FCP – FortiClient Administrator 7.4 — Question 10

The security team plans to leverage their existing Fortinet Security Fabric infrastructure to create an automated response capability to isolate compromised endpoints. Their environment consists of FortiClient EMS, FortiGate firewalls, and FortiAnalyzer.
Which two configurations are required to quarantine endpoints based on indicator of compromise (IOC) verdicts from the security fabric deployment? (Choose two.)

Answer options

• A. A FortiAnalyzer playbook configured to notify FortiGate about IOC incidents
• B. An automation stitch configured on FortiGate for host quarantine
• C. FortiClient configured to send traffic and security logs to FortiAnalyzer
• D. The IOC feature enabled in the malware endpoint protection profile

Correct answer: B, D

Explanation

The correct answers are B and D. An automation stitch on FortiGate is essential for executing the host quarantine process, and enabling the IOC feature in the malware endpoint protection profile allows the system to react to detected threats. Options A and C, while useful, do not directly contribute to the endpoint quarantine based on IOC verdicts.