Refer to the exhibit. An administrator wants to remediate the incident from FortiSIEM shown in the exhibit. What option is available to the administrator?

Run the block domain Windows DNS

Refer to the exhibit. The window for this rule is 30 minutes. What is this rule tracking?

A sudden 50% increase in WMI response times over a 30-minute time window

A sudden 1.50 times increase in WMI response times over a 30-minute time window

A sudden 75% increase in WMI response times over a 30-minute time window

A sudden 150% increase in WMI response times over a 30-minute time window

Which statement about EPS bursting is true?

FortiSIEM will let you burst up to five times the licensed EPS at any given time, provided it has accumulated enough unused EPS.

FortiSIEM will let you burst up to five times the licensed EPS once during a 24-hour period.

FortiSIEM must be provisioned with ten percent the licensed EPS to handle potential event surges.

FortiSIEM will let you burst up to five times the licensed EPS at any given time, regardless of unused of EPS.

Refer to the exhibit. Click on the calculator button. The profile database contains CPU utilization values from day one. At midnight on the second day, the CPU utilization values from the daily database will be merged with the profile database. In the profile database, in the Hour of Day column where 9 is the value, what will be the updated minimum, maximum, and average CPU utilization values?

Min CPU Util=32.31, Max CPU Util=33.50 and AVG CPU Util=32.67

Min CPU Util=32.31, Max CPU Util=33.50 and AVG CPU Util=33.50

Min CPU Util=32.31, Max CPU Util=32.31 and AVG CPU Util=32.31

Min CPU Util=33.50, Max CPU Util=33.50 and AVG CPU Util=33.50

Refer to the exhibit. An administrator deploys a new collector for the first time, and notices that all the processes except the phMonitor are down. How can the administrator bring the processes up?

The processes will come up after the collector is registered to the supervisor.

The administrator needs to run the command phtools --start all on the collector.

Rebooting the collector will bring up the processes.

The collector was not deployed properly and must be redeployed.

Which two statements about the maximum device limit on FortiSIEM are true? (Choose two.)

The device limit is based on the license type that was purchased from Fortinet.

The device limit is defined for the whole system and is shared by every customer on a service provider edition.

The device limit is defined per customer and every customer is assigned a fixed number of device limit by the service provider.

The device limit is only applicable to enterprise edition.

Which three statements about phRuleMaster are true? (Choose three.)

phRuleMaster queues up the data being received from the phRuleWorkers into buckets.

phRuleMaster is present on the supervisor only.

phRuleMaster wakes up to evaluate all the rule data in parallel, every 30 seconds.

phRuleMaster is present on the supervisor and workers.

phRuleMaster wakes up to evaluate all the rule data in series, every 30 seconds.

Refer to the exhibit. The service provider deployed FortiSIEM without a collector and added three customers on the supervisor. What mistake did the administrator make?

Customer A and customer B have overlapping IP addresses.

Collectors must be deployed on all customer premises before they are added to organizations on the supervisor.

The number of workers on the FortiSIEM cluster must match the number of customers added.

At least one collector must be deployed to collect logs from service provider infrastructure devices.

Refer to the exhibit. Why was this incident auto cleared?

Within five minutes, the packet loss percentage dropped to a level where the host IP of the original rule matches the host IP of the clear condition pattern

Within five minutes the packet loss percentage dropped to a level where the reporting IP is the same as the host IP

The original rule did not trigger within five minutes

Within five minutes, the packet loss percentage dropped to a level where the reporting IP is same as the source IP

Refer to the exhibit. Which statement about the rule filters events shown in the exhibit is true?

The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting |P that belong to the Domain Controller applications group.

The rule filters events with an event type that belong to the Domain Account Locked CMDB group or a reporting IP that belong to the Domain Controller applications group.

The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a user that belongs to the Domain Controller applications group.

The rule filters events with an event type that equals Domain Account Locked and a reporting IP that equals Domain Controller applications.

Refer to the exhibit. Why is the windows device still in the CMDB, even though the administrator uninstalled the windows agent?

The device must be deleted manually from the CMDB

The device was not uninstalled properly

The device must be deleted from backend of FortiSIEM

The device has performance jobs assigned

What is Tactic in the MITRE ATT&CK framework?

Tactic is what an attacker hopes to achieve

Tactic is how an attacker plans to execute the attack

Tactic is the tool that the attacker uses to compromise a system

Tactic is a specific implementation of the technique

Refer to the exhibit. If the Z-score for this rule is greater than or equal to three, what does this mean?

The rate of firewall connection is above the historical average value.

The rate of firewall connection is optimum.

The rate of firewall connection is above the current average value.

The rate of firewall connection is below historical average value.

Why can collectors not be defined before the worker upload address is set on the supervisor?

Collectors receive the worker upload address during the registration process

Collectors can only upload data to a worker, and the supervisor is not a worker

To ensure that the service provider has deployed at least one worker along with a supervisor

To ensure that the service provider has deployed a NFS server

Which three statements about collector communication with the FortiSIEM cluster are true? (Choose three.)

Collectors communicate periodically with the supervisor node.

The supervisor does not initiate any connections to the collector node.

Collectors upload event data to any node in the worker upload list, but report their health directly to the supervisor node.

The only communication between the collector and the supervisor is during the registration process.

The supervisor periodically checks the health of the collector.

