SAMPLE QUESTION FORTICLIENT EMS Flashcards
Which of the following overrides site categories action in FortiClient web-filter?
Select one:
a.Block malicious website on AV
b.URL list
c.FortiSandbox custom URL categories
d.Web exclusion list
d.Web exclusion list
If the website is part of a blocked category, an allow permission in the Exclusion List would allow the user to access the specific URL.
Exclude URLs that are explicitly blocked or allowed. Use the add icon to add URLs and the delete icon to delete URLs from the list. Select a URL and select the edit icon to edit the selection.
Which ZTNA component is responsible for enabling the access proxy?
Select one:
a.ZTNA server
b.ZTNA rules
c.ZTNA firewall policy
d.ZTNA tags
a.ZTNA server
ZTNA configuration on the FortiGate requires the following configuration:
* FortiClient EMS adds a fabric connector in the security fabric. FortiGate maintains a continuous connection
to the EMS server to synchronize endpoint device information, and also automatically synchronizes ZTNA
tags. You can create groups and add tags to use in the ZTNA rules and firewall policies.
* The ZTNA server defines the access proxy VIP and the real servers that clients connect to. The firewall
policy matches and redirects client requests to the access proxy VIP. You can also enable authentication.
* A ZTNA rule is a proxy policy used to enforce access control. You can define ZTNA tags or tag groups to
enforce zero-trust role-based access. You can configure security profiles can be configured to protect this
traffic.
https://training.fortinet.com/pluginfile.php/2256034/mod_resource/content/24/FortiClient_EMS_7.2_Administrator_Study_Guide-Online.pdf?forcedownload=1
Página 251
An administrator has activated the FortiGuard Endpoint Forensic Analysis license on FortiClient Cloud.
Which statement is true about forensic analysis?
Select one:
a.It helps you to collect software inventory on the endpoints.
b.It helps you to implement dynamic policies.
c.It helps you to respond to and recover from cybersecurity incidents.
d.It helps you to learn about available endpoint licenses on FortiClient EMS.
c.It helps you to respond to and recover from cybersecurity incidents.
The FortiGuard Endpoint Forensic Analysis service provides remote endpoint analysis to help you respond to
and recover from cybersecurity incidents. For each engagement, forensic analysts from Fortinet’s FortiGuard
Labs remotely assist in collecting, examining, and presenting digital evidence, including a final detailed report.
This feature requires the FortiGuard Endpoint Forensic Analysis license. You can have a maximum of five
forensic analysis requests in progress at any time. This feature supports all FortiClient versions. You can
activate the license using the Forensics Analysis option in the FortiCloud window. The endpoint summary
displays a Forensics Analysis section, which displays the status and task ID of the last analysis requested
by the endpoint.
The following statuses are available for forensic analysis requests:
* Pending status indicates that the forensic analysis request has been initiated. The forensics team has not
yet assigned the request to an analyst.
* In-progress status indicates that the forensics team has assigned the request to an analyst, who has
begun working on it.
* Complete status indicates that an analyst has completed analysis on the endpoint and shared the results
in a PDF document. You can download the report from the Forensic Analysis section of the endpoint
summary.
* Failed status indicates that an analyst could not connect to the endpoint.
* Cancelled status indicates one of the following:
* The analyst requires more information about the endpoint to perform the analysis.
* The FortiClient EMS administrator canceled the request.
file:///C:/Users/jonat/Downloads/FortiClient_EMS_7.2_Administrator_Study_Guide-Online_compressed.pdf
Página 322
Which FortiClient feature is required, to block access to malicious websites?
Select one:
a.Antiexploit
b.Sandbox integration
c.Application firewall
d.Web filtering
d.Web filtering
Security Risk:
Dynamic DNS
Malicious Websites
Newly Observed Domain
Newly Registered Domain
Phishing
Spam URLs
https://docs.fortinet.com/document/forticlient/7.4.1/ems-administration-guide/68075/web-filter
Which FortiGate CLI command shows all the ZTNA IP and MAC addresses learned from FortiClient EMS?
Select one:
a.diagnose firewall dynamic list
b.diagnose wad dev query-by uid
c.diagnose endpoint record list
d.diagnose endpoint lls-comm send ztna find-by ip-vdom
a.diagnose firewall dynamic list
The diagnose firewall dynamic list command shows all the dynamic ZTNA IP and MAC addresses
learned from EMS.
file:///C:/Users/jonat/Downloads/FortiClient_EMS_7.2_Administrator_Study_Guide-Online_compressed.pdf
Página 305
Which component or device signs the client certificate with the UID and serial number?
