Fortinet FCSS_ADA_AR-6.7 Exam Practice Test Instant Access

Question 1

Which three processes are collector processes? (Choose three.)

AphParser

BphAgentManager

CphMonitorAgent

DphReportMaster

EphRuleMaster
These three processes are essential for a FortiSIEM collector, as they handle event parsing, agent communication, and system monitoring.
phParser is responsible for parsing and processing collected logs before forwarding them.
phAgentManager manages agent communication, ensuring logs are received and forwarded correctly.
phMonitorAgent monitors the health of the collector itself, reporting system status to the FortiSIEM supervisor.
phReportMaster and phRuleMaster do not run on collectors. They are supervisor/worker processes handling reporting and rule evaluation, respectively.

Answer : A, B, C

Question 2

What happens to events that the collector receives when there is a WAN link failure between the collector and the supervisor?

AEvents are buffered for up to 24 hours.

BEvents are buffered up to 10 MB before compression.

CEvents are buffered up to 10.000 logs.

DEvents are buffered up to 1 GB after compression.
When a WAN link failure occurs between the collector and the supervisor in FortiSIEM:
The collector does not discard events; instead, it buffers them until the connection is restored.
The buffering limit is up to 1 GB after compression to optimize storage and prevent data loss.
Once the WAN link is restored, buffered events are sent to the supervisor for processing.

Answer : D

Question 3

Refer to the exhibit.

Which devices will be added to the CMDB and mapped to Customer E?

A10.50.0.150

B10.50.0.1

C10.60.0.1

D10.50.0.149
From the exhibit, we can determine the IP range that will be added to the CMDB and mapped to Customer E.
The included IP range is 10.50.0.1 -- 10.50.0.50.
This means any device within this range (10.50.0.1 to 10.50.0.50) will be added to the CMDB.
10.50.0.1 Falls within the included range (10.50.0.1 -- 10.50.0.50) Added to CMDB.
10.50.0.149 Falls within the 10.50.0.1 -- 10.50.0.50 range Added to CMDB.

Answer : B, D

Question 4

Refer to the exhibit.

Which statement about the rule filters events shown in the exhibit is true?

AThe rule filters events with an event type that equals Domain Account Locked and a reporting IP that equals Domain Controller applications.

BThe rule filters events with an event type that belong to the Domain Account Locked CMDB group or a reporting IP that belong to the Domain Controller applications group.

CThe rule filters events with an event type that belong to the Domain Account Locked CMDB group and a reporting IP that belong to the Domain Controller applications group.

DThe rule filters events with an event type that belong to the Domain Account Locked CMDB group and a user that belongs to the Domain Controller applications group.
From the Filters section in the exhibit, we see:
1. Event Type IN EventTypes: Domain Account Locked
2. Reporting IP IN Applications: Domain Controller
3. Logical Operator: AND
Since both conditions must be true, the rule is effectively filtering events where:
The event type belongs to the Domain Account Locked CMDB group
The reporting IP belongs to the Domain Controller applications group

Answer : C

Question 5

How can you customize the AI model on FortiSIEM?

ARetrain the AI model

BReconfigure UEBA rules

CAdjust risk weighting for UEBA tags

DAdjust number of samples collected by the UEBA agents
FortiSIEM's User and Entity Behavior Analytics (UEBA) uses AI-driven modeling to detect anomalies and security risks based on user activity. The risk weighting for UEBA tags allows customization of the AI model by prioritizing certain behaviors or indicators over others.
Adjusting risk weightings fine-tunes how the AI model evaluates risk, helping organizations align detection sensitivity with their security policies. This provides a customized risk scoring mechanism without requiring full AI retraining.

Answer : C

Question 6

Which syntax will register a collector to the supervisor?

AphProvisionCollector -add <user><super ID><organization><collectorName>

BphProvisionCollector -add <user><collector IP><organizationid><collectorName>

CphProvisionCollector -add <user><super IP><organization><workerName>

DphProvisionCollector -add <user><collector IP><organization><superName>
The phProvisionCollector command is used to register a collector to the supervisor in FortiSIEM. The correct syntax requires:
User The admin username for authentication.
Password The password for authentication.
Super IP The IP address of the supervisor, which manages the collector.
Organization The organization to which the collector belongs.
Worker Name The name of the worker node responsible for handling events from this collector.

Answer : C

Question 7

Refer to the exhibit.

Which workers are assigned tasks for the query ID 13127? (Choose two.)

AWorker1 has no tasks for query ID 13127*.

BWorker1 has one task for query ID 13127*.

CWorker2 has two tasks for query ID 13127*.

DWorker3 has four tasks for query ID 13127*.

EWorker3 has two tasks for query ID 13127*.
The exhibit shows the directory listings for three different workers (worker1, worker2, and worker3) under the /querywkr/active/13127* path, which indicates active query tasks assigned to each worker.
1. Worker1 (worker1)
2. Worker2 (worker2)
3. Worker3 (worker3)

Answer : A, E

Fortinet FCSS_ADA_AR-6.7 FCSS - Advanced Analytics 6.7 Architect Exam Practice Test