ERASED TEST, YOU MAY BE INTERESTED ON NOVOESSASEMANA
COMMENTS |
STATISTICS |
RECORDS
|
|---|
TAKE THE TEST
|
Title of test:
NOVOESSASEMANA Description: NOVO DEMAIS Author:
Creation Date: 31/03/2025 Category: Others Number of questions: 32 |
Share the Test:
New Comment
No comments about this test.
Content:
|
Which two options describe how the Update Asset and Identity Database playbook is configured? (Choose two.) The playbook is using a local connector. The playbook is using a FortiMail connector. The playbook is using an on-demand trigger. The playbook is using a FortiClient EMS connector. Which FortiAnalyzer connector can you use to run automation stitches9 FortiCASB FortiMail Local FortiOS. Which two playbook triggers enable the use of trigger events in later tasks as trigger variables? (Choose two.) EVENT INCIDENT ON SCHEDULE ON DEMAND. Which FortiAnalyzer feature uses the SIEM database for advance log analytics and monitoring? Outbreak alerts Event monitor Asset Identity Center Threat hunting . When configuring a FortiAnalyzer to act as a collector device, which two steps must you perform?(Choose two.) Enable log compression. Configure log forwarding to a FortiAnalyzer in analyzer mode. Configure the data policy to focus on archiving. Configure Fabric authorization on the connecting interface. You are tasked with reviewing a new FortiAnalyzer deployment in a network with multiple registered logging devices. There is only one FortiAnalyzer in the topology. Which potential problem do you observe? The disk space allocated is insufficient. The analytics-to-archive ratio is misconfigured. The analytics retention period is too long. The archive retention period is too long. The Malicious File Detect playbook is configured to create an incident when an event handler generates a malicious file detection event. Why did the Malicious File Detect playbook execution fail? The Create Incident task was expecting a name or number as input, but received an incorrect data format. The Get Events task did not retrieve any event data. The Attach_Data_To_lncident incident task wasexpecting an integer, but received an incorrect data format. The Attach Data To Incident task failed, which stopped the playbook execution. Which statement best describes the MITRE ATT&CK framework? It provides a high-level description of common adversary activities, but lacks technical details It covers tactics, techniques, and procedures, but does not provide information about mitigations. It describes attack vectors targeting network devices and servers, but not user endpoints. It contains some techniques or subtechniques that fall under more than one tactic. You notice that the custom event handler you configured to detect SMTP reconnaissance activities is creating a large number of events. This is overwhelming your notification system. How can you fix this? Increase the trigger count so that it identifies and reduces the count triggered by a particular group. Disable the custom event handler because it is not working as expected. Decrease the time range that the custom event handler covers during the attack. Increase the log field value so that it looks for more unique field values when it creates the event. While monitoring your network, you discover that one FortiGate device is sending significantly more logs to FortiAnalyzer than all of the other FortiGate devices in the topology. Additionally, the ADOM that the FortiGate devices are registered to consistently exceeds its quota. What are two possible solutions? (Choose two.) Increase the storage space quota for the first FortiGate device. Create a separate ADOM for the first FortiGate device and configure a different set of storage policies Reconfigure the first FortiGate device to reduce the number of logs it forwards to FortiAnalyzer Configure data selectors to filter the data sent by the first FortiGate device. According to the National Institute of Standards and Technology (NIST) cybersecurity framework, incident handling activities can be divided into phases. In which incident handling phase do you quarantine a compromised host in order to prevent an adversary from using it as a stepping stone to the next phase of an attack? Containment Analysis Eradication Recovery. A SOC analyst is designing a playbook to filter for a high severity event and attach the event information to an incident. Which local connector action must the analyst use in this scenario? Get Events Update Incident Update Asset and Identity Attach Data to Incident. The FortiMail Sender Blocklist playbook is configured to take manual input and add those entries to the FortiMail abc. com domain-level block list. The playbook is configured to use a FortiMail connector and the ADD_SENDER_TO_BLOCKLIST action. Why is the FortiMail Sender Blocklist playbook execution failing7 You must use the GET_EMAIL_STATISTICS action first to gather information about email messages FortiMail is expecting a fully qualified domain name (FQDN). The client-side browser does not trust the FortiAnalzyer self-signed certificate. The connector credentials are incorrect. You configured a spearphishing event handler and the associated rule. However. FortiAnalyzer did not generate an event. When you check the FortiAnalyzer log viewer, you confirm that FortiSandbox forwarded the appropriate logs, as shown in the raw log exhibit. What configuration must you change on FortiAnalyzer in order for FortiAnalyzer to generate an event? In the Log Type field, changethe selection toAntiVirus Log(malware). Configure a FortiSandbox data selector and add it tothe event handler. In the Log Filter by Text field, type the value:.5 ub t ype ma Iwa re.. Change trigger condition by selecting. Within a group, the log field Malware Kame (mname> has 2 or more unique values. Which statement describes automation stitch integration between FortiGate and FortiAnalyzer? An event handler on FortiAnalyzer executes an automation stitch when an event is created. An automation stitch is configured on FortiAnalyzer and mapped to FortiGate using the FortiOS connector. An event handler on