New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Fortinet NSE7_ADA-6.3 Fortinet NSE 7 - Advanced Analytics 6.3 Exam Practice Test

Demo: 10 questions
Total 34 questions

Fortinet NSE 7 - Advanced Analytics 6.3 Questions and Answers

Question 1

From where does the rule engine load the baseline data values?

Options:

A.

The profile report

B.

The daily database

C.

The profile database

D.

The memory

Question 2

Which syntax will register a collector to the supervisor?

Options:

A.

phProvisionCollector --add

B.

phProvisionCollector --add

C.

phProvisionCollector --add

D.

phProvisionCollector --add

Question 3

In the event of a WAN link failure between the collector and the supervisor, by default, what is the maximum number of event files stored on the collector?

Options:

A.

30.000

B.

10.000

C.

40.000

D.

20.000

Question 4

Refer to the exhibit.

Which statement about the rule filters events shown in the exhibit is true?

Options:

A.

The rule filters events with an event type that belong to the Domain Account Locked CMDB group or a reporting IP that belong to the Domain Controller applications group.

B.

The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting |P that belong to the Domain Controller applications group.

C.

The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a user that belongs to the Domain Controller applications group.

D.

The rule filters events with an event type that equals Domain Account Locked and a reporting IP that equals Domain Controller applications.

Question 5

Refer to the exhibit.

How long has the UEBA agent been operationally down?

Options:

A.

21 Hours

B.

9 Hours

C.

20 Hours

D.

2 Hours

Question 6

Refer to the exhibit. Click on the calculator button.

The profile database contains CPU utilization values from day one. At midnight on the second day, the CPU utilization values from the daily database will be merged with the profile database.

In the profile database, in the Hour of Day column where 9 is the value, what will be the updated minimum, maximum, and average CPU utilization values?

Options:

A.

Min CPU Util=32.31, Max CPU Ucil=33.50 and AVG CPU Util=33.50

B.

Min CPU Util=32.31, Max CPU Ucil=33.50 and AVG CPU Util=32.67

C.

Min CPU Util=32.31, Max CPU Ucil=32.31 and AVG CPU Util=32.31

D.

Min CPU Util=33.50, Max CPU Ucil=33.50 and AVG CPU Util=33.50

Question 7

Which three processes are collector processes? (Choose three.)

Options:

A.

phAgentManaqer

B.

phParser

C.

phRuleMaster

D.

phReportM aster

E.

phMonitorAgent

Question 8

Which three statements about collector communication with the FortiSIEM cluster are true? (Choose three.)

Options:

A.

The only communication between the collector and the supervisor is during the registration process.

B.

Collectors communicate periodically with the supervisor node.

C.

The supervisor periodically checks the health of the collector.

D.

The supervisor does not initiate any connections to the collector node.

E.

Collectors upload event data to any node in the worker upload list, but report their health directly to the supervisor node.

Question 9

Refer to the exhibit.

Why was this incident auto cleared?

Options:

A.

Within five minutes the packet loss percentage dropped to a level where the reporting IP is the same as the host IP

B.

The original rule did not trigger within five minutes

C.

Within five minutes, the packet loss percentage dropped to a level where the reporting IP is same as the source IP

D.

Within five minutes, the packet loss percentage dropped to a level where the host IP of the original rule matches the host IP of the clear condition pattern

Question 10

Which statement about EPS bursting is true?

Options:

A.

FortiSIEM will let you burst up to five times the licensed EPS once during a 24-hour period.

B.

FortiSIEM must be provisioned with ten percent the licensed EPS to handle potential event surges.

C.

FortiSIEM will let you burst up to five times the licensed EPS at any given time, provided it has accumulated enough unused EPS.

D.

FortiSIEM will let you burst up to five times the licensed EPS at any given time, regardless of unused of EPS.

Demo: 10 questions
Total 34 questions