NSE7_SOC_AR-7.6試験無料問題集「Fortinet NSE 7 - Security Operations 7.6 Architect 認定」

Which FortiAnalyzer connector can you use to run automation stitches9

解説: (GoShiken メンバーにのみ表示されます)
Which statement describes automation stitch integration between FortiGate and FortiAnalyzer?

解説: (GoShiken メンバーにのみ表示されます)
Which three end user logs does FortiAnalyzer use to identify possible IOC compromised hosts? (Choose three.)

正解:A,B,E 解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
Review the incident report:
Packet captures show a host maintaining periodic TLS sessions that imitate normal HTTPS traffic but run on TCP 8443 to a single external host. An analyst flags the traffic as potential command-and-control. During the same period, the host issues frequent DNS queries with oversized TXT payloads to an attacker-controlled domain, transferring staged files.
Which two MITRE ATT & CK techniques best describe this activity? (Choose two answers)

解説: (GoShiken メンバーにのみ表示されます)
Refer to the exhibit.

You are trying to find traffic flows to destinations that are in Europe or Asia, for hosts in the local LAN segment. However, the query returns no results. Assume these logs exist on FortiSIEM.
Which three mistakes can you see in the query shown in the exhibit? (Choose three answers)

正解:B,D,E 解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
Which two best practices should be followed when exporting playbooks in FortiAnalyzer? (Choose two answers)

解説: (GoShiken メンバーにのみ表示されます)
Refer to the exhibits.
The DOS attack playbook is configured to create an incident when an event handler generates a denial-of-ser
/ice (DoS) attack event.
Why did the DOS attack playbook fail to execute?

解説: (GoShiken メンバーにのみ表示されます)
Which two types of variables can you use in playbook tasks? (Choose two.)

解説: (GoShiken メンバーにのみ表示されます)
According to the National Institute of Standards and Technology (NIST) cybersecurity framework, incident handling activities can be divided into phases.
In which incident handling phase do you quarantine a compromised host in order to prevent an adversary from using it as a stepping stone to the next phase of an attack?

解説: (GoShiken メンバーにのみ表示されます)
You are investigating an open incident and want to add records from the Tickets module, a custom module, to the visual correlation widget. Assume there are already linked ticket records to the incident.

How do you accomplish this? Choose one answer.

解説: (GoShiken メンバーにのみ表示されます)