Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam NSE5_FAZ-7.2 Topic 1 Question 27 Discussion

Actual exam question for Fortinet's NSE5_FAZ-7.2 exam
Question #: 27
Topic #: 1
[All NSE5_FAZ-7.2 Questions]

What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Kimberely at Aug 28, 2024, 11:37 PM

Limited Time Offer

25%

Off

Get Premium NSE5_FAZ-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Bonita
4 months ago
Ha! Quarantining the endpoint? What is this, a hospital for computers? Option B is clearly the way to go.
upvoted 0 times
Ammie
3 months ago
Ha! Quarantining the endpoint? What is this, a hospital for computers? Option B is clearly the way to go.
upvoted 0 times
...
Rosendo
3 months ago
B) FortiAnalyzer flags the associated host for further analysis.
upvoted 0 times
...
Junita
3 months ago
A) The endpoint is marked as Compromised and, optionally, can be put in quarantine.
upvoted 0 times
...
...
Glory
4 months ago
D is the way to go. The detection engine should classify the logs as Suspicious, not automatically mark the endpoint as Compromised.
upvoted 0 times
Zana
3 months ago
I agree. C is also necessary as a new Infected entry should be added for the corresponding endpoint for tracking and monitoring purposes.
upvoted 0 times
...
Royal
3 months ago
True, but A is crucial too. The endpoint can be marked as Compromised and put in quarantine to prevent further damage.
upvoted 0 times
...
Justine
3 months ago
I think B is also important. FortiAnalyzer flags the associated host for further analysis to determine the severity of the situation.
upvoted 0 times
...
Shelba
3 months ago
D is the way to go. The detection engine should classify the logs as Suspicious, not automatically mark the endpoint as Compromised.
upvoted 0 times
...
...
Alease
4 months ago
I think both options make sense, but A) seems more proactive in preventing potential threats from spreading.
upvoted 0 times
...
Deonna
4 months ago
But wouldn't it make more sense to mark the endpoint as Compromised and quarantine it for further investigation?
upvoted 0 times
...
Lourdes
4 months ago
Option B seems more accurate to me. FortiAnalyzer should flag the host for further analysis, rather than automatically quarantining it.
upvoted 0 times
Lera
4 months ago
I think FortiAnalyzer should definitely flag the host for further analysis before jumping to conclusions.
upvoted 0 times
...
Staci
4 months ago
I agree, option B is the best choice. It allows for further investigation before taking action.
upvoted 0 times
...
...
Skye
5 months ago
I disagree, I believe the correct answer is B) FortiAnalyzer flags the associated host for further analysis.
upvoted 0 times
...
Lynelle
5 months ago
I think the correct answer is A. The endpoint should be marked as Compromised and put in quarantine to prevent further spread of the infection.
upvoted 0 times
Eden
4 months ago
A) The endpoint should be marked as Compromised and put in quarantine to prevent further spread of the infection.
upvoted 0 times
...
Dorcas
4 months ago
B) FortiAnalyzer flags the associated host for further analysis.
upvoted 0 times
...
Hyman
4 months ago
A) The endpoint is marked as Compromised and, optionally, can be put in quarantine.
upvoted 0 times
...
...
Deonna
5 months ago
I think the answer is A) The endpoint is marked as Compromised and, optionally, can be put in quarantine.
upvoted 0 times
...

Save Cancel