最新的Fortinet NSE 7 - Security Operations 7.6 Architect - NSE7_SOC_AR-7.6免費考試真題
問題1
What are three capabilities of the built-in FortiSOAR Jinja editor? (Choose three answers)
正確答案: B,D,E
說明:(僅 VCESoft 成員可見)
問題2
Match the FortiSIEM device type to its description. Select each FortiSIEM device type in the left column, hold and drag it to the blank space next to its corresponding description in the column on the right.
正確答案:
* Collector2.Worker3.Supervisor4.Agent
* The FortiSIEM 7.3 architecture is built upon a distributed multi-tenant model consisting of several distinct functional roles to ensure scalability and performance:
* Supervisor:This is the primary management node in a FortiSIEM cluster. It hosts the Graphical User Interface (GUI), the Configuration Management Database (CMDB), and manages the overall system configurations, reporting, and dashboarding.
* Worker:These nodes are responsible for the heavy lifting of data processing. They execute real- time event correlation against the rules engine, perform historical search queries, and handle the analytics workload to ensure the Supervisor node is not overwhelmed.
* Collector:Collectors are typically deployed at remote sites or different network segments to offload log collection from the central cluster. They receive logs via Syslog, SNMP, or WMI, compress the data, and securely forward it to the Workers or Supervisor. They also perform performance monitoring of local devices.
* Agent:These are lightweight software components installed directly on endpoints (Windows
/Linux). Their primary role is to collect local endpoint logs, monitor file integrity (system changes), and track user activity that cannot be captured via traditional network-based logging.
問題3
Refer to the exhibit.
You are trying to find traffic flows to destinations that are in Europe or Asia, for hosts in the local LAN segment. However, the query returns no results. Assume these logs exist on FortiSIEM.
Which three mistakes can you see in the query shown in the exhibit? (Choose three answers)
You are trying to find traffic flows to destinations that are in Europe or Asia, for hosts in the local LAN segment. However, the query returns no results. Assume these logs exist on FortiSIEM.
Which three mistakes can you see in the query shown in the exhibit? (Choose three answers)
正確答案: A,C,E
說明:(僅 VCESoft 成員可見)
問題4
Refer to the exhibit.
You notice that the custom event handler you configured to detect SMTP reconnaissance activities is creating a large number of events. This is overwhelming your notification system.
How can you fix this?
You notice that the custom event handler you configured to detect SMTP reconnaissance activities is creating a large number of events. This is overwhelming your notification system.
How can you fix this?
正確答案: A
說明:(僅 VCESoft 成員可見)
問題5
Refer to the exhibits.
What can you conclude from analyzing the data using the threat hunting module?
What can you conclude from analyzing the data using the threat hunting module?
正確答案: C
說明:(僅 VCESoft 成員可見)
問題6
Which two best practices should be followed when exporting playbooks in FortiAnalyzer? (Choose two answers)
正確答案: A,C
說明:(僅 VCESoft 成員可見)
