Exam FCSS_EFW_AD-7.4 Topic 1 Question 33 Discussion
Actual exam question for Fortinet's FCSS_EFW_AD-7.4 exam
Question #: 33
Topic #: 1
Question #: 33
Topic #: 1
An administrator received a FortiAnalyzer alert that a 1 disk filled up in a day. Upon investigation, they found thousands of unusual DNS log requests, such as JHCMQK.website.com, with no answers. They later discovered that DNS exfiltration was occurring through both UDP and TLS. How can the administrator prevent this data theft technique?
Suggested Answer: D Vote an answer
The excessive DNS log requests with random subdomains suggest a DNS exfiltration attack, where attackers encode and transmit data via DNS queries. Since this technique can use both UDP and TLS (DoH - DNS over HTTPS), a comprehensive security approach is needed.
Using an IPS profile with DNS exfiltration-specific signatures allows FortiGate to:
Detect and block abnormal DNS query patterns often used in exfiltration. Inspect encrypted DNS (DoH, DoT) traffic if SSL inspection is enabled. Identify known exfiltration domains and techniques based on FortiGuard threat intelligence.
Using an IPS profile with DNS exfiltration-specific signatures allows FortiGate to:
Detect and block abnormal DNS query patterns often used in exfiltration. Inspect encrypted DNS (DoH, DoT) traffic if SSL inspection is enabled. Identify known exfiltration domains and techniques based on FortiGuard threat intelligence.
by Lewis at Apr 04, 2025, 11:32 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).