What happens when the indicator of compromise (IOC) engine on FortiAnalyzer finds web logs that match blocklisted IP addresses? (Choose one answer)

A. A new Infected entry is added for the corresponding endpoint under Compromised Hosts.
B. FortiAnalyzer runs a default playbook in the background that creates an incident alerting analysts.
C. The detection engine classifies those logs as Suspicious.
D. The endpoint is marked as Compromised and, optionally, can be quarantined.

Correct Answer: A

Brave-Dump Clients Votes

C 50%

A 50%

Comments

Anonymous User 2026-02-13 13:42:44

Selected Answers: C

should c

marcin 2026-02-15 19:02:45

Selected Answers: A

A. See page 130:
Infected: Indicates a real breach. FortiAnalyzer found matches of the blacklisted IPs or domain generation
algorithms (DGAs) in the web logs.