FCSS – Enterprise Firewall Administrator 7.6 — Question 21

You receive a FortiAnalyzer alert warning that a 1 ТВ disk filled up in a day. Upon investigation, you find thousands of unusual DNS log requests, such as JHCMQK.website.com, with no answers. You later discover that DNS exfiltration is occurring through both UDP and TLS.
How can you prevent this data theft technique?

Answer options

• A. Use a file filter profile to protect against DNS exfiltration.
• B. Use an intrusion prevention system (IPS) profile and DNS exfiltration-related signatures.
• C. Enable DNS filter to protect against DNS exfiltration.
• D. Enable data loss prevention (DLP) to prevent DNS exfiltration.

Correct answer: B

Explanation

The correct answer is B because using an intrusion prevention system (IPS) profile with DNS exfiltration-related signatures allows for the detection and prevention of known patterns associated with this type of data theft. Options A, C, and D may provide some level of protection, but they do not specifically target the signatures related to DNS exfiltration as effectively as an IPS profile does.