Fortinet FCSS_ADA_AR-6.7 Practice Exams
Last updated on Apr 01,2025- Exam Code: FCSS_ADA_AR-6.7
- Exam Name: FCSS—Advanced Analytics 6.7 Architect
- Certification Provider: Fortinet
- Latest update: Apr 01,2025
Refer to the exhibit.
The rule evaluates multiple VPN logon failures within a ten-minute window.
Consider the following VPN failure events received within a ten-minute window:
How many incidents are generated?
- A . 1
- B . 2
- C . 0
- D . 3
When integrating FortiSOAR with FortiSIEM for remediation, the primary goal is to:
- A . Reduce the need for human intervention during incidents?
- B . Create visual graphs for board meetings?
- C . Archive older incidents for record-keeping?
- D . Add new features to the FortiSIEM dashboard?
FortiSOAR is primarily used for:
- A . Storing large amounts of data?
- B . Streamlining administrative tasks like adding new users?
- C . Automating response actions to security incidents?
- D . Designing network topologies?
How can you empower SOC by deploying FortiSOAR? (Choose three.)
- A . Aggregate logs from distributed systems
- B . Collaborative knowledge sharing
- C . Baseline user and traffic behavior
- D . Reduce human error
- E . Address analyst skills gap
What is the primary purpose of remediation in FortiSIEM?
- A . To add new users to the network?
- B . To address and resolve detected security incidents?
- C . To upgrade the FortiSIEM software?
- D . To change the visual theme of the FortiSIEM interface?
What three key metrics does a UEBA agent capture? (Choose three.)
- A . Process
- B . Location
- C . Keystroke logging
- D . User
- E . Device
Which of the following can be an outcome if a FortiSIEM rule detects a suspicious login attempt?
- A . Instantly upgrading the FortiSIEM version?
- B . Sending an alert to a predefined email address?
- C . Automatically opening a support ticket with Fortinet?
- D . Changing the passwords of all users in the system?
Refer to the exhibit.
Which statement about the rule filters events shown in the exhibit is true?
- A . The rule filters events with an event type that belong to the Domain Account Locked CMDB group or a reporting IP that belong to the Domain Controller applications group.
- B . The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting |P that belong to the Domain Controller applications group.
- C . The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a user that belongs to the Domain Controller applications group.
- D . The rule filters events with an event type that equals Domain Account Locked and a reporting IP that equals Domain Controller applications.
Refer to the exhibit.
Why is the windows device still in the CMDB, even though the administrator uninstalled the windows agent?
- A . The device was not uninstalled properly
- B . The device must be deleted from backend of FortiSIEM
- C . The device has performance jobs assigned
- D . The device must be deleted manually from the CMDB
Refer to the exhibit.
The window for this rule is 30 minutes.
What is this rule tracking?
- A . A sudden 50% increase in WMI response times over a 30-minute time window
- B . A sudden 1.50 times increase in WMI response times over a 30-minute time window
- C . A sudden 75% increase in WMI response times over a 30-minute time window
- D . A sudden 150% increase in WMI response times over a 30-minute time window