FCSS – Enterprise Firewall Administrator 7.4 — Question 36

An administrator received a FortiAnalyzer alert that a 1 ТВ disk filled up in a day. Upon investigation, they found thousands of unusual DNS log requests, such as JHCMQK.website.com, with no answers. They later discovered that DNS exfiltration was occurring through both UDP and TLS.
How can the administrator prevent this data theft technique?

Answer options

• A. Create an inline-CASB to protect against DNS exfiltration.
• B. Configure a File Filter profile to prevent DNS exfiltration.
• C. Enable DNS Filter to protect against DNS exfiltration.
• D. Use an IPS profile and DNS exfiltration-related signatures.

Correct answer: D

Explanation

The correct answer is D because using an IPS profile with specific signatures allows for the detection and blocking of known patterns associated with DNS exfiltration. Options A, B, and C do not provide the same level of targeted defense against DNS exfiltration as an IPS profile would, as they focus on different methods of protection or are not specifically designed to address the problem.