Question No. 1

How can you invoke an integration policy on FortiSIEM rules?

AThrough Notification Policy settings

BThrough Incident Notification settings

CThrough remediation scripts

DThrough External Authentication settings

Show Answer

Correct Answer: A

You can invoke an integration policy on FortiSIEM rules by configuring the Notification Policy settings. You can select an integration policy from the drop-down list and specify the conditions for triggering it. For example, you can invoke an integration policy when an incident is created, updated, or closed. Reference:Fortinet NSE 7 - Advanced Analytics 6.3 Exam Description, page 9

Question No. 2

How do customers connect to a shared multi-tenant instance on FortiSOAR?

AThe MSSP must provide secure network connectivity between the FortiSOAR manager node and the customer devices.

BThe MSSP must install a Secure Message Exchange node to connect to the customer's shared multi-tenant instance.

CThe customer must install a tenant node to connect to the MSSP shared multi-tenant instance.

DThe MSSP must install an agent node on the customer's network to connect to the customer's shared multi-tenant instance.

Show Answer

Correct Answer: D

To connect to a shared multi-tenant instance on FortiSOAR, the MSSP must install an agent node on the customer's network. The agent node acts as a proxy between the customer's devices and the FortiSOAR manager node. The agent node also performs data collection, enrichment, and normalization for the customer's data sources. Reference:Fortinet NSE 7 - Advanced Analytics 6.3 Exam Description, page 11

Question No. 3

In the event of a WAN link failure between the collector and the supervisor, by default, what is the maximum number of event files stored on the collector?

A30.000

B10.000

C40.000

D20.000

Show Answer

Correct Answer: B

By default, the maximum number of event files stored on the collector in the event of a WAN link failure between the collector and the supervisor is 10.000. This value can be changed in the collector.properties file by modifying the parameter max_event_files_to_store. Reference:Fortinet NSE 7 - Advanced Analytics 6.3 Exam Description, page 13

Question No. 4

What is the disadvantage of automatic remediation?

AIt can make a disruptive change to a user, block access to an application, or disconnect critical systems from the network.

BIt is equivalent to running an IPS in monitor-only mode --- watches but does not block.

CExternal threats or attacks detected by FortiSIEM will need user interaction to take action on an already overworked SOC team.

DThreat behaviors occurring during the night could take hours to respond to.

Show Answer

Correct Answer: A

The disadvantage of automatic remediation is that it can make a disruptive change to a user, block access to an application, or disconnect critical systems from the network. Automatic remediation can have unintended consequences if not carefully planned and tested. Therefore, it is recommended to use manual or semi-automatic remediation for sensitive or critical systems. Reference:Fortinet NSE 7 - Advanced Analytics 6.3 Exam Description, page 15

Question No. 5

What are the modes of Data Ingestion on FortiSOAR? (Choose three.)

ARule based

BNotification based

CApp Push

DPolicy based

ESchedule based

Show Answer

Correct Answer: B, C, E

The modes of Data Ingestion on FortiSOAR are notification based, app push, and schedule based. Notification based mode allows FortiSOAR to receive data from external sources via webhooks or email notifications. App push mode allows FortiSOAR to receive data from external sources via API calls or scripts. Schedule based mode allows FortiSOAR to pull data from external sources at regular intervals using connectors. Reference:Fortinet NSE 7 - Advanced Analytics 6.3 Exam Description, page 17

Free Fortinet NSE7_ADA-6.3 Exam Actual Questions

The questions for NSE7_ADA-6.3 were last updated On May 5, 2024