ExamGecko
Search Search Login
Home Home / Fortinet / NSE7_ADA-6.3

Fortinet NSE7_ADA-6.3 Practice Test - Questions Answers, Page 4

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is Tactic in the MITRE ATT&CK framework?
Which two statements about the maximum device limit on FortiSIEM are true? (Choose two.)
On which disk are the SQLite databases that are used for the baselining stored?
Refer to the exhibit. The rule evaluates multiple VPN logon failures within a ten-minute window. Consider the following VPN failure events received within a ten-minute window: How many incidents are generated?
Which statement about EPS bursting is true?
Which three processes are collector processes? (Choose three.)
Refer to the exhibit. Which statement about the rule filters events shown in the exhibit is true?
Identify the processes associated with Machine Learning/Al on FortiSIEM. (Choose two.)
Refer to the exhibit. An administrator deploys a new collector for the first time, and notices that all the processes except the phMonitor are down. How can the administrator bring the processes up?
Refer to the exhibit. How long has the UEBA agent been operationally down?

Question 31

Report
Export
Collapse

Refer to the exhibit.

Why was this incident auto cleared?

A.
Within five minutes the packet loss percentage dropped to a level where the reporting IP is the same as the host IP
A.
Within five minutes the packet loss percentage dropped to a level where the reporting IP is the same as the host IP
Answers
B.
The original rule did not trigger within five minutes
B.
The original rule did not trigger within five minutes
Answers
C.
Within five minutes, the packet loss percentage dropped to a level where the reporting IP is same as the source IP
C.
Within five minutes, the packet loss percentage dropped to a level where the reporting IP is same as the source IP
Answers
D.
Within five minutes, the packet loss percentage dropped to a level where the host IP of the original rule matches the host IP of the clear condition pattern
D.
Within five minutes, the packet loss percentage dropped to a level where the host IP of the original rule matches the host IP of the clear condition pattern
Answers
Suggested answer: D

Explanation:

The incident was auto cleared because within five minutes, the packet loss percentage dropped to a level where the host IP of the original rule matches the host IP of the clear condition pattern. The clear condition pattern specifies that if there is an event with a packet loss percentage less than or equal to 10% and a host IP that matches any host IP in this incident, then clear this incident.

Question 32

Report
Export
Collapse

From where does the rule engine load the baseline data values?

A.
The profile report
A.
The profile report
Answers
B.
The daily database
B.
The daily database
Answers
C.
The profile database
C.
The profile database
Answers
D.
The memory
D.
The memory
Answers
Suggested answer: C

Explanation:

The rule engine loads the baseline data values from the profile database. The profile database contains historical data that is used for baselining calculations, such as minimum, maximum, average, standard deviation, and percentile values for various metrics.

Question 33

Report
Export
Collapse

Refer to the exhibit.

Which statement about the rule filters events shown in the exhibit is true?

A.
The rule filters events with an event type that belong to the Domain Account Locked CMDB group or a reporting IP that belong to the Domain Controller applications group.
A.
The rule filters events with an event type that belong to the Domain Account Locked CMDB group or a reporting IP that belong to the Domain Controller applications group.
Answers
B.
The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting |P that belong to the Domain Controller applications group.
B.
The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting |P that belong to the Domain Controller applications group.
Answers
C.
The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a user that belongs to the Domain Controller applications group.
C.
The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a user that belongs to the Domain Controller applications group.
Answers
D.
The rule filters events with an event type that equals Domain Account Locked and a reporting IP that equals Domain Controller applications.
D.
The rule filters events with an event type that equals Domain Account Locked and a reporting IP that equals Domain Controller applications.
Answers
Suggested answer: B

Explanation:

The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting IP that belong to the Domain Controller applications group. This means that only events that have both criteria met will be processed by this rule. The event type and reporting IP are joined by an AND operator, which requires both conditions to be true.

Question 34

Report
Export
Collapse

Refer to the exhibit.

Why is the windows device still in the CMDB, even though the administrator uninstalled the windows agent?

A.
The device was not uninstalled properly
A.
The device was not uninstalled properly
Answers
B.
The device must be deleted from backend of FortiSIEM
B.
The device must be deleted from backend of FortiSIEM
Answers
C.
The device has performance jobs assigned
C.
The device has performance jobs assigned
Answers
D.
The device must be deleted manually from the CMDB
D.
The device must be deleted manually from the CMDB
Answers
Suggested answer: D

Explanation:

The windows device is still in the CMDB, even though the administrator uninstalled the windows agent, because the device must be deleted manually from the CMDB. Uninstalling the windows agent does not automatically remove the device from the CMDB, as there may be other sources of data for the device, such as SNMP or syslog. To delete the device from the CMDB, the administrator must go to CMDB > Devices > All Devices, select the device, and click Delete.

Total 34 questions
Go to page: of 4
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms