FCSS_SOC_AN-7.4試験無料問題集（90題）「Fortinet FCSS - Security Operations 7.4 Analyst 認定」

出題：1

Which component of the Fortinet SOC solution is primarily responsible for automated threat detection and response?

A. FortiAnalyzer

B. FortiManager

C. FortiSIEM

D. FortiGate

正解：C 解答を投票する

出題：2

Refer to the exhibits.

The DOS attack playbook is configured to create an incident when an event handler generates a denial-of-ser/ice (DoS) attack event.
Why did the DOS attack playbook fail to execute?

A. The Get Events task is configured to execute in the incorrect order.

B. The Attach_Data_To_lncident task is expecting an integer value but is receiving the incorrect datatype.

C. The Attach_Data_To_lncident task failed.

D. The Create SMTP Enumeration incident task is expecting an integer value but is receiving the incorrect data type

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

In managing connectors within a SOC, what is a key benefit of ensuring proper integration?

A. It ensures seamless data exchange and process automation

B. It reduces the need for cybersecurity training

C. It simplifies the legal compliance of the SOC

D. It enhances the aesthetic appeal of the SOC

正解：A 解答を投票する

出題：4

Which three end user logs does FortiAnalyzer use to identify possible IOC compromised hosts? (Choose three.)

A. IPS logs

B. DNS filter logs

C. Email filter logs

D. Application filter logs

E. Web filter logs

正解：A,B,E 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Refer to the exhibit.

Which two options describe how the Update Asset and Identity Database playbook is configured? (Choose two.)

A. The playbook is using an on-demand trigger.

B. The playbook is using a FortiClient EMS connector.

C. The playbook is using a local connector.

D. The playbook is using a FortiMail connector.

正解：B,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Refer to the exhibit.

You notice that the custom event handler you configured to detect SMTP reconnaissance activities is creating a large number of events. This is overwhelming your notification system.
How can you fix this?

A. Increase the trigger count so that it identifies and reduces the count triggered by a particular group.

B. Decrease the time range that the custom event handler covers during the attack.

C. Increase the log field value so that it looks for more unique field values when it creates the event.

D. Disable the custom event handler because it is not working as expected.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

What is the primary role of managing playbook templates in a SOC?

A. To ensure that entertainment is provided during breaks

B. To maintain a catalog of ready-to-deploy response strategies

C. To manage the cafeteria menu in the SOC

D. To handle the recruitment of new SOC personnel

正解：B 解答を投票する

出題：8

Refer to the exhibits.

You configured a spearphishing event handler and the associated rule. However. FortiAnalyzer did not generate an event.
When you check the FortiAnalyzer log viewer, you confirm that FortiSandbox forwarded the appropriate logs, as shown in the raw log exhibit.
What configuration must you change on FortiAnalyzer in order for FortiAnalyzer to generate an event?

A. Change trigger condition by selecting. Within a group, the log field Malware Kame (mname> has 2 or more unique values.

B. In the Log Filter by Text field, type the value: .5 ub t ype ma Iwa re..

C. In the Log Type field, change the selection to AntiVirus Log(malware).

D. Configure a FortiSandbox data selector and add it tothe event handler.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Refer to the exhibits.
Domain List:

Domain abc.com:

Which connector and action on FortiAnalyzer can you use to add the entries show in the exhibits?

A. The FortiMail connector and the get sender reputation action

B. The FortiClient EMS connector and the quarantine action

C. The Local connector and the update asset and identity action

D. The FortiMail connector and the add send to blocklist action

正解：D 解答を投票する

FCSS_SOC_AN-7.4試験無料問題集「Fortinet FCSS - Security Operations 7.4 Analyst 認定」