New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Fortinet NSE7_ADA-6.3 Fortinet NSE 7 - Advanced Analytics 6.3 Exam Practice Test

Page: 1 / 3
Total 34 questions

Fortinet NSE 7 - Advanced Analytics 6.3 Questions and Answers

Question 1

What happens to UEBA events when a user is off-net?

Options:

A.

The agent will upload the events to the Worker if it cannot upload them to a FortiSIEM collector

B.

The agent will cache events locally if it cannot upload them to a FortiSIEM collector

C.

The agent will upload the events to the Supervisor if it cannot upload them to a FortiSIEM collector

D.

The agent will drop the events if it cannot upload them to a FortiSIEM collector

Question 2

Refer to the exhibit. Click on the calculator button.

Question # 2

Based on the information provided in the exhibit, calculate the unused events for the next three minutes for a 520 EPS license.

Options:

A.

72460

B.

73460

C.

74460

D.

71460

Question 3

Identify the processes associated with Machine Learning/Al on FortiSIEM. (Choose two.)

Options:

A.

phFortiInsightAI

B.

phReportMaster

C.

phRuleMaster

D.

phAnomaly

E.

phRuleWorker

Question 4

How can you empower SOC by deploying FortiSOAR? (Choose three.)

Options:

A.

Aggregate logs from distributed systems

B.

Collaborative knowledge sharing

C.

Baseline user and traffic behavior

D.

Reduce human error

E.

Address analyst skills gap

Question 5

Which three statements about phRuleMaster are true? (Choose three.)

Options:

A.

phRuleMaster queues up the data being received from the phRuleWorkers into buckets.

B.

phRuleMaster is present on the supervisor and workers.

C.

phRuleMaster is present on the supervisor only

D.

phRuleMaster wakes up to evaluate all the rule data in series, every 30 seconds.

E.

phRuleMaster wakes up to evaluate all the rule data in parallel, even/ 30 seconds

Question 6

Refer to the exhibit.

Question # 6

Which statement about the rule filters events shown in the exhibit is true?

Options:

A.

The rule filters events with an event type that belong to the Domain Account Locked CMDB group or a reporting IP that belong to the Domain Controller applications group.

B.

The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting |P that belong to the Domain Controller applications group.

C.

The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a user that belongs to the Domain Controller applications group.

D.

The rule filters events with an event type that equals Domain Account Locked and a reporting IP that equals Domain Controller applications.

Question 7

Refer to the exhibit.

Question # 7

Why is the windows device still in the CMDB, even though the administrator uninstalled the windows agent?

Options:

A.

The device was not uninstalled properly

B.

The device must be deleted from backend of FortiSIEM

C.

The device has performance jobs assigned

D.

The device must be deleted manually from the CMDB

Question 8

What is Tactic in the MITRE ATT&CK framework?

Options:

A.

Tactic is how an attacker plans to execute the attack

B.

Tactic is what an attacker hopes to achieve

C.

Tactic is the tool that the attacker uses to compromise a system

D.

Tactic is a specific implementation of the technique

Question 9

Refer to the exhibit.

Question # 9

The exhibit shows the output of an SQL command that an administrator ran to view the natural_id value, after logging into the Postgres database.

What does the natural_id value identify?

Options:

A.

The supervisor

B.

The worker

C.

An agent

D.

The collector

Question 10

In the event of a WAN link failure between the collector and the supervisor, by default, what is the maximum number of event files stored on the collector?

Options:

A.

30.000

B.

10.000

C.

40.000

D.

20.000

Page: 1 / 3
Total 34 questions