NSE4 Question #2: Real Exam Question with Answer & Explanation

Question

Alert emails enable the FortiGate unit to send email notifications to an email address upon detection of a pre-defined event type. Which of the following are some of the available event types in Web Config? (Select all that apply.)

Options

• AIntrusion detected.
• BSuccessful firewall authentication.
• COversized file detected.
• DDHCP address assigned.
• EFortiGuard Web Filtering rating error detected.

Explanation

FortiGate alert emails can be configured for critical security incidents like intrusion detection, providing immediate notification to administrators upon the detection of predefined event types.

Common mistakes.

• B. Successful firewall authentications are typically logged but are not a standard event type for general email alerts as they occur frequently and indicate normal operation rather than an issue.
• C. While related to DLP, 'oversized file detected' is not a standard, general email alert event type directly configurable in the common alert settings compared to critical security events.
• D. DHCP address assignments are routine network events that occur frequently and are usually logged rather than triggering immediate email alerts.
• E. FortiGuard Web Filtering rating errors are specific service issues, and while they might generate logs, they are not typically among the general critical event types configurable for email alerts.

Concept tested. FortiGate alert email event types

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/521191/email

No community discussion yet for this question.