Based on the FortiGate Security Fabric settings shown in the exhibits, to successfully quarantine an endpoint when it is detected as a compromised host (IOC), the following step is required:

Enable Remote HTTPS Access to EMS:This setting allows FortiGate to communicate securely with FortiClient EMS over HTTPS. Remote HTTPS access is essential for the quarantine functionality to operate correctly, enabling the EMS server to receive and act upon the quarantine commands from FortiGate.

Therefore, the administrator must enable remote HTTPS access to EMS to allow the quarantine process to function properly.

References

FortiGate Infrastructure 7.2 Study Guide, Security Fabric and Integration with EMS Sections

Fortinet Documentation on Enabling Remote HTTPS Access to FortiClient EMS

Understanding Quick Scan Function:

The quick scan option on FortiClient is designed to scan certain elements of the system quickly for threats.

Evaluating Scan Scope:

The quick scan specifically targets executable files, DLLs, and drivers that are currently running, providing a rapid assessment of the active components of the system.

Conclusion:

The correct answer is D, as it accurately describes the function of the quick scan option on FortiClient.

References:

FortiClient scanning options documentation from the study guides.

Observation of Endpoint Policies:

The exhibit shows multiple endpoint policies with their assigned groups, priority levels, and enabled status.

Evaluating Policy Assignment:

The Training policy is specifically assigned to the "trainingAD.training.lab" group, with a higher priority than the Default policy.

Conclusion:

The correct policy applied to the endpoint in the AD group "trainingAD" is the Training policy (A).

References:

FortiClient EMS policy configuration and priority management documentation from the study guides.

Understanding FortiClient Features:

FortiClient endpoint security includes several features aimed at protecting and managing endpoints.

Evaluating Feature Set:

Vulnerability management is a key feature of FortiClient, helping to identify and address vulnerabilities (B).

IPsec is supported for secure VPN connections (D).

Real-time protection is crucial for detecting and preventing threats in real-time (E).

Eliminating Incorrect Options:

Data Loss Prevention (DLP) (A) is typically managed by FortiGate or FortiMail.

L2TP (C) is a protocol used for VPNs but is not specifically a feature of FortiClient endpoint security.

References:

FortiClient endpoint security features documentation from the study guides.

Requirement Analysis:

The administrator needs to maintain a software vulnerability scan on endpoints without showing the feature on FortiClient.

Evaluating Options:

Disabling the feature in the deployment package or endpoint profile would remove the functionality entirely, which is not desired.

Using the default endpoint profile may not meet the specific requirement of hiding the feature.

Clicking the hide icon on the vulnerability scan profile assigned to the endpoint will keep the feature active but hidden from the user's view.

Conclusion:

The correct action is to click the hide icon on the vulnerability scan profile assigned to the endpoint (C).

References:

FortiClient EMS feature configuration and management documentation from the study guides.

Observation of Compliance Profile:

The compliance profile shown in the exhibit includes rules for vulnerability severity level and running process (Calculator.exe).

Evaluating Actions for Compliance:

To make the endpoint compliant, the administrator needs to ensure that the vulnerability severity level is medium or higher is patched (D).

Additionally, the Calculator.exe application must be running on the endpoint (B).

Eliminating Incorrect Options:

Enabling the web filter profile (A) is not related to the compliance rules shown.

Integrating FortiSandbox (C) is not a requirement in the given compliance profile.

Conclusion:

The correct actions are to run the Calculator application on the endpoint (B) and patch applications with vulnerabilities rated as high or above (D).

References:

FortiClient EMS compliance profile configuration documentation from the study guides.

Understanding ZTNA Rule Configuration:

The ZTNA rule configuration shown in the exhibit defines how traffic is managed and controlled based on specific tags and conditions.

Evaluating Rule Components:

The rule includes security profiles to protect traffic by applying various security checks (A).

The rule also enforces access control by determining which endpoints can access the specified resources based on the ZTNA tag (D).

Eliminating Incorrect Options:

SNAT (Source Network Address Translation) is not mentioned as part of this ZTNA rule.

The rule does not define the access proxy but uses it to enforce access control.

Conclusion:

The correct statements about the ZTNA rule are that it applies security profiles to protect traffic (A) and enforces access control (D).

References:

ZTNA rule configuration documentation from the study guides.

When FortiClient is installed on a Windows Server, the default behavior for real-time protection control is:

Real-time protection is disabled:By default, FortiClient does not enable real-time protection on server installations to avoid potential performance impacts and because servers typically have different security requirements compared to client endpoints.

Thus, real-time protection is disabled by default on Windows Server installations.

References

FortiClient EMS 7.2 Study Guide, Real-time Protection Section

Fortinet Documentation on FortiClient Default Settings for Server Installations

Based on the CLI output from FortiGate:

The configuration shows the use of "type fortiems," indicating that FortiGate is set up to interact with FortiClient EMS.

The "server" field points to an IP address (10.0.1.200), which is typically the address of the FortiClient EMS server.

The configuration includes an SSL-enabled connection, which is a common setup for secure communication between FortiGate and FortiClient EMS.

Thus, the configuration indicates that FortiGate is set up to pull user groups from FortiClient EMS.

References

FortiGate Security 7.2 Study Guide, FSSO Configuration Section

Fortinet Documentation on FortiGate and FortiClient EMS Integration

"The firewall policy matches and redirects client requests to the access proxy VIP"https://docs.fortinet.com/document/fortigate/7.0.0/new-features/194961/basic-ztna-configuration

For managing the FortiClient web filter extension installed on the Google Chromebook endpoint, the EMS administrator can use the following component:

FortiClient EMS (Enterprise Management Server)is designed to manage and control multiple FortiClient installations across various endpoints.

EMS provides centralized management for endpoint policies, including web filtering configurations.

The EMS administrator can configure and enforce web filter policies on Chromebooks through the EMS console.

Therefore, FortiClient EMS is the correct component for managing the web filter extension on Google Chromebook endpoints.

References

FortiClient EMS 7.2 Study Guide, Chromebook Management Section

Fortinet Documentation on FortiClient EMS and Web Filtering for Chromebooks

Based on the Zero Trust Tagging Rule Set configuration shown in the exhibit:

The rule set includes two conditions:

AV Software is installed and running

OS Version is Windows Server 2012 R2 or Windows 10

The Rule Logic is specified as "(1 and 3) or 2," meaning:

The endpoint must have antivirus software installed and running and must be running Windows 10.

Alternatively, the endpoint must be running Windows Server 2012 R2.

Therefore, the endpoint must satisfy either:

Antivirus is installed and running and Windows 10 is running.

Windows Server 2012 R2 is running.

References

FortiClient EMS 7.2 Study Guide, Zero Trust Tagging Rule Set Configuration Section

Fortinet Documentation on Configuring Zero Trust Tagging Rules and Logic