Fortinet Exam NSE5_FAZ-7.2 Topic 5 Question 29 Discussion

Actual exam question for Fortinet's NSE5_FAZ-7.2 exam

Question #: 29
Topic #: 5

What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address?

AThe endpoint is marked as Compromised and. optionally, can be put in quarantine.

BFortiAnalyzer flags the associated host for further analysis.

CA new Infected entry is added for the corresponding endpoint.

DThe detection engine classifies those logs as Suspicious

Show Suggested Answer

Suggested Answer: A

by Ona at Sep 16, 2024, 02:55 AM

Limited Time Offer

25%

Off

Contribute your Thoughts:

Submit Cancel

15 days ago

Option C sounds like something a hacker would add to cover their tracks. I'm going with A or B for sure.

upvoted 0 times

...

16 days ago

Haha, I bet the correct answer is 'D' just to mess with us. Security professionals love to throw in a curveball!

upvoted 0 times

...

19 days ago

I'm torn between Options A and B. Both seem valid, but I think quarantining the endpoint is the more proactive approach.

upvoted 0 times

...

20 days ago

I agree with Bettina. Quarantining the compromised endpoint is the logical course of action to mitigate the threat.

upvoted 0 times

2 days ago

A) The endpoint is marked as Compromised and, optionally, can be put in quarantine.

upvoted 0 times

...

2 months ago

I think the answer is A) The endpoint is marked as Compromised and, optionally, can be put in quarantine.

upvoted 0 times

...