NSE 5 — FortiAnalyzer 7.2 — Question 19

Which two actions should an administrator take to view Compromised Hosts on FortiAnalyzer? (Choose two.)

Answer options

• A. Enable web filtering in firewall policies on FortiGate devices, and make sure these logs are sent to FortiAnalyzer.
• B. Subscribe FortiAnalyzer to FortiGuard to keep its local threat database up to date.
• C. Make sure all endpoints are reachable by FortiAnalyzer.
• D. Enable device detection on the FortiGate devices that are sending logs to FortiAnalyzer.

Correct answer: A, B

Explanation

The correct answers, A and B, are essential steps to ensure that the necessary logs are captured and that FortiAnalyzer has the latest threat information for accurate analysis. Options C and D, while important for overall functionality, do not directly contribute to the visibility of Compromised Hosts in FortiAnalyzer.