Exact Extract: The FortiAnalyzer 7.6 Analyst Study Guide explains that FortiView provides dashboards for summarized network information, and that the Threats dashboard shows “top threats.” It also states that from a FortiView widget, “you can find more details about a specific entry,” and that the Top Threats widget displays the top threats, including IPS events and related CVE information when available.
Technical Deep Dive: The correct answer is A because the FortiView Top Threats table includes an entry named Apache.Expect.Header.XSS . That threat name directly indicates a cross-site scripting/XSS-related signature associated with Apache. The same row shows the threat type as IPS , meaning FortiAnalyzer is displaying it as an IPS-detected threat event. Therefore, the analyst can reasonably conclude that FortiAnalyzer recorded XSS attack activity against an Apache web server or Apache-related service.
Option B is not supported. The presence of a CVE ID provides vulnerability context, but it does not automatically mean that attack must be prioritized over every other entry. In FortiAnalyzer/FortiView, prioritization depends on threat level, threat score, incident count, affected assets, and SOC impact. In the exhibit, some entries without CVE IDs have higher threat scores and more incidents than the Apache XSS entry.
Option C is wrong because the exhibit itself includes non-IPS threat types, such as Malicious Website and P2P . FortiAnalyzer does not treat only IPS threats as genuine threats. FortiView aggregates multiple security-relevant categories so analysts can review threats across different log and detection types.
Option D is not a safe conclusion. The displayed table does not show a Critical threat level in the visible rows, but that does not prove that no critical threats exist. The view may be filtered, scoped by time, or limited to the currently displayed Top Threats entries. A SOC analyst should not infer total absence of critical threats from a filtered widget alone.
