Ask Question
Fortinet NSE7_ADA-6.3 Practice Test - Questions Answers
Question list
List of questions
Related questions
Question 1
Which syntax will register a collector to the supervisor?
Explanation:
The syntax that will register a collector to the supervisor is phProvisionCollector --add <supervisor IP>. This command will initiate the registration process between the collector and the supervisor, and exchange certificates and configuration information. The <supervisor IP> parameter is the IP address of the supervisor node.
Question 2
What is Tactic in the MITRE ATT&CK framework?
Explanation:
Tactic is what an attacker hopes to achieve in the MITRE ATT&CK framework. Tactic is a high-level category of adversary behavior that describes their objective or goal. For example, some tactics are Initial Access, Persistence, Lateral Movement, Exfiltration, etc. Each tactic consists of one or more techniques that describe how an attacker can accomplish that tactic.
Question 3
Refer to the exhibit.
If the Z-score for this rule is greater than or equal to three, what does this mean?
Explanation:
If the Z-score for this rule is greater than or equal to three, it means that the rate of firewall connection is above the historical average value. The Z-score is a measure of how many standard deviations a value is away from the mean of a distribution. A Z-score of three or more indicates that the value is significantly higher than the mean, which implies an anomaly or deviation from normal behavior.
Question 4
Why can collectors not be defined before the worker upload address is set on the supervisor?
Explanation:
Collectors cannot be defined before the worker upload address is set on the supervisor because collectors receive the worker upload address during the registration process. The worker upload address is a list of IP addresses of worker nodes that can receive event data from collectors. The supervisor provides this list to collectors when they register with it, so that collectors can upload event data to any node in the list.
Question 5
Which three statements about collector communication with the FortiSIEM cluster are true? (Choose three.)
Explanation:
The statements about collector communication with the FortiSIEM cluster that are true are:
Collectors communicate periodically with the supervisor node. Collectors send heartbeat messages to the supervisor every 30 seconds to report their status and configuration.
The supervisor periodically checks the health of the collector. The supervisor monitors the heartbeat messages from collectors and alerts if there is any issue with their connectivity or performance.
Collectors upload event data to any node in the worker upload list, but report their health directly to the supervisor node. Collectors use a round-robin algorithm to distribute event data among worker nodes in the worker upload list, which is provided by the supervisor during registration. However, collectors only report their health and status to the supervisor node.
Question 6
How can you invoke an integration policy on FortiSIEM rules?
Explanation:
You can invoke an integration policy on FortiSIEM rules by configuring the Notification Policy settings. You can select an integration policy from the drop-down list and specify the conditions for triggering it. For example, you can invoke an integration policy when an incident is created, updated, or closed.
Reference:Fortinet NSE 7 - Advanced Analytics 6.3 Exam Description, page 9
Question 7
Refer to the exhibit.
How long has the UEBA agent been operationally down?
Explanation:
The UEBA agent status shows that it has been operationally down for one day and three hours ago (1d3h). This means that it has been down for 24 hours plus three hours, which is equal to 21 hours.
Question 8
Refer to the exhibit. Click on the calculator button.
The profile database contains CPU utilization values from day one. At midnight on the second day, the CPU utilization values from the daily database will be merged with the profile database.
In the profile database, in the Hour of Day column where 9 is the value, what will be the updated minimum, maximum, and average CPU utilization values?
Explanation:
The profile database contains CPU utilization values from day one. At midnight on the second day, the CPU utilization values from the daily database will be merged with the profile database using a weighted average formula:
New value = (Old value x Old weight) + (New value x New weight) / (Old weight + New weight)
The weight is determined by the number of days in each database. In this case, the profile database has one day of data and the daily database has one day of data, so the weight is equal for both databases. Therefore, the formula simplifies to:
New value = (Old value + New value) / 2
In the profile database, in the Hour of Day column where 9 is the value, the updated minimum, maximum, and average CPU utilization values are:
Min CPU Util = (32.31 + 32.31) / 2 = 32.31 Max CPU Util = (33.50 + 33.50) / 2 = 33.50 AVG CPU Util = (32.67 + 32.67) / 2 = 32.67
Question 9
Refer to the exhibit.
An administrator deploys a new collector for the first time, and notices that all the processes except the phMonitor are down.
How can the administrator bring the processes up?
Explanation:
The collector processes are dependent on the registration with the supervisor. The phMonitor process is responsible for registering the collector to the supervisor and monitoring the health of other processes. After the registration is successful, the phMonitor will start the other processes on the collector.
Question 10
How do customers connect to a shared multi-tenant instance on FortiSOAR?
Explanation:
To connect to a shared multi-tenant instance on FortiSOAR, the MSSP must install an agent node on the customer's network. The agent node acts as a proxy between the customer's devices and the FortiSOAR manager node. The agent node also performs data collection, enrichment, and normalization for the customer's data sources.
Reference:Fortinet NSE 7 - Advanced Analytics 6.3 Exam Description, page 11
Question