Based on the FortiGate Security Fabric settings shown in the exhibits, to successfully quarantine an endpoint when it is detected as a compromised host (IOC), the following step is required:

Enable Remote HTTPS Access to EMS:This setting allows FortiGate to communicate securely with FortiClient EMS over HTTPS. Remote HTTPS access is essential for the quarantine functionality to operate correctly, enabling the EMS server to receive and act upon the quarantine commands from FortiGate.

Therefore, the administrator must enable remote HTTPS access to EMS to allow the quarantine process to function properly.

References

FortiGate Infrastructure 7.2 Study Guide, Security Fabric and Integration with EMS Sections

Fortinet Documentation on Enabling Remote HTTPS Access to FortiClient EMS

Understanding Quick Scan Function:

The quick scan option on FortiClient is designed to scan certain elements of the system quickly for threats.

Evaluating Scan Scope:

The quick scan specifically targets executable files, DLLs, and drivers that are currently running, providing a rapid assessment of the active components of the system.

Conclusion:

The correct answer is D, as it accurately describes the function of the quick scan option on FortiClient.

References:

FortiClient scanning options documentation from the study guides.

Observation of Endpoint Policies:

The exhibit shows multiple endpoint policies with their assigned groups, priority levels, and enabled status.

Evaluating Policy Assignment:

The Training policy is specifically assigned to the "trainingAD.training.lab" group, with a higher priority than the Default policy.

Conclusion:

The correct policy applied to the endpoint in the AD group "trainingAD" is the Training policy (A).

References:

FortiClient EMS policy configuration and priority management documentation from the study guides.

Understanding FortiClient Features:

FortiClient endpoint security includes several features aimed at protecting and managing endpoints.

Evaluating Feature Set:

Vulnerability management is a key feature of FortiClient, helping to identify and address vulnerabilities (B).

IPsec is supported for secure VPN connections (D).

Real-time protection is crucial for detecting and preventing threats in real-time (E).

Eliminating Incorrect Options:

Data Loss Prevention (DLP) (A) is typically managed by FortiGate or FortiMail.

L2TP (C) is a protocol used for VPNs but is not specifically a feature of FortiClient endpoint security.

References:

FortiClient endpoint security features documentation from the study guides.

Requirement Analysis:

The administrator needs to maintain a software vulnerability scan on endpoints without showing the feature on FortiClient.

Evaluating Options:

Disabling the feature in the deployment package or endpoint profile would remove the functionality entirely, which is not desired.

Using the default endpoint profile may not meet the specific requirement of hiding the feature.

Clicking the hide icon on the vulnerability scan profile assigned to the endpoint will keep the feature active but hidden from the user's view.

Conclusion:

The correct action is to click the hide icon on the vulnerability scan profile assigned to the endpoint (C).

References:

FortiClient EMS feature configuration and management documentation from the study guides.

Observation of Compliance Profile:

The compliance profile shown in the exhibit includes rules for vulnerability severity level and running process (Calculator.exe).

Evaluating Actions for Compliance:

To make the endpoint compliant, the administrator needs to ensure that the vulnerability severity level is medium or higher is patched (D).

Additionally, the Calculator.exe application must be running on the endpoint (B).

Eliminating Incorrect Options:

Enabling the web filter profile (A) is not related to the compliance rules shown.

Integrating FortiSandbox (C) is not a requirement in the given compliance profile.

Conclusion:

The correct actions are to run the Calculator application on the endpoint (B) and patch applications with vulnerabilities rated as high or above (D).

References:

FortiClient EMS compliance profile configuration documentation from the study guides.

Understanding ZTNA Rule Configuration:

The ZTNA rule configuration shown in the exhibit defines how traffic is managed and controlled based on specific tags and conditions.

Evaluating Rule Components:

The rule includes security profiles to protect traffic by applying various security checks (A).

The rule also enforces access control by determining which endpoints can access the specified resources based on the ZTNA tag (D).

Eliminating Incorrect Options:

SNAT (Source Network Address Translation) is not mentioned as part of this ZTNA rule.

The rule does not define the access proxy but uses it to enforce access control.

Conclusion:

The correct statements about the ZTNA rule are that it applies security profiles to protect traffic (A) and enforces access control (D).

References:

ZTNA rule configuration documentation from the study guides.