Automated Actions and Event Triggers in FortiOS Quiz

Questions and Answers

Which setting can be configured to avoid receiving repeat notifications about the same event?

Event-interval in seconds

Minimum-interval in seconds (correct)

Maximum-interval in seconds

Notification-interval in seconds

What are the two types of automation triggers that can be created?

Hardware and software

Preconfigured and custom (correct)

Basic and advanced

Internal and external

What is the default CPU utilization threshold for the set cpu-usage-threshold CLI command?

90% (correct)

85%

95%

80%

What does the High_CPU_Trigger custom trigger identify?

When the FortiGate exceeds the CPU utilization threshold

What does the Admin_Login_Failure custom trigger identify?

When a user attempts to log in to FortiGate using an invalid password

What is the Collect_Diagnostics_Action custom automation action?

A custom CLI script consisting of various diagnostic commands

What is the Email_Diagnostics_Action custom automation action?

An action that sends an email message to staff to notify them that a FortiGate device has experienced a period of high CPU utilization

What is the purpose of automation stitches?

To define the event that instructs FortiOS to take one or more actions

What is the default CPU utilization threshold for the High_CPU_Trigger custom trigger?

90%

What is the purpose of the Collect_Diagnostics_Action custom automation action?

To run a custom CLI script consisting of various diagnostic commands that help to identify the cause of performance issues on FortiGate

Which device can trigger event handlers for automated actions in the Security Fabric?

Any device in the Security Fabric

What is the purpose of the Minimum interval setting in configuring automated actions?

To prevent the administrator from receiving repeat alert notifications about the same event

What are automated workflows in FortiOS called?

Stitches

Can stitches be configured for devices outside of the Security Fabric?

Yes, stitches can be configured for any device

Where should stitches be configured if a Security Fabric is present?

On all FortiGate devices in the Security Fabric

Do stitches need to be reconfigured on each leaf FortiGate device?

No, stitches configured on the root FortiGate are pushed to the relevant leaf FortiGate devices

What is the purpose of automation stitches in FortiOS?

To take appropriate action when the Security Fabric detects a threat or other actionable event

What are some examples of event sources that can trigger automation stitches?

FortiOS event logs with customizable filters, IoC’s, and event handlers from FortiAnalyzer

Is a Security Fabric required to use stitches in FortiOS?

No, a Security Fabric is not required to use stitches

Can automation stitches be used to detect events from sources outside of FortiOS?

Yes, automation stitches can detect events from many sources