the Indicators page.

Correct answer: B

Explanation

The correct answer is B because it is possible to run a playbook directly from the Incidents page, allowing for efficient incident management. The other options are incorrect; incident status is not always tied to event status, acknowledgment is not a prerequisite for analysis, and indicators can often be enriched through various means, not just the Indicators page.