FCSS_ADA_AR-6.7 Exam Questions

A service provider purchases a licensed EPS of 520. The guaranteed EPS allocated to three customers is 50, 100, and 150 respectively. At the end of every three-minute interval, inc...

Which statement accurately contrasts lookup tables with watchlists?

Refer to the exhibit. How long has the UEBA agent been operationally down?

How can you empower SOC by deploying FortiSOAR? (Choose three.)

Refer to the exhibit. This is an example of a baseline profile that is configured in the backend of FortiSIEM. Which two Group By attributes are configured for this profile? (Choos...

Refer to the exhibit. Which scenario is not a supported nested query scenario?

When you perform a Group By on a structured query, which two outcomes occur? (Choose two.)

Refer to the exhibit. Within what time window is the incident auto cleared?

Refer to the exhibit. Which statement about the rule filters events shown in the exhibit is true?

Refer to the exhibit. Why was this incident auto cleared?

Refer to the exhibit. Which devices will be added to the CMDB and mapped to Customer E?

Refer to the exhibit. An administrator applies the rule exception shown in the exhibit. How does this configuration impact the incident generation for that rule?

Which two statements about phRuleWorker are true? (Choose two.)

Refer to the exhibit. Which three fields from the organization destination are required while registering a collector? (Choose three.)

FortiSIEM provides all rules with the ability to automatically change an active incident status to auto- cleared, based on an extra set of defined criteria. Why would you configure...

For what type of data values does the rule engine query the profile database?

Which organization do agents belong to after registration? (Choose two.)

What is the hourly bucket used in baselining?

What are two functions of numpoints in a rule and profile database? (Choose two.)

Refer to the exhibit. Consider the five account locked events received by FortiSIEM from domain controllers within the last 10 minutes (ten minutes is the evaluation window for the...

How do customers connect to a shared multi-tenant instance on FortiSOAR?

How can you customize the AI model on FortiSIEM?

Refer to the exhibit. Which deployment type is shown in the exhibit?

Refer to the exhibit. What are three possible reasons why the Agent Status displays Running Inactive? (Choose three.)

What happens to events that the collector receives when there is a WAN link failure between the collector and the supervisor?

Refer to the exhibit. The collector is registered and has pulled the license file from the supervisor. What are the consequences of removing the license file?

What are the modes of Data Ingestion on FortiSOAR? (Choose three.)

Why do collectors communicate with the Supervisor after registration? (Choose two.)

A service provider purchased a 500-EPS license and configured a new collector with 100 EPS for customer A, and another collector with 200 EPS for customer B. How much is in the rem...

Refer to the exhibit. A service provider does not have a dedicated worker in the cluster, but still wants to add a collector to an organization. What option does the administrator...

In a customer network that includes a collector, which device performs device discoveries?

Refer to the exhibit. Why is the windows device still in the CMDB, even though the administrator uninstalled the windows agent?

Refer to the exhibit. An administrator deploys a new collector for the first time, and notices that all the processes expect the phMonitor are down. How can the administrator bring...

Which syntax will register a collector to the supervisor?

How can you invoke an integration policy on FortiSIEM rules?

Why can collectors not be defined before the worker upload address is set on the supervisor?

Refer to the exhibit. The profile database contains CPU utilization values from day one. At midnight on the second day, the CPU utilization values from the daily database will be m...

Which lookup table function can be either true or false?

Refer to the exhibit. The window for this rule is 30 minutes. What is this rule tracking?

Refer to the exhibit. The rule evaluates multiple VPN logon failures within a ten-minute window. Consider the following VPN failure events received within a ten-minute window: How...

Which statement about EPS bursting is true?

Refer to the exhibit. Which workers are assigned tasks for the query ID 13127? (Choose two.)

What happens to UEBA events when a user is off-net?

What is the disadvantage of automatic remediation?

From where does the rule engine load the baseline data values?

In the event of a WAN link failure between the collector and the supervisor, by default, what is the maximum number of event files stored on the collector?

Refer to the exhibit. The exhibit shows the output of an SQL command that an administrator ran to view the natural_id value, after logging into the Postgres database. What does the...

Which three statements about collector communication with the FortiSIEM cluster are true? (Choose three.)

Which two statements about the maximum device limit on FortiSIEM are true? (Choose two.)

Refer to the exhibit. Consider a nested event query where both inner and outer queries are event queries. Reporting IP is selected from the CMDB group Network Device, Event Type is...