Special Summer Sale Discount Flat 70% Offer - Ends in 0d 00h 00m 00s - Coupon code: 70diswrap

Fortinet FCSS_ADA_AR-6.7 Dumps

FCSS Advanced Analytics 6.7 Architect Questions and Answers

Question 1

What happens to events that the collector receives when there is a WAN link failure between the collector and the supervisor?

Options:

A.

Events are buffered for up to 24 hours.

B.

Events are buffered up to 10 MB before compression.

C.

Events are buffered up to 10.000 logs.

D.

Events are buffered up to 1 GB after compression.

Question 2

What are two functions of numpoints in a rule and profile database? (Choose two.)

Options:

A.

To prevent premature triggering of a rule before a baseline is set and becomes active

B.

To ensure that the data points do not exceed a threshold value

C.

To fetch only values from the profile database that have numPoints greater than a certain threshold

D.

To track the hour of the dayfor each data value

Question 3

Refer to the exhibit.

as

An administrator runs an analytic search for all FortiGate SSL VPN logon failures. The results are grouped by source IP, reporting IP, and user. The administrator wants to restrict the results to only those rows where the COUNT >=3.

Which user would meet that condition?

Options:

A.

Jan

B.

Sarah

C.

Admin

D.

Tom

Question 4

How can you invoke an integration policy on FortiSIEM rules?

Options:

A.

Through Notification Policy settings

B.

Through External Authentication settings

C.

Through Incident Notification settings

D.

Through remediation scripts

Question 5

What are the modes of Data Ingestion on FortiSOAR? (Choose three.)

Options:

A.

Policy based

B.

Rule based

C.

App Push

D.

Schedule based

E.

Notification based

Question 6

Refer to the exhibit.

as

The exhibit shows the output of an SQL command that an administrator ran to view the natural_id value, after logging into the Postgres database.

What does the natural_id value identify?

Options:

A.

The collector

B.

An agent

C.

The worker

D.

The supervisor

Question 7

Which statement accurately contrasts lookup tables with watchlists?

Options:

A.

Lookup table values age out after a period, whereas watchlist values do not have any time condition.

B.

You can populate lookup tables through an incident, whereas you cannot populate watchlists through an incident.

C.

Lookup tables can contain multiple columns, whereas watchlists contain only a single column.

D.

You can reference lookup table data in analytic queries and reports almost immediately, whereas you may have to wait up to 5-10 minutes for watchlist entries to be useable in queries and reports.

Question 8

Refer to the exhibit.

as

A service provider does not have a dedicated worker in the cluster, but still wants to add a collector to an organization.

What option does the administrator have?

Options:

A.

Define a pseudo address as a worker IP address

B.

Install a worker

C.

Ignore the warning and continue adding the collector

D.

Define the supervisorIP address as a worker unload address

Question 9

Refer to the exhibit.

as

Consider a nested event query where both inner and outer queries are event queries.

Reporting IPis selected from the CMDB groupNetwork Device, Event Typeis selected from the CMDB groupLogon Success,andSource IPis selected from the reportFailed Logons to Network Devices.

An administrator is about to execute the nested query. The report time ranges must be set before execution. TheNested Time Rangewill be applied to which attributes?

Options:

A.

The nested time range will be configured for the Reporting IP attribute.

B.

The nested time range will be configured for the Reporting IP and Event Type attributes.

C.

The nested time range will be configured for the Source IP attribute.

D.

The nested time range will be configured for the Event Type attribute.

Question 10

Refer to the exhibit.

as

Within what time window is the incident auto cleared?

Options:

A.

1800 seconds

B.

Null

C.

1 day

D.

30 minutes

Question 11

Refer to the exhibit.

as

Which scenario is not a supported nested query scenario?

Options:

A.

The outer query is the event query, and the inner query is the event query.

B.

The outer query is the event query, and the inner query is the CMDB query.

C.

The outer query is the CMDB query, and the inner query is the event query.

D.

The outer query is the CMDB query, and the inner query is the CMDB query.

Question 12

Which three statements about collector communication with the FortiSIEM cluster are true? (Choose three.)

Options:

A.

Collectors communicate periodically with the supervisor node.

B.

The supervisor periodically checks the health of the collector.

C.

The only communication between the collector and the supervisor is during the registration process.

D.

The supervisor does not initiate any connections to the collector node.

E.

Collector upload event data to any node in the worker upload list, but report their health directly to the supervisor node.

Question 13

What is the hourly bucket used in baselining?

Options:

A.

To store hourly baselines reports for every hour of the day during weekdays and weekends

B.

To store data for specific baselines during the weekend, if there is a spike in network activity

C.

To store data for specific baselines during peak business hours of weekdays

D.

To store data for specific baselines for every hour of the day during weekdays and weekends

Question 14

Refer to the exhibit.

as

This is an example of a baseline profile that is configured in the backend of FortiSIEM.

Which two Group By attributes are configured for this profile? (Choose two.)

Options:

A.

Logon Failure

B.

Reporting Device

C.

Reporting IP

D.

Distinct User

Question 15

A service provider purchases a licensed EPS of 520. The guaranteed EPS allocated to three customers is 50, 100, and 150 respectively. At the end of every three-minute interval, incoming EPS is calculated at every collector and the value is sent to the central decision-making engine on the supervisor node.

The incoming EPS for the first collector is 25. the incoming EPS for the second collector is 50, and the incoming EPS for the third collector is 75.

Based on the information provided, what is the unused events total calculated by the supervisor?

Options:

A.

76.000

B.

35.960

C.

75.960

D.

71.460

Question 16

How can you empower SOC by deploying FortiSOAR? (Choose three.)

Options:

A.

Collaborative knowledge sharing

B.

Aggregate logs from distributed systems

C.

Address analyst skills gap

D.

Baseline user and traffic behavior

E.

Reduce human error

Question 17

Refer to the exhibit.

as

The window for this rule is 30 minutes.

What is this rule tracking?

Options:

A.

A sudden 50% increase in WMI response times over a 30-minute time window

B.

A sudden 1.50 times increase in WMI response times over a 30-minute time window

C.

A sudden 150% increase in WMI response times over a 30-minute time window

D.

A sudden 75% increase in WMI response times over a 30-minute time window

Page: 1 / 6
Total 59 questions