FCSS_ADA_AR-6.7 Exam Training Practice Tests (Fortinet FCSS

Question 1

How can you empower SOC by deploying FortiSOAR? (Choose three.)

A. Collaborative knowledge sharing B. Baseline user and traffic behavior C. Aggregate logs from distributed systems D. Address analyst skills gap E. Reduce human error

Correct Answer: A,D,E

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 2

Refer to the exhibit.

An administrator wants to remediate the incident from FortiSIEM shown in the exhibit.
What option is available to the administrator?

A. Run the block domain Windows DNS B. Quarantine IP FortiClient C. Run the block MAC FortiOS D. Run the block IP FortiOS 5.4

Correct Answer: A

Question 3

Refer to the exhibit.

Is the Windows agent delivering event logs correctly?

A. The logs are buffered by the agent and will be sent once the status changes to managed. B. The agent is registered and it is sending logs correctly. C. The agent is not sending logs because it did not receive a monitoring template. D. Because the agent is unmanaged. the logs are dropped silently by the supervisor.

Correct Answer: C

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 4

Refer to the exhibit.

An administrator deploys a new collector for the first time, and notices that all the processes expect the phMonitor are down.
How can the administrator bring the processes up?

A. The processes will come up after the collector is registered to the supervisor. B. Rebooting the collector will bring up the processes. C. The administrator needs to run the command phtools - start all on the collector. D. The collector was not deployed properly and must be redeployed.

Correct Answer: A

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 5

For what type of data values does the rule engine query the profile database?

A. Minimum and/or maximum values for the current hour of the day B. Statistical average and/or standard deviation values for the current hour of the day C. High and/or low values for the current hour of the day D. First and/or last values for the current hour of the day

Correct Answer: B

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 6

Refer to the exhibit.

Consider a nested event query where both inner and outer queries are event queries.
Reporting IP is selected from the CMDB group Network Device, Event Type is selected from the CMDB group Logon Success, and Source IP is selected from the report Failed Logons to Network Devices.
An administrator is about to execute the nested query. The report time ranges must be set before execution. The Nested Time Range will be applied to which attributes?

A. The nested time range will be configured for the Reporting IP attribute. B. The nested time range will be configured for the Event Type attribute. C. The nested time range will be configured for the Reporting IP and Event Type attributes. D. The nested time range will be configured for the Source IP attribute.

Correct Answer: B

Question 7

Refer to the exhibit.

Consider a custom lookup table MalwareIPList. An analyst constructed an analytic query to reference the MalwareIPList lookup table.
What is the outcome of the analytic query?

A. The analyst receives an error because the LookupTableGet function can be used only in display filters to enrich data. B. The value for the LookupTableGet function in the analytic search can be either true or false. C. The IP address from permitted traffic with a confidence score of 98 is displayed. D. The permitted traffic IP address from the Phishing category is displayed.

Correct Answer: A

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Fortinet FCSS—Advanced Analytics 6.7 Architect - FCSS_ADA_AR-6.7 Exam Practice Test