FortiAnalyzer is configured to send a notification to FortiGate to trigger an automation stitch. A security profile on FortiGate triggers a violation and FortiGate sends a webhook call to FortiAnalyzer. Which two types of variables can you use in playbook tasks? (Choose two.) input Output Create Trigger. Assume that all devices in the FortiAnalyzer Fabric are shown in the image. Which two statements about the FortiAnalyzer Fabric deployment are true? (Choose two.) FortiGate-B1 and FortiGate-B2 are in a Security Fabric. There is no collector in the topology. All FortiGate devices are directly registered to the supervisor. FAZ-SiteA has two ADOMs enabled. Which role does a threat hunter play within a SOC? investigate and respond to a reported security incident Collect evidence and determine the impact of a suspected attack Search for hidden threats inside a network which may have eluded detection Monitor network logs to identify anomalous behavior. When does FortiAnalyzer generate an event? When a log matches a filter in a data selector When a log matches an action in a connector When a log matches a rule in an event handler When a log matches a task in a playbook. What can you conclude from analyzing the data using the threat hunting module? Spearphishing is being used to elicit sensitive information. DNS tunneling is being used to extract confidential data from the local network. Reconnaissance is being used to gather victim identityinformation from the mail server FTP is being used as command-and-control (C&C) technique to mine for data. Which observation about this FortiAnalyzer Fabric deployment architecture is true? The AMER HQ SOC team cannot run automation playbooks from the Fabric supervisor. The AMER HQ SOC team must configure high availability (HA) for the supervisor node. The EMEA SOC team has access to historical logs only. The APAC SOC team has access to FortiView and other reporting functions. An analyst wants to create an incident and generate a report whenever FortiAnalyzer generates a malicious attachment event based on FortiSandbox analysis. The endpoint hosts are protected by FortiClient EMS integrated with FortiSandbox. All devices are logging to FortiAnalyzer. Which connector must the analyst use in this playbook? FortiSandbox connector FortiClient EMS connector FortiMail connector Local connector. which shows the partial output of the MITRE ATT&CK Enterprise matrix on FortiAnalyzer. Which two statements are true? (Choose two.) There are four techniques that fall under tactic T1071. There are four subtechniques that fall under technique T1071. There are event handlers that cover tactic T1071. There are 15 events associated with the tactic. Which three end user logs does FortiAnalyzer use to identify possible IOC compromised hosts? (Choose three.) Email filter logs DNS filter logs Application filter logs IPS logs Web filter logs. Your company is doing a security audit To pass the audit, you must take an inventory of all software and applications running on all Windows devices Which FortiAnalyzer connector must you use? FortiClient EMS ServiceNow FortiCASB Local Host. Which two ways can you create an incident on FortiAnalyzer? (Choose two.) Using a connector action Manually, on the Event Monitor page By running a playbook Using a custom event handler. A SOC analyst is creating the Malicious File Detected playbook to run when FortiAnalyzer generates a malicious file event. The playbook must also update the incident with the malicious file event data. What must the next task in this playbook be? A local connector with the action Update Asset and Identity A local connector with the action Attach Data to Incident A local connector with the action Run Report A local connector with the action Update Incident. Review the following incident report: Attackers leveraged a phishing email campaign targeting your employees. The email likely impersonated a trusted source, such as the IT department, and requested login credentials. An unsuspecting employee clicked a malicious link in the email, leading to the download and execution of a Remote Access Trojan (RAT). The RAT provided the attackers with remote access and a foothold in the compromised system. Which two MITRE ATT&CK tactics does this incident report capture? (Choose two.) Initial Access Defense Evasion Lateral Movement Persistence. The DOS attack playbook is configured to create an incident when an event handler generates a denial-of-ser/ice (DoS) attack event. Why did the DOS attack playbook fail to execute? The Create SMTP Enumeration incident task is expecting an integer value but is receiving the incorrect data type The Get Events task is configured to execute in the incorrect order. The Attach_Data_To_lncident task failed. The Attach_Data_To_lncident task is expecting an integer value but is receiving the incorrect data type. A customer wants FortiAnalyzer to run an automation stitch that executes a CLI command on FortiGate to block a predefined list of URLs, if a botnet command-and-control (C&C) server IP is detected. Which FortiAnalyzer feature must you use to start this automation process? Playbook Data selector Event handler Connector. Which two statements about the FortiAnalyzer Fabric topology are true? (Choose two.) Downstream collectors can forward logs to Fabric members. Logging devices must be registered to the supervisor. The supervisor uses an API to store logs, incidents, and events locally. Fabric members must be in analyzer mode. You configured a custom event handler and an associated rule to generate events whenever FortiMail detects spam emails. However, you notice that the event handler is generating events for both spam emails and clean emails. Which change must you make in the rule so that it detects only spam emails? In the Log Type field, select Anti-Spam Log (spam) In the Log filter by Text field, type type==spam. Disable the rule to use the filter in the data selector to create the event. In the Trigger an event when field, select Within a group, the log field Spam Name (snane) has 2 or more unique values. |
Report abuse