Automated Actions and Event Triggers in FortiOS Quiz

Questions and Answers

Which setting can be configured to avoid receiving repeat notifications about the same event?

• Event-interval in seconds
• Minimum-interval in seconds (correct)
• Maximum-interval in seconds
• Notification-interval in seconds

What are the two types of automation triggers that can be created?

• Hardware and software
• Preconfigured and custom (correct)
• Basic and advanced
• Internal and external

What is the default CPU utilization threshold for the set cpu-usage-threshold CLI command?

• 90% (correct)
• 85%
• 95%
• 80%

What does the High_CPU_Trigger custom trigger identify?

When the FortiGate exceeds the CPU utilization threshold (D)

What does the Admin_Login_Failure custom trigger identify?

When a user attempts to log in to FortiGate using an invalid password (C)

What is the Collect_Diagnostics_Action custom automation action?

A custom CLI script consisting of various diagnostic commands (A)

What is the Email_Diagnostics_Action custom automation action?

An action that sends an email message to staff to notify them that a FortiGate device has experienced a period of high CPU utilization (D)

What is the purpose of automation stitches?

To define the event that instructs FortiOS to take one or more actions (A)

What is the default CPU utilization threshold for the High_CPU_Trigger custom trigger?

90% (B)

What is the purpose of the Collect_Diagnostics_Action custom automation action?

To run a custom CLI script consisting of various diagnostic commands that help to identify the cause of performance issues on FortiGate (D)

Which device can trigger event handlers for automated actions in the Security Fabric?

Any device in the Security Fabric (C)

What is the purpose of the Minimum interval setting in configuring automated actions?

To prevent the administrator from receiving repeat alert notifications about the same event (D)

What are automated workflows in FortiOS called?

Stitches (D)

Can stitches be configured for devices outside of the Security Fabric?

Yes, stitches can be configured for any device (A)

Where should stitches be configured if a Security Fabric is present?

On all FortiGate devices in the Security Fabric (A)

Do stitches need to be reconfigured on each leaf FortiGate device?

No, stitches configured on the root FortiGate are pushed to the relevant leaf FortiGate devices (C)

What is the purpose of automation stitches in FortiOS?

To take appropriate action when the Security Fabric detects a threat or other actionable event (D)

What are some examples of event sources that can trigger automation stitches?

FortiOS event logs with customizable filters, IoC’s, and event handlers from FortiAnalyzer (A)

Is a Security Fabric required to use stitches in FortiOS?

No, a Security Fabric is not required to use stitches (C)

Can automation stitches be used to detect events from sources outside of FortiOS?

Yes, automation stitches can detect events from many sources (A)

Flashcards are hidden until you start studying