FCSS_ADA_AR-6.7試験無料問題集（140題）「Fortinet FCSS—Advanced Analytics 6.7 Architect 認定」

出題：1

Refer to the exhibit.

An administrator runs an analytic search for all FortiGate SSL VPN logon failures. The results are grouped by source IP, reporting IP, and user. The administrator wants to restrict the results to only those rows where the COUNT >= 3.
Which user would meet that condition?

A. Jan

B. Sarah

C. Tom

D. Admin

正解：C 解答を投票する

出題：2

When constructing FortiSIEM rules, it's important to:

A. Make rules based on aesthetic preferences?

B. Frequently change rule conditions for variety?

C. Ensure rules are broad to cover all possible events?

D. Prioritize rules based on the likelihood and impact of events?

正解：D 解答を投票する

出題：3

For effective rule construction in FortiSIEM, it's essential to consider:

A. The expected behavior of users in the network?

B. The specific brands of devices in the environment?

C. Known patterns of malicious activities?

D. The latest threats detailed in the MITRE ATT&CK® framework?

正解：A,C,D 解答を投票する

出題：4

Refer to the exhibit.

Is the Windows agent delivering event logs correctly?

A. The agent is not sending logs because it did not receive a monitoring template.

B. The agent is registered and it is sending logs correctly.

C. The logs are buffered by the agent and will be sent once the status changes to managed.

D. Because the agent is unmanaged. the logs are dropped silently by the supervisor.

正解：D 解答を投票する

出題：5

Refer to the exhibit.

The rule evaluates multiple VPN logon failures within a ten-minute window.
Consider the following VPN failure events received within a ten-minute window:

How many incidents are generated?

A. 2

B. 1

C. 0

D. 3

正解：C 解答を投票する

出題：6

Refer to the exhibit.

The service provider deployed FortiSIEM without a collector and added three customers on the supervisor.
What mistake did the administrator make?

A. The number of workers on the FortiSIEM cluster must match the number of customers added.

B. Collectors must be deployed on all customer premises before they are added to organizations on the supervisor.

C. At least one collector must be deployed to collect logs from service provider infrastructure devices.

D. Customer A and customer B have overlapping IP addresses.

正解：D 解答を投票する

出題：7

Refer to the exhibit.

An administrator deploys a new collector for the first time, and notices that all the processes expect the phMonitor are down.
How can the administrator bring the processes up?

A. The processes will come up after the collector is registered to the supervisor.

B. The administrator needs to run the command phtools - start all on the collector.

C. The collector was not deployed properly and must be redeployed.

D. Rebooting the collector will bring up the processes.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

What is Tactic in the MITRE ATT&CK framework?

A. Tactic is how an attacker plans to execute the attack

B. Tactic is what an attacker hopes to achieve

C. Tactic is a specific implementation of the technique

D. Tactic is the tool that the attacker uses to compromise a system

正解：B 解答を投票する

出題：9

Refer to the exhibit.

Is the Windows agent delivering event logs correctly?

A. The agent is not sending logs because it did not receive a monitoring template.

B. The agent is registered and it is sending logs correctly.

C. The logs are buffered by the agent and will be sent once the status changes to managed.

D. Because the agent is unmanaged. the logs are dropped silently by the supervisor.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Refer to the exhibit.

An administrator wants to remediate the incident from FortiSIEM shown in the exhibit.
What option is available to the administrator?

A. Run the block IP FortiOS 5.4

B. Run the block MAC FortiOS

C. Quarantine IP FortiClient

D. Run the block domain Windows DNS

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

FCSS_ADA_AR-6.7試験無料問題集「Fortinet FCSS—Advanced Analytics 6.7 Architect 認定」