Fortinet NSE7_ADA-6.3 - NSE 7 - Advanced Analytics 6.3 Exam
Page: 1 / 7
Total 33 questions
Question #1 (Topic: Exam A)
How can you invoke an integration policy on FortiSIEM rules?
A. Through Notification Policy settings
B. Through Incident Notification settings
C. Through remediation scripts
D. Through External Authentication settings
Answer: A
Question #2 (Topic: Exam A)
How do customers connect to a shared multi-tenant instance on FortiSOAR?
A. The MSSP must provide secure network connectivity between the FortiSOAR manager node and the customer devices.
B. The MSSP must install a Secure Message Exchange node to connect to the customer's shared multi-tenant instance.
C. The customer must install a tenant node to connect to the MSSP shared multi-tenant instance.
D. The MSSP must install an agent node on the customer's network to connect to the customer's shared multi-tenant instance.
Answer: A
Question #3 (Topic: Exam A)
In the event of a WAN link failure between the collector and the supervisor, by default, what is the maximum number of event files stored on the collector?
A. 30,000
B. 10,000
C. 40,000
D. 20,000
Answer: B
Question #4 (Topic: Exam A)
What is the disadvantage of automatic remediation?
A. It can make a disruptive change to a user, block access to an application, or disconnect critical systems from the network.
B. It is equivalent to running an IPS in monitor-only mode — watches but does not block.
C. External threats or attacks detected by FortiSIEM will need user interaction to take action on an already overworked SOC team.
D. Threat behaviors occurring during the night could take hours to respond to.
Answer: A
Question #5 (Topic: Exam A)
What are the modes of Data Ingestion on FortiSOAR? (Choose three.)
A. Rule based
B. Notification based
C. App Push
D. Policy based
E. Schedule based
Answer: BCE
