Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Fortinet NSE7_ADA-6.3 - Fortinet NSE 7 - Advanced Analytics 6.3

Page: 1 / 1
Total 34 questions

Refer to the exhibit.

If the Z-score for this rule is greater than or equal to three, what does this mean?

A.

The rate of firewall connection is optimum.

B.

The rate of firewall connection is above the historical average value.

C.

The rate of firewall connection is above the current average value.

D.

The rate of firewall connection is below historical average value.

Refer to the exhibit.

How long has the UEBA agent been operationally down?

A.

21 Hours

B.

9 Hours

C.

20 Hours

D.

2 Hours

Which syntax will register a collector to the supervisor?

A.

phProvisionCollector --add

B.

phProvisionCollector --add

C.

phProvisionCollector --add

D.

phProvisionCollector --add

What is the disadvantage of automatic remediation?

A.

It can make a disruptive change to a user, block access to an application, or disconnect critical systems from the network.

B.

It is equivalent to running an IPS in monitor-only mode — watches but does not block.

C.

External threats or attacks detected by FortiSIEM will need user interaction to take action on an already overworked SOC team.

D.

Threat behaviors occurring during the night could take hours to respond to.

Which three processes are collector processes? (Choose three.)

A.

phAgentManaqer

B.

phParser

C.

phRuleMaster

D.

phReportM aster

E.

phMonitorAgent

Which two statements about the maximum device limit on FortiSIEM are true? (Choose two.)

A.

The device limit is defined per customer and every customer is assigned a fixed number of device limit by the service provider.

B.

The device limit is only applicable to enterprise edition.

C.

The device limit is based on the license type that was purchased from Fortinet.

D.

The device limit is defined for the whole system and is shared by every customer on a service provider edition.

Which statement about EPS bursting is true?

A.

FortiSIEM will let you burst up to five times the licensed EPS once during a 24-hour period.

B.

FortiSIEM must be provisioned with ten percent the licensed EPS to handle potential event surges.

C.

FortiSIEM will let you burst up to five times the licensed EPS at any given time, provided it has accumulated enough unused EPS.

D.

FortiSIEM will let you burst up to five times the licensed EPS at any given time, regardless of unused of EPS.

Refer to the exhibit.

The rule evaluates multiple VPN logon failures within a ten-minute window. Consider the following VPN failure events received within a ten-minute window:

How many incidents are generated?

A.

1

B.

2

C.

0

D.

3

What is Tactic in the MITRE ATT&CK framework?

A.

Tactic is how an attacker plans to execute the attack

B.

Tactic is what an attacker hopes to achieve

C.

Tactic is the tool that the attacker uses to compromise a system

D.

Tactic is a specific implementation of the technique

How can you empower SOC by deploying FortiSOAR? (Choose three.)

A.

Aggregate logs from distributed systems

B.

Collaborative knowledge sharing

C.

Baseline user and traffic behavior

D.

Reduce human error

E.

Address analyst skills gap