FCSS – SOC Analyst 7.4 — Question 1

Which three end user logs does FortiAnalyzer use to identify possible IOC compromised hosts? (Choose three.)

Answer options

• A. Web filter logs
• B. Email filter logs
• C. DNS filter logs
• D. Application filter logs
• E. IPS logs

Correct answer: B, D, E

Explanation

The correct answers B, D, and E are relevant because these logs provide insights into email threats, application usage, and intrusion prevention, which are critical for identifying indicators of compromise. Options A and C, while useful for filtering web traffic and DNS queries, do not directly relate to IOC detection as effectively as the chosen options.