20 Questions
Which pane is designed for a network and security operations center where multiple dashboards are displayed in large monitors in a SOC or NOC environment?
Monitors
What can you view on the Monitors dashboards?
Network events and security alerts
What can you investigate on the Traffic dashboard?
Top sources of traffic
What is listed as the major source of traffic from the host with the IP address 10.0.0.21?
DNS
What does log fetching allow FortiAnalyzer to do?
Run queries or reports on archived logs
What is the role of the FortiAnalyzer device that sends logs during log fetching?
Fetch server
How many log-fetching sessions can be established between two FortiAnalyzer devices?
One
What must be ensured for log fetching to work properly?
All of the above
What happens to logs outside the data policy constraints on the client?
They are deleted
When can you see the logs of devices in the client?
After adding the devices to Device Manager
Which column indicates the number of different threats associated with an IOC hit in FortiView?
Threats
What action can you take to acknowledge an IOC hit in FortiView?
Click "Ack" in the Acknowledge column
What can you do to view more details and filter the view based on two categories for an IOC hit in FortiView?
Double-click the entry
What does the Blocklist category indicate for an IOC hit in FortiView?
Items marked as infected after checking the blocklist
What action can you take if you believe that an IP address or domain listed under the Detect Pattern column is valid for an IOC hit in FortiView?
Report it as misrated
What does the Suspicious category indicate for an IOC hit in FortiView?
A match found in the suspicious list
What does Fortianalyzer do when an endpoint is flagged in the Suspicious category for an IOC hit in FortiView?
Lists or updates the endpoint in Compromised Hosts
What can you do to filter the entries in the IOC FortiView by specifying devices or a time period?
Filter the entries by specifying devices
By default, can you view acknowledged IOCs in FortiView?
Yes, acknowledged IOCs are always visible
What can you do when you double-click an entry in FortiView?
View more details and filter the view based on two categories
Test your knowledge of IOC hits in FortiView with this quiz! Learn about breach detection engines, Infected verdicts, and the different threats associated with IOC hits. Challenge yourself to identify CnC, Sinkhole, InstallationTraffic, and PostInfectionTraffic threats in this example.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.