最新的Fortinet FCSS_SOC_AN-7.4免費考試真題

問題1

How does identifying adversary behavior benefit SOC operations in terms of incident response?

A. By allowing for a quicker isolation of affected systems

B. By increasing the time it takes to respond to incidents

C. By reducing the importance of endpoint security

D. By providing data for marketing strategies

正確答案: A

問題2

Refer to the exhibits.

The Quarantine Endpoint by EMS playbook execution failed.
What can you conclude from reviewing the playbook tasks and raw logs?

A. The endpoint is quarantined, but the action status is not attached to the incident.

B. The admin user does not have the necessary rights to update incidents.

C. The local connector is incorrectly configured, which is causing JSON API errors.

D. The playbook executed in an ADOM where the incident does not exist.

正確答案: A

問題3

What is a key consideration when designing a scalable FortiAnalyzer deployment?

A. The future increase in log volume

B. The branding of the user interface

C. The color scheme of the dashboard

D. The integration with third-party tools

正確答案: A

問題4

A customer wants FortiAnalyzer to run an automation stitch that executes a CLI command on FortiGate to block a predefined list of URLs, if a botnet command-and-control (C&C) server IP is detected.
Which FortiAnalyzer feature must you use to start this automation process?

A. Playbook

B. Connector

C. Data selector

D. Event handler

正確答案: D

說明：（僅 Fast2test 成員可見）

問題5

Exhibit:

Which observation about this FortiAnalyzer Fabric deployment architecture is true?

A. The APAC SOC team has access to FortiView and other reporting functions.

B. The AMER HQ SOC team cannot run automation playbooks from the Fabric supervisor.

C. The EMEA SOC team has access to historical logs only.

D. The AMER HQ SOC team must configure high availability (HA) for the supervisor node.

正確答案: B

說明：（僅 Fast2test 成員可見）

問題6

You are managing 10 FortiAnalyzer devices in a FortiAnalyzer Fabric. In this scenario, what is a benefit of configuring a Fabric group?

A. You can filter log search results based on the group.

B. You can configure separate logging rates per group.

C. You can apply separate data storage policies per group.

D. You can aggregate and compress logging data for the devices in the group.

正確答案: A

問題7

Which connector on FortiAnalyzer is responsible for looking up indicators to get threat intelligence?

A. The FortiClient EMS connector

B. The FortiOS connector

C. The local connector

D. The FortiGuard connector

正確答案: D

問題8

Refer to the Exhibit:

An analyst wants to create an incident and generate a report whenever FortiAnalyzer generates a malicious attachment event based on FortiSandbox analysis. The endpoint hosts are protected by FortiClient EMS integrated with FortiSandbox. All devices are logging to FortiAnalyzer.
Which connector must the analyst use in this playbook?

A. Local connector

B. FortiClient EMS connector

C. FortiMail connector

D. FortiSandbox connector

正確答案: D

說明：（僅 Fast2test 成員可見）

問題9

When configuring a FortiAnalyzer to act as a collector device, which two steps must you perform? (Choose two.)

A. Configure log forwarding to a FortiAnalyzer in analyzer mode.

B. Configure the data policy to focus on archiving.

C. Enable log compression.

D. Configure Fabric authorization on the connecting interface.

正確答案: A,D

說明：（僅 Fast2test 成員可見）

最新的Fortinet FCSS - Security Operations 7.4 Analyst - FCSS_SOC_AN-7.4免費考試真題

聯系我們

站內鏈接

最新更新