Page: 1
/ 6
Total 27 questions
According to the National Institute of Standards and Technology (NIST) cybersecurity framework, incident handling activities can be divided into phases.
In which incident handling phase do you quarantine a compromised host in order to prevent an adversary from using it as a stepping stone to the next phase of an attack?
- A. Containment
- B. Recovery
- C. Analysis
- D. Eradication
Answer : A
Refer to the exhibit.
You are tasked with reviewing a new FortiAnalyzer deployment in a network with multiple registered logging devices. There is only one FortiAnalyzer in the topology.
Which potential problem do you observe?
- A. The archive retention period is too long.
- B. The analytics-to-archive ratio is misconfigured.
- C. The disk space allocated is insufficient.
- D. The analytics retention period is too long.
Answer : B
While monitoring your network, you discover that one FortiGate device is sending significantly more logs to FortiAnalyzer than all of the other FortiGate devices in the topology.
Additionally, the ADOM that the FortiGate devices are registered to consistently exceeds its quota.
What are two possible solutions? (Choose two.)
- A. Reconfigure the first FortiGate device to reduce the number of logs it forwards to FortiAnalyzer.
- B. Increase the storage space quota for the first FortiGate device.
- C. Configure data selectors to filter the data sent by the first FortiGate device.
- D. Create a separate ADOM for the first FortiGate device and configure a different set of storage policies.
Answer : AD
Which role does a threat hunter play within a SOC?
- A. Investigate and respond to a reported security incident
- B. Monitor network logs to identify anomalous behavior
- C. Collect evidence and determine the impact of a suspected attack
- D. Search for hidden threats inside a network which may have eluded detection
Answer : D
Which two statements about the FortiAnalyzer Fabric topology are true? (Choose two.)
- A. The supervisor uses an API to store logs, incidents, and events locally.
- B. Downstream collectors can forward logs to Fabric members.
- C. Logging devices must be registered to the supervisor.
- D. Fabric members must be in analyzer mode.
Answer : AD
31 days access 