NSE 5 — FortiAnalyzer 7.2 — Question 46

Which log will generate an event with the status Contained?

Answer options

• A. An IPS log with action=pass.
• B. AWebFilter log with action=dropped.
• C. An AV log with action=quarantine.
• D. An AppControl log with action=blocked.

Correct answer: C

Explanation

The correct answer is C, as an AV log with action=quarantine signifies that a threat has been detected and contained, thus reflecting a Contained status. The other options indicate different actions that do not imply containment of a threat, such as passing, dropping, or blocking.