New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Fortinet > Fortinet Certification > NSE7_ADA-6.3

NSE7_ADA-6.3 Fortinet NSE 7 - Advanced Analytics 6.3 Question and Answers

Question # 4

Refer to the exhibit.

An administrator wants to remediate the incident from FortiSIEM shown in the exhibit.

What option is available to the administrator?

A.

Quarantine IP FortiClient

B.

Run the block MAC FortiOS.

C.

Run the block IP FortiOS 5.4

D.

Run the block domain Windows DNS

Full Access
Question # 5

Refer to the exhibit.

Why is the windows device still in the CMDB, even though the administrator uninstalled the windows agent?

A.

The device was not uninstalled properly

B.

The device must be deleted from backend of FortiSIEM

C.

The device has performance jobs assigned

D.

The device must be deleted manually from the CMDB

Full Access
Question # 6

Which three statements about phRuleMaster are true? (Choose three.)

A.

phRuleMaster queues up the data being received from the phRuleWorkers into buckets.

B.

phRuleMaster is present on the supervisor and workers.

C.

phRuleMaster is present on the supervisor only

D.

phRuleMaster wakes up to evaluate all the rule data in series, every 30 seconds.

E.

phRuleMaster wakes up to evaluate all the rule data in parallel, even/ 30 seconds

Full Access
Question # 7

Refer to the exhibit.

An administrator runs an analytic search for all FortiGate SSL VPN logon failures. The results are grouped by source IP, reporting IP, and user. The administrator wants to restrict the results to only those rows where the COUNT >= 3.

Which user would meet that condition?

A.

Sarah

B.

Jan

C.

Tom

D.

Admin

Full Access
Question # 8

Which three statements about collector communication with the FortiSIEM cluster are true? (Choose three.)

A.

The only communication between the collector and the supervisor is during the registration process.

B.

Collectors communicate periodically with the supervisor node.

C.

The supervisor periodically checks the health of the collector.

D.

The supervisor does not initiate any connections to the collector node.

E.

Collectors upload event data to any node in the worker upload list, but report their health directly to the supervisor node.

Full Access
Question # 9

Identify the processes associated with Machine Learning/Al on FortiSIEM. (Choose two.)

A.

phFortiInsightAI

B.

phReportMaster

C.

phRuleMaster

D.

phAnomaly

E.

phRuleWorker

Full Access
Question # 10

How can you invoke an integration policy on FortiSIEM rules?

A.

Through Notification Policy settings

B.

Through Incident Notification settings

C.

Through remediation scripts

D.

Through External Authentication settings

Full Access