Select one:
a.FortiClient
b.FortiClient EMS
c.FortiGate
d.FortiAnalyzer
b.FortiClient EMS
FortiClient EMS issues and signs the client certificate with the FortiClient UID, certificate serial number, and
EMS serial number. FortiClient EMS then synchronizes the certificate with FortiGate. FortiClient EMS also
shares its EMS ZTNA CA certificate with FortiGate, so that FortiGate can use it to authenticate the clients.
FortiClient EMS uses zero-trust tagging rules to tag endpoints based on the information that it has on each
endpoint. FortiClient EMS also shares the tags with FortiGate
file:///C:/Users/jonat/Downloads/FortiClient_EMS_7.2_Administrator_Study_Guide-Online_compressed.pdf
Página 263
Which statement about the FortiClient EMS console logs is true?
Select one:
a.The FortiClient EMS administrator assigned the endpoint profile to All Groups.
b.The FortiClient EMS administrator created an endpoint profile.
c.The FortiClient EMS administrator assigned the gateway list to All Groups.
d.The FortiClient EMS administrator deployed a new FortiClient installation to All Groups.
b.The FortiClient EMS administrator created an endpoint profile.
A FortiClient EMS administrator has created multiple deployment configurations, and the endpoint is eligible to receive all of them.
Which two factors determine which deployment configuration FortiClient EMS applies to the endpoint? (Choose two.)
Select one or more:
a.A name of the deployment configuration in alphabetical order.
b.A priority level of the deployment configuration.
c.A status of the deployment configuration.
d.A scheduled time configured on the deployment configuration.
b.A priority level of the deployment configuration.
c.A status of the deployment configuration.
When an endpoint is eligible for multiple endpoint deployment configurations, two factors determine which
configuration FortiClient EMS applies to the endpoint:
1. FortiClient EMS applies deployment configurations to endpoints only if the configurations are enabled on
the FortiClient EMS.
2. If an endpoint is eligible for multiple enabled configurations, FortiClient FortiClient EMS applies the
configuration with the first priority level to the endpoint
file:///C:/Users/jonat/Downloads/FortiClient_EMS_7.2_Administrator_Study_Guide-Online_compressed.pdf
Página 150
What is the function of the custom scan option on FortiClient?
Select one:
a.It scans executable files, DLLs, and drivers that are currently running, for threats.
b.It performs a full system scan including all files, executable files, DLLs, and drivers, for threats.
c.It allows users to select a specific file folder to scan for threats.
d.It performs a manual scan on all removable drives.
c.It allows users to select a specific file folder to scan for threats.
You can configure daily, weekly, and monthly scans, and select one of the scan types on this slide. Quick
Scan scans only executable files, DLLs, and drivers that are currently running for threats. Full Scan performs
a full system scan including all files, executable files, DLLs, and drivers for threats. Custom Scan allows you
to select a specific file folder on your local hard disk drive (HDD) to scan for threats. All three scan types run
the rootkit detection engine to detect and remove rootkits.
file:///C:/Users/jonat/Downloads/FortiClient_EMS_7.2_Administrator_Study_Guide-Online_compressed.pdf
Página 225
A FortiClient administrator runs a FortiClient diagnostic tool to generate a debug report.
Which endpoint information is available in the report?
Select one:
a.The Active Directory username and password
b.The FortiClient configuration
c.Microsoft Edge bookmarks
d.End-user contact information
b.The FortiClient configuration
You can use the FortiClient EMS Diagnostic Tool to generate a debug report, and then provide the debug
report to the FortiClient team to help with troubleshooting. For example, if you are working with customer
support on a problem, you can generate a debug report, and send the report to customer support to help with
troubleshooting.
The FortiClient EMS Diagnostic Tool does not record sensitive information. It contains information about the
server that is shown in this slide
file:///C:/Users/jonat/Downloads/FortiClient_EMS_7.2_Administrator_Study_Guide-Online_compressed.pdf
Página 352
FortiGate devices in the Security Fabric must receive endpoint from the FortiClient EMS for policy enforcement.
Which is required to synchronize endpoint information?
Select one:
a.FortiGate devices must function as gateway devices for the endpoints to receive endpoint information.
b.FortiGate devices must be authorized on the FortiClient EMS to receive endpoint information.
c.FortiGate devices must have the endpoint license.
d.FortiGate devices must run the same firmware version as FortiClient EMS.
b.FortiGate devices must be authorized on the FortiClient EMS to receive endpoint information.
