Page: 1
/ 14
Total 34 questions
Fortinet NSE7_ADA-6.3 Fortinet NSE 7 - Advanced Analytics 6.3 Exam Practice Test
Question 1
Refer to the exhibit. Click on the calculator button.
Based on the information provided in the exhibit, calculate the unused events for the next three minutes for a 520 EPS license.
Answer : B
The unused events for the next three minutes for a 520 EPS license can be calculated by multiplying the licensed EPS by the time interval and subtracting the total number of events received in that interval. In this case, the calculation is:
520 x 180 - 27000 = 73460
Question 2
Refer to the exhibit. Click on the calculator button.
The profile database contains CPU utilization values from day one. At midnight on the second day, the CPU utilization values from the daily database will be merged with the profile database.
In the profile database, in the Hour of Day column where 9 is the value, what will be the updated minimum, maximum, and average CPU utilization values?
Answer : B
The profile database contains CPU utilization values from day one. At midnight on the second day, the CPU utilization values from the daily database will be merged with the profile database using a weighted average formula:
New value = (Old value x Old weight) + (New value x New weight) / (Old weight + New weight)
The weight is determined by the number of days in each database. In this case, the profile database has one day of data and the daily database has one day of data, so the weight is equal for both databases. Therefore, the formula simplifies to:
New value = (Old value + New value) / 2
In the profile database, in the Hour of Day column where 9 is the value, the updated minimum, maximum, and average CPU utilization values are:
Min CPU Util = (32.31 + 32.31) / 2 = 32.31 Max CPU Util = (33.50 + 33.50) / 2 = 33.50 AVG CPU Util = (32.67 + 32.67) / 2 = 32.67
Question 3
Refer to the exhibit.
The rule evaluates multiple VPN logon failures within a ten-minute window. Consider the following VPN failure events received within a ten-minute window:
How many incidents are generated?
Answer : B
The rule evaluates multiple VPN logon failures within a ten-minute window. The rule will generate an incident if there are more than three VPN logon failures from the same source IP address within a ten-minute window. Based on the VPN failure events received within a ten-minute window, there are two incidents generated:
One incident for source IP address 10.10.10.10, which has four VPN logon failures at 09:01, 09:02, 09:03, and 09:04.
One incident for source IP address 10.10.10.11, which has four VPN logon failures at 09:06, 09:07, 09:08, and 09:09.
Question 4
Refer to the exhibit.
The service provider deployed FortiSIEM without a collector and added three customers on the supervisor.
What mistake did the administrator make?
Answer : A
The mistake that the administrator made is that customer A and customer B have overlapping IP addresses. This will cause confusion and errors in event collection and correlation, as well as CMDB discovery and classification. To avoid this problem, each customer should have a unique IP address range or use NAT to translate their IP addresses.
Question 5
Which of the following are two Tactics in the MITRE ATT&CK framework? (Choose two.)
Question 6
From where does the rule engine load the baseline data values?
Answer : C
The rule engine loads the baseline data values from the profile database. The profile database contains historical data that is used for baselining calculations, such as minimum, maximum, average, standard deviation, and percentile values for various metrics.
Question 7
On which disk are the SQLite databases that are used for the baselining stored?
Answer : D
The SQLite databases that are used for the baselining are stored on Disk3 of the FortiSIEM server. Disk3 is also used for storing raw event data and CMDB data.
All Official Question Types