NSE 7 – Zero Trust Access 7.2 — Question 9

Which statement is true regarding a FortiClient quarantine using FortiAnalyzer playbooks?

Answer options

• A. FortiGate sends a notification to FortiClient EMS to quarantine the endpoint.
• B. FortiAnalyzer discovers malicious activity in the logs and notifies FortiGate.
• C. FortiAnalyzer sends an API to FortiClient EMS to quarantine the endpoint.
• D. FortiClient sends logs to FortiAnalyzer.

Correct answer: C

Explanation

The correct answer is C because FortiAnalyzer indeed sends an API request to FortiClient EMS to perform the quarantine action. Option A is incorrect as it misattributes the notification process to FortiGate instead of FortiAnalyzer. Option B is also incorrect since it suggests FortiAnalyzer alerts FortiGate rather than directly managing the quarantine via an API. Option D is unrelated to the quarantine process.