Page: 1
/ 3
Total 34 questions
Refer to the exhibit. Click on the calculator button.
The profile database contains CPU utilization values from day one. At midnight on the second day, the CPU utilization values from the daily database will be merged with the profile database.
In the profile database, in the Hour of Day column where 9 is the value, what will be the updated minimum, maximum, and average CPU utilization values?
- A. Min CPU Util=32.31, Max CPU Util=33.50 and AVG CPU Util=33.50
- B. Min CPU Util=32.31, Max CPU Util=33.50 and AVG CPU Util=32.67
- C. Min CPU Util=32.31, Max CPU Util=32.31 and AVG CPU Util=32.31
- D. Min CPU Util=33.50, Max CPU Util=33.50 and AVG CPU Util=33.50
Answer : A
Refer to the exhibit.
An administrator deploys a new collector for the first time, and notices that all the processes except the phMonitor are down.
How can the administrator bring the processes up?
- A. The administrator needs to run the command phtools --start all on the collector.
- B. Rebooting the collector will bring up the processes.
- C. The processes will come up after the collector is registered to the supervisor.
- D. The collector was not deployed properly and must be redeployed.
Answer : A
Which two statements about the maximum device limit on FortiSIEM are true? (Choose two.)
- A. The device limit is defined per customer and every customer is assigned a fixed number of device limit by the service provider.
- B. The device limit is only applicable to enterprise edition.
- C. The device limit is based on the license type that was purchased from Fortinet.
- D. The device limit is defined for the whole system and is shared by every customer on a service provider edition.
Answer : CD
Identify the processes associated with Machine Learning/Al on FortiSIEM. (Choose two.)
- A. phFortiInsightAI
- B. phReportMaster
- C. phRuleMaster
- D. phAnomaly
- E. phRuleWorker
Answer : AD
Which three statements about phRuleMaster are true? (Choose three.)
- A. phRuleMaster queues up the data being received from the phRuleWorkers into buckets.
- B. phRuleMaster is present on the supervisor and workers.
- C. phRuleMaster is present on the supervisor only.
- D. phRuleMaster wakes up to evaluate all the rule data in series, every 30 seconds.
- E. phRuleMaster wakes up to evaluate all the rule data in parallel, every 30 seconds.
Answer : ABD
Refer to the exhibit.
The service provider deployed FortiSIEM without a collector and added three customers on the supervisor.
What mistake did the administrator make?
- A. Customer A and customer B have overlapping IP addresses.
- B. Collectors must be deployed on all customer premises before they are added to organizations on the supervisor.
- C. The number of workers on the FortiSIEM cluster must match the number of customers added.
- D. At least one collector must be deployed to collect logs from service provider infrastructure devices.
Answer : B
Refer to the exhibit.
Why was this incident auto cleared?
- A. Within five minutes the packet loss percentage dropped to a level where the reporting IP is the same as the host IP
- B. The original rule did not trigger within five minutes
- C. Within five minutes, the packet loss percentage dropped to a level where the reporting IP is same as the source IP
- D. Within five minutes, the packet loss percentage dropped to a level where the host IP of the original rule matches the host IP of the clear condition pattern
Answer : D
From where does the rule engine load the baseline data values?
- A. The profile report
- B. The daily database
- C. The profile database
- D. The memory
Answer : C
Refer to the exhibit.
Which statement about the rule filters events shown in the exhibit is true?
- A. The rule filters events with an event type that belong to the Domain Account Locked CMDB group or a reporting IP that belong to the Domain Controller applications group.
-
B. The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting |P that belong to the Domain Controller applications group.
C.The rule filters events with an event type that belong to the Domain Account Locked CMDB group and a user that belongs to the Domain Controller applications group. - D. The rule filters events with an event type that equals Domain Account Locked and a reporting IP that equals Domain Controller applications.
Answer : B
Refer to the exhibit.
Why is the windows device still in the CMDB, even though the administrator uninstalled the windows agent?
- A. The device was not uninstalled properly
- B. The device must be deleted from backend of FortiSIEM
- C. The device has performance jobs assigned
- D. The device must be deleted manually from the CMDB
Answer : B
Which syntax will register a collector to the supervisor?
- A. phProvisionCollector --add
- B. phProvisionCollector --add
- C. phProvisionCollector --add
- D. phProvisionCollector --add
Answer : A
What is Tactic in the MITRE ATT&CK framework?
- A. Tactic is how an attacker plans to execute the attack
- B. Tactic is what an attacker hopes to achieve
- C. Tactic is the tool that the attacker uses to compromise a system
- D. Tactic is a specific implementation of the technique
Answer : D
Refer to the exhibit.
If the Z-score for this rule is greater than or equal to three, what does this mean?
- A. The rate of firewall connection is optimum.
- B. The rate of firewall connection is above the historical average value.
- C. The rate of firewall connection is above the current average value.
- D. The rate of firewall connection is below historical average value.
Answer : B
Why can collectors not be defined before the worker upload address is set on the supervisor?
- A. Collectors can only upload data to a worker, and the supervisor is not a worker
- B. To ensure that the service provider has deployed at least one worker along with a supervisor
- C. Collectors receive the worker upload address during the registration process
- D. To ensure that the service provider has deployed a NFS server
Answer : C
Which three statements about collector communication with the FortiSIEM cluster are true? (Choose three.)
- A. The only communication between the collector and the supervisor is during the registration process.
- B. Collectors communicate periodically with the supervisor node.
- C. The supervisor periodically checks the health of the collector.
- D. The supervisor does not initiate any connections to the collector node.
- E. Collectors upload event data to any node in the worker upload list, but report their health directly to the supervisor node.
Answer : BCE
30 days access 