An administrator installs FortiClient on Windows Server.
What is the default behavior of real-time protection control?
When FortiClient is installed on a Windows Server, the default behavior for real-time protection control is:
Real-time protection is disabled: By default, FortiClient does not enable real-time protection on server installations to avoid potential performance impacts and because servers typically have different security requirements compared to client endpoints.
Thus, real-time protection is disabled by default on Windows Server installations.
Reference
FortiClient EMS 7.2 Study Guide, Real-time Protection Section
Fortinet Documentation on FortiClient Default Settings for Server Installations
Which three types of antivirus scans are available on FortiClient? (Choose three )
FortiClient offers several types of antivirus scans to ensure comprehensive protection:
Full scan: Scans the entire system for malware, including all files and directories.
Custom scan: Allows the user to specify particular files, directories, or drives to be scanned.
Quick scan: Scans the most commonly infected areas of the system, providing a faster scanning option.
These three types of scans provide flexibility and thoroughness in detecting and managing malware threats.
Reference
FortiClient EMS 7.2 Study Guide, Antivirus Scanning Options Section
Fortinet Documentation on Types of Antivirus Scans in FortiClient
Which component or device shares device status information through ZTNA telemetry?
FortiClient communicates directly with FortiClient EMS to continuously share device status information through ZTNA telemetry.
Refer to the exhibit, which shows the endpoint summary information on FortiClient EMS.
What two conclusions can you make based on the Remote-Client status shown above? (Choose two.)
Based on the Remote-Client status shown in the exhibit:
Endpoint Policy: The 'Policy' field shows 'Default,' indicating that the endpoint has been assigned the Default endpoint policy.
Connection Status: The 'Location' field shows 'Off-Fabric,' meaning that the endpoint is currently off the corporate network (off-net).
Therefore, the two conclusions that can be made are:
The endpoint has been assigned the Default endpoint policy.
The endpoint is currently off-net.
Reference
FortiClient EMS 7.2 Study Guide, Endpoint Summary Information Section
Fortinet Documentation on Endpoint Policies and Status Indicators
Refer to the exhibit, which shows the Zero Trust Tagging Rule Set configuration.
Which two statements about the rule set are true? (Choose two.)
Based on the Zero Trust Tagging Rule Set configuration shown in the exhibit:
The rule set includes two conditions:
AV Software is installed and running
OS Version is Windows Server 2012 R2 or Windows 10
The Rule Logic is specified as '(1 and 3) or 2,' meaning:
The endpoint must have antivirus software installed and running and must be running Windows 10.
Alternatively, the endpoint must be running Windows Server 2012 R2.
Therefore, the endpoint must satisfy either:
Antivirus is installed and running and Windows 10 is running.
Windows Server 2012 R2 is running.
Reference
FortiClient EMS 7.2 Study Guide, Zero Trust Tagging Rule Set Configuration Section
Fortinet Documentation on Configuring Zero Trust Tagging Rules and Logic
