NSE 5 – FortiAnalyzer 7.0 — Question 18

Which two actions should an administrator take to view Compromised Hosts on FortiAnalyzer? (Choose two.)

Answer options

• A. Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer.
• B. Make sure all endpoints are reachable by FortiAnalyzer.
• C. Enable device detection on an interface on the FortiGate devices that are connected to the FortiAnalyzer device.
• D. Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.

Correct answer: A, D

Explanation

The correct answer is A and D because enabling web filtering in firewall policies allows the necessary logs to be sent to FortiAnalyzer, providing visibility into compromised hosts, while subscribing to FortiGuard ensures that the threat database is updated. Options B and C do not directly relate to viewing compromised hosts; B focuses on endpoint accessibility and C is about device detection, neither of which are directly required for viewing compromised hosts on FortiAnalyzer.