View all questions & answers for the NSE 5 - FortiAnalyzer 7.6 Analyst Exam Materials exam


NSE 5 - FortiAnalyzer 7.6 Analyst Exam Materials-Question 70 Discussion

What happens when the indicator of compromise (IOC) engine on FortiAnalyzer finds web logs that match blocklisted IP addresses? (Choose one answer)

  • A. A new Infected entry is added for the corresponding endpoint under Compromised Hosts.
  • B. FortiAnalyzer runs a default playbook in the background that creates an incident alerting analysts.
  • C. The detection engine classifies those logs as Suspicious.
  • D. The endpoint is marked as Compromised and, optionally, can be quarantined.
Correct Answer: A

Brave-Dump Clients Votes

C 50%
A 50%

Comments



Anonymous User 2026-02-13 13:42:44

Selected Answers: C


should c

marcin 2026-02-15 19:02:45

Selected Answers: A


A. See page 130:
Infected: Indicates a real breach. FortiAnalyzer found matches of the blacklisted IPs or domain generation
algorithms (DGAs) in the web logs.