Recent

  • Show all results for ""
quiz image
By @markuswinkler

FortiView

VisionarySugilite avatar
VisionarySugilite
·
·
Download

Start Quiz

Study Flashcards

20 Questions

Which pane is designed for a network and security operations center where multiple dashboards are displayed in large monitors in a SOC or NOC environment?

Monitors

What can you view on the Monitors dashboards?

Network events and security alerts

What can you investigate on the Traffic dashboard?

Top sources of traffic

What is listed as the major source of traffic from the host with the IP address 10.0.0.21?

DNS

What does log fetching allow FortiAnalyzer to do?

Run queries or reports on archived logs

What is the role of the FortiAnalyzer device that sends logs during log fetching?

Fetch server

How many log-fetching sessions can be established between two FortiAnalyzer devices?

One

What must be ensured for log fetching to work properly?

All of the above

What happens to logs outside the data policy constraints on the client?

They are deleted

When can you see the logs of devices in the client?

After adding the devices to Device Manager

Which column indicates the number of different threats associated with an IOC hit in FortiView?

Threats

What action can you take to acknowledge an IOC hit in FortiView?

Click "Ack" in the Acknowledge column

What can you do to view more details and filter the view based on two categories for an IOC hit in FortiView?

Double-click the entry

What does the Blocklist category indicate for an IOC hit in FortiView?

Items marked as infected after checking the blocklist

What action can you take if you believe that an IP address or domain listed under the Detect Pattern column is valid for an IOC hit in FortiView?

Report it as misrated

What does the Suspicious category indicate for an IOC hit in FortiView?

A match found in the suspicious list

What does Fortianalyzer do when an endpoint is flagged in the Suspicious category for an IOC hit in FortiView?

Lists or updates the endpoint in Compromised Hosts

What can you do to filter the entries in the IOC FortiView by specifying devices or a time period?

Filter the entries by specifying devices

By default, can you view acknowledged IOCs in FortiView?

Yes, acknowledged IOCs are always visible

What can you do when you double-click an entry in FortiView?

View more details and filter the view based on two categories

Test your knowledge of IOC hits in FortiView with this quiz! Learn about breach detection engines, Infected verdicts, and the different threats associated with IOC hits. Challenge yourself to identify CnC, Sinkhole, InstallationTraffic, and PostInfectionTraffic threats in this example.

Make Your Own Quizzes and Flashcards

Convert your notes into interactive study material.

More Quizzes Like This

FortiSIEM for MSSPs
20 questions

FortiSIEM for MSSPs

VisionarySugilite avatar
VisionarySugilite
FortiSIEM Agent Templates
20 questions

FortiSIEM Agent Templates

VisionarySugilite avatar
VisionarySugilite
Mastering FortiView Charting
16 questions

Mastering FortiView Charting

VisionarySugilite avatar
VisionarySugilite
FortiSIEM Incident Knowledge Quiz
7 questions

FortiSIEM Incident Knowledge Quiz

VisionarySugilite avatar
VisionarySugilite
Use Quizgecko on...
Browser
Open
Browser
Browser