What happens when the indicator of compromise (IOC) engine on FortiAnalyzer finds web logs that match blacklisted IP addresses? (Choose one answer)

A. The endpoint is marked as Compromised and, optionally, can be put in quarantine.
B. A new Infected entry is added for the corresponding endpoint under Compromised Hosts.
C. The detection engine classifies those logs as Suspicious.
D. FortiAnalyzer flags the associated host for further analysis.

Correct Answer: B

Brave-Dump Clients Votes

B 100%

Comments

Ibrahim Eldesoki 2025-04-07 14:00:22

Selected Answers: B

B ok, Study guide: The breach detection engine on FortiAnalyzer uses Fortiguard Threat DEtection Service (TDS) intelligence to analyze web filter logs for breach detection...When the threat match is found, a threat score is given to the end user based on the overall ranking score from TDS