Fortinet FCSS_ADA_AR-6.7 Exam Practice Test Instant Access

Question 1

Refer to the exhibit.

Which workers are assigned tasks for the query ID 13127? (Choose two.)

AWorker1 has no tasks for query ID 13127*.

BWorker1 has one task for query ID 13127*.

CWorker2 has two tasks for query ID 13127*.

DWorker3 has four tasks for query ID 13127*.

EWorker3 has two tasks for query ID 13127*.

Answer : A, E

The exhibit shows the directory listings for three different workers (worker1, worker2, and worker3) under the /querywkr/active/13127* path, which indicates active query tasks assigned to each worker.

1. Worker1 (worker1)

2. Worker2 (worker2)

3. Worker3 (worker3)

Question 2

Refer to the exhibit.

What are three possible reasons why the Agent Status displays Running Inactive? (Choose three.)

AThe agent was registered incorrectly

BThe collector was not assigned to the agent

CThe agent is temporarily down

DThe template was not assigned

EThe template was removed

Answer : A, C, D

In FortiSIEM, an agent's status of 'Running Inactive' indicates that the agent is installed and running but not actively sending data or has encountered a misconfiguration. The following reasons can cause this status:

1. The agent was registered incorrectly

If an agent was not registered properly, it might not establish a proper connection with the FortiSIEM system, resulting in an inactive status.

2. The agent is temporarily down

If the agent goes offline (e.g., due to system shutdown, network issues, or agent crash), it will show as inactive.

3. The template was not assigned

Agents require a template to function correctly. If no template is assigned, the agent cannot collect or process events, leading to an inactive state.

Question 3

Refer to the exhibit.

Within what time window is the incident auto cleared?

A1800 seconds

BNull

C1 day

D30 minutes

Answer : B

In the exhibit, the 'Clear If' condition does not specify a condition for auto-clearing the incident. If an incident does not have a specific clear condition, it remains active until manually resolved or cleared by another process.

Question 4

Refer to the exhibit.

Why is the windows device still in the CMDB, even though the administrator uninstalled the windows agent?

AThe device must be deleted from backend of FortiSIEM

BThe device has performance jobs assigned

CThe device was not installed properly

DThe device must be deleted manually from the CMDB

Answer : A

Question 5

Which statement accurately contrasts lookup tables with watchlists?

ALookup table values age out after a period, whereas watchlist values do not have any time condition.

BYou can populate lookup tables through an incident, whereas you cannot populate watchlists through an incident.

CLookup tables can contain multiple columns, whereas watchlists contain only a single column.

DYou can reference lookup table data in analytic queries and reports almost immediately, whereas you may have to wait up to 5-10minutes for watchlist entries to be useable in queries and reports.

Answer : C

Lookup tables and watchlists serve different purposes in Fortinet's Advanced Analytics:

Lookup tables allow for structured data storage with multiple columns, making them useful for correlating different attributes or key-value pairs.

Watchlists are simpler and contain only a single column, often used for quick reference to flagged values, such as IP addresses or user accounts.

Question 6

Refer to the exhibit.

Which devices will be added to the CMDB and mapped to Customer E?

A10.50.0.150

B10.50.0.1

C10.60.0.1

D10.50.0.149

Answer : B, D

From the exhibit, we can determine the IP range that will be added to the CMDB and mapped to Customer E.

The included IP range is 10.50.0.1 -- 10.50.0.50.

This means any device within this range (10.50.0.1 to 10.50.0.50) will be added to the CMDB.

10.50.0.1 Falls within the included range (10.50.0.1 -- 10.50.0.50) Added to CMDB.

10.50.0.149 Falls within the 10.50.0.1 -- 10.50.0.50 range Added to CMDB.

Question 7

How do customers connect to a shared multi-tenant instance on FortiSOAR?

AThe customer must install a tenant node to connect to the MSSP shared multi-tenant instance.

BThe MSSP must provide secure network connectivity between the FortiSOAR manager node and the customer devices.

CThe MSSP must install a Secure Message Exchange node to connect to the customer's shared multi-tenant instance.

DThe MSSP must install an agent node on the customer's network to connect to the customer's shared multi-tenant instance.

Answer : B

In a multi-tenant FortiSOAR deployment, a Managed Security Service Provider (MSSP) hosts a shared FortiSOAR instance that serves multiple customers. Each customer operates as a separate tenant within the instance, ensuring data isolation and security.

FortiSOAR uses secure network connectivity (VPNs, direct connections, or secure tunnels) between the MSSP's FortiSOAR manager node and the customer's devices.

The customer does not need to install additional software or tenant nodes; instead, the MSSP manages multi-tenancy at the platform level.

Fortinet FCSS - Advanced Analytics 6.7 Architect FCSS_ADA_AR-6.7 Exam Practice Test