Fortinet NSE6_FSM_AN-7.4 - Fortinet NSE 6 - FortiSIEM 7.4 Analyst Exam
Page: 2 / 8
Total 37 questions
Question #6 (Topic: Exam A)
Refer to the exhibit.
The configuration for a machine learning (ML) dataset using anomaly detection is shown.
If data for this model is generated every hour, how long must the FortiSIEM device be up before it can produce a valid training set?
The configuration for a machine learning (ML) dataset using anomaly detection is shown.
If data for this model is generated every hour, how long must the FortiSIEM device be up before it can produce a valid training set?
A. 3 hours
B. 10 hours
C. 24 hours
D. 30 hours
Answer: B
Question #7 (Topic: Exam A)
Several new internal servers are generating incidents and must be excluded from several FortiSIEM rules.
How must you tune rules to exclude several undiscovered devices from rules?
How must you tune rules to exclude several undiscovered devices from rules?
A. Add the devices to a rule exclusion automation policy.
B. Add their associated discovery credentials.
C. Add them to the global exclusion list.
D. Add them to a device group that is being filtered by the rules.
Answer: D
Question #8 (Topic: Exam A)
You want FortiSIEM to automatically add three zero trust network access (ZTNA) tags to a device when that device triggers a custom rule. You want FortiSIEM to push these ZTNA tags to multiple FortiClient EMS servers in the organization.
How can you accomplish this?
How can you accomplish this?
A. Create a syslog connection from the FortiClient EMS servers to retrieve ZTNA tag information from FortiSIEM.
B. Create multiple playbooks, one for each FortiClient EMS server, each with a connector for a ZTNA tag.
C. Create a single playbook with multiple connectors, one for each FortiClient EMS.
D. Create multiple automation policies, each one pushing a tag to a different FortiClient EMS server.
Answer: C
Question #9 (Topic: Exam A)
Rules on FortiSIEM are usually processed as events are collected (streaming).
How can you create a rule to evaluate events over an 8-hour period?
How can you create a rule to evaluate events over an 8-hour period?
A. Configure a report to run the analytical query and run the report every 8 hours.
B. Configure a crontab process on the FortiSIEM supervisor.
C. Configure a 28,000-second time window under the Define Conditions tab.
D. Set the Evaluation Mode to Scheduled under the General tab.
Answer: D
Question #10 (Topic: Exam A)
Which two types of information can FortiSIEM retrieve from FortiClient EMS through an external connection? (Choose two.)
A. Device login credentials
B. Vulnerability scan events
C. Devices with FortiSIEM agents
D. Zero trust network access (ZTNA) tags
Answer: BD
