NSE 5 — FortiAnalyzer 7.2 — Question 13

What happens when the IOC breach detection engine on FortiAnalyzer finds web logs that match a blocklisted IP address?

Answer options

• A. The endpoint is marked as Compromised and, optionally, can be put in quarantine.
• B. FortiAnalyzer flags the associated host for further analysis.
• C. A new Infected entry is added for the corresponding endpoint.
• D. The detection engine classifies those logs as Suspicious.

Correct answer: C

Explanation

When the IOC breach detection engine finds web logs that correspond to a blocklisted IP address, it adds a new Infected entry for the endpoint, indicating a potential security threat. Options A, B, and D are incorrect because they describe different actions that do not specifically relate to the addition of an Infected entry.