Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam NSE5_FAZ-7.2 Topic 1 Question 27 Discussion

Actual exam question for Fortinet's NSE5_FAZ-7.2 exam
Question #: 27
Topic #: 1
[All NSE5_FAZ-7.2 Questions]

What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address?

Show Suggested Answer Hide Answer
Suggested Answer: A

Contribute your Thoughts:

Bonita
2 months ago
Ha! Quarantining the endpoint? What is this, a hospital for computers? Option B is clearly the way to go.
upvoted 0 times
Ammie
1 months ago
Ha! Quarantining the endpoint? What is this, a hospital for computers? Option B is clearly the way to go.
upvoted 0 times
...
Rosendo
2 months ago
B) FortiAnalyzer flags the associated host for further analysis.
upvoted 0 times
...
Junita
2 months ago
A) The endpoint is marked as Compromised and, optionally, can be put in quarantine.
upvoted 0 times
...
...
Glory
3 months ago
D is the way to go. The detection engine should classify the logs as Suspicious, not automatically mark the endpoint as Compromised.
upvoted 0 times
Zana
2 months ago
I agree. C is also necessary as a new Infected entry should be added for the corresponding endpoint for tracking and monitoring purposes.
upvoted 0 times
...
Royal
2 months ago
True, but A is crucial too. The endpoint can be marked as Compromised and put in quarantine to prevent further damage.
upvoted 0 times
...
Justine
2 months ago
I think B is also important. FortiAnalyzer flags the associated host for further analysis to determine the severity of the situation.
upvoted 0 times
...
Shelba
2 months ago
D is the way to go. The detection engine should classify the logs as Suspicious, not automatically mark the endpoint as Compromised.
upvoted 0 times
...
...
Alease
3 months ago
I think both options make sense, but A) seems more proactive in preventing potential threats from spreading.
upvoted 0 times
...
Deonna
3 months ago
But wouldn't it make more sense to mark the endpoint as Compromised and quarantine it for further investigation?
upvoted 0 times
...
Lourdes
3 months ago
Option B seems more accurate to me. FortiAnalyzer should flag the host for further analysis, rather than automatically quarantining it.
upvoted 0 times
Lera
3 months ago
I think FortiAnalyzer should definitely flag the host for further analysis before jumping to conclusions.
upvoted 0 times
...
Staci
3 months ago
I agree, option B is the best choice. It allows for further investigation before taking action.
upvoted 0 times
...
...
Skye
3 months ago
I disagree, I believe the correct answer is B) FortiAnalyzer flags the associated host for further analysis.
upvoted 0 times
...
Lynelle
3 months ago
I think the correct answer is A. The endpoint should be marked as Compromised and put in quarantine to prevent further spread of the infection.
upvoted 0 times
Eden
3 months ago
A) The endpoint should be marked as Compromised and put in quarantine to prevent further spread of the infection.
upvoted 0 times
...
Dorcas
3 months ago
B) FortiAnalyzer flags the associated host for further analysis.
upvoted 0 times
...
Hyman
3 months ago
A) The endpoint is marked as Compromised and, optionally, can be put in quarantine.
upvoted 0 times
...
...
Deonna
4 months ago
I think the answer is A) The endpoint is marked as Compromised and, optionally, can be put in quarantine.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77