What happens to UEBA events when a user is off-net?

The agent will drop the events if it cannot upload them to a FortiSIEM collector

The agent will upload the events to the Worker if it cannot upload them to a FortiSIEM collector

The agent will cache events locally if it cannot upload them to a FortiSIEM collector

The agent will upload the events to the Supervisor if it cannot upload them to a FortiSIEM collector

Refer to the exhibit. Is the Windows agent delivering event logs correctly?

The agent is not sending logs because it did not receive a monitoring template.

The logs are buffered by the agent and will be sent once the status changes to managed.

The agent is registered and it is sending logs correctly.

Because the agent is unmanaged, the logs are dropped silently by the supervisor.

NSE7 ADVANCE ANALITYS

Authored by Sergio Ortiz

Computers

Professional Development

Used 40+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

33 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

How can you invoke an integration policy on FortiSIEM rules?

Through Notification Policy settings

Through Incident Notification settings

Through remediation scripts

Through External Authentication settings

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

How do customers connect to a shared multi-tenant instance on FortiSOAR?

The MSSP must provide secure network connectivity between the FortiSOAR manager node and the customer devices.

The MSSP must install a Secure Message Exchange node to connect to the customer's shared multi-tenant instance.

The customer must install a tenant node to connect to the MSSP shared multi-tenant instance.

The MSSP must install an agent node on the customer's network to connect to the customer's shared multi-tenant instance.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

In the event of a WAN link failure between the collector and the supervisor, by default, what is the maximum number of event files stored on the collector?

30,000

10,000

40,000

20,000

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the disadvantage of automatic remediation?

It can make a disruptive change to a user, block access to an application, or disconnect critical systems from the network.

It is equivalent to running an IPS in monitor-only mode — watches but does not block.

External threats or attacks detected by FortiSIEM will need user interaction to take action on an already overworked SOC team.

Threat behaviors occurring during the night could take hours to respond to.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

What are the modes of Data Ingestion on FortiSOAR? (Choose three.)

Rule based

Notification based

App Push

Policy based

Schedule based

MULTIPLE SELECT QUESTION

45 sec • 1 pt

How can you empower SOC by deploying FortiSOAR? (Choose three.)

Aggregate logs from distributed systems

Collaborative knowledge sharing

Baseline user and traffic behavior

Reduce human error

Address analyst skills gap

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Which of the following are two Tactics in the MITRE ATT&CK framework? (Choose two.)

Rootkit

Reconnaissance

Discovery

BITS Jobs

Phishing

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

32 questions

HISTORY OF COMPUTERS AND COMPUTER BASICS

Quiz

•

3rd Grade - Professio...

30 questions

Excel Certification Practice test

Quiz

•

Professional Development

28 questions

Java Fundamentals

Quiz

•

Professional Development

28 questions

Linux_Recap

Quiz

•

Professional Development

28 questions

QUIZ 'PRASHNA-CHINHA'

Quiz

•

Professional Development

35 questions

GENERAL APTITUDE

Quiz

•

Professional Development

28 questions

ISTQB Foundation - Module 1 - Quizz

Quiz

•

Professional Development

37 questions

MS-900 - Describe Microsoft 365 Pricing and Support

Quiz

•

Professional Development

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

14 questions

Boundaries & Healthy Relationships

Lesson

•

6th - 8th Grade

13 questions

SMS Cafeteria Expectations Quiz

Quiz

•

6th - 8th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

12 questions

SMS Restroom Expectations Quiz

Quiz

•

6th - 8th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

10 questions

Pi Day Trivia!

Quiz

•

6th - 9th Grade

Discover more resources for Computers

20 questions

90s Cartoons

Quiz

•

Professional Development

5 questions

Workplace Documents Practice Test: Document 1

Quiz

•

Professional Development

5 questions

Workplace Documents Practice Test: Document 2

Quiz

•

Professional Development

10 questions

March Quiz

Quiz

•

Professional Development

5 questions

Copy of G5_U6_L8_22-23

Lesson

•

KG - Professional Dev...

NSE7 ADVANCE ANALITYS

How can you invoke an integration policy on FortiSIEM rules?

How do customers connect to a shared multi-tenant instance on FortiSOAR?

In the event of a WAN link failure between the collector and the supervisor, by default, what is the maximum number of event files stored on the collector?

What is the disadvantage of automatic remediation?

What are the modes of Data Ingestion on FortiSOAR? (Choose three.)

How can you empower SOC by deploying FortiSOAR? (Choose three.)

Which of the following are two Tactics in the MITRE ATT&CK framework? (Choose two.)

Refer to the exhibit. Click on the calculator button.Based on the information provided in the exhibit, calculate the unused events for the next three minutes for a 520 EPS license

Refer to the exhibit.An administrator wants to remediate the incident from FortiSIEM shown in the exhibit.What option is available to the administrator?

Refer to the exhibit.The window for this rule is 30 minutes.What is this rule tracking?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers

Refer to the exhibit. Click on the calculator button.
Based on the information provided in the exhibit, calculate the unused events for the next three minutes for a 520 EPS license

Refer to the exhibit.
An administrator wants to remediate the incident from FortiSIEM shown in the exhibit.
What option is available to the administrator?

Refer to the exhibit.
The window for this rule is 30 minutes.
What is this rule tracking?