FCP – FortiClient Administrator 7.2 — Question 17
Which security fabric component sends a notification to quarantine an endpoint after IOC detection in the automation process?
Answer options
- A. FortiAnalyzer
- B. FortiGate
- C. FortiClient EMS
- D. FortiClient
Correct answer: B
Explanation
The correct answer is FortiGate, as it acts as the primary enforcement point in the security fabric, sending notifications to quarantine endpoints upon IOC detection. FortiAnalyzer and FortiClient EMS do not have the capability to initiate quarantine actions, while FortiClient simply resides on the endpoint and does not manage quarantine notifications.