Fortinet Exam FCP_FAZ_AN-7.4 Topic 2 Question 9 Discussion

Actual exam question for Fortinet's FCP_FAZ_AN-7.4 exam

Question #: 9
Topic #: 2

What happens when the indicator of compromise (IOC) engine on FortiAnalyzer finds web logs that match blacklisted IP addresses?

AFortiAnalyzer flags the associated host for further analysis.

BA new infected entry is added for the corresponding endpoint under Compromised Hosts.

CThe detection engine classifies those logs as Suspicious.

DThe endpoint is marked as Compromised and, optionally, can be put in quarantine.

Show Suggested Answer

Suggested Answer: B

by Harrison at Feb 06, 2025, 08:59 PM

Limited Time Offer

25%

Off

Get Premium FCP_FAZ_AN-7.4 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Antonio

10 days ago

Option D is the way to go. Quarantining the compromised endpoint is the best way to prevent further damage. Hopefully, the user has a good warranty on their device.

upvoted 0 times

...

Hillary

13 days ago

C is my pick. Classifying the logs as suspicious is a good first step, but I'd expect more actions to be taken as well.

upvoted 0 times

...

1 months ago

Option D seems like the most comprehensive response. Marking the endpoint as compromised and the ability to quarantine it is a crucial security measure.

upvoted 0 times

Nicolette

9 days ago

B) A new infected entry is added for the corresponding endpoint under Compromised Hosts.

upvoted 0 times

...

Abraham

22 days ago

A) FortiAnalyzer flags the associated host for further analysis.

upvoted 0 times

...

Dean

1 months ago

I think the answer is A) FortiAnalyzer flags the associated host for further analysis.

upvoted 0 